Print Spooler Stops in Windows XP

S

Scott Hamlin

I've seen a few related posts to this situation, but haven't found a
solution. We are an educational institution and run Windows XP
Professional with all the latest Windows Updates installed (as of
October's security release). The users all login with restricted user
access. We use Zenworks 4x to push printer drivers (mostly HP
drivers), and run Novell 6 using NDPS printing.

Some of our machines encounter the print spooler stopping w/o error
messages or warning. We can start the service again but aren't sure
what's causing it. One post suggested finding the Dr. Watson log on
an offending machine and, so as to spare the newsgroup, post the log
from the latest "application exception" occurance to the end of the
log. I've done that and will post it, (I apologize for the length),
in the hopes it may help.

Any suggestions would be appreciated!

Scott

Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=1020)
When: 7/3/2003 @ 10:02:13.423
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: GX260XPTEST
User Name: Administrator
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 1 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: None
Current Type: Uniprocessor Free
Registered Organization: Southwestern Michigan College
Registered Owner: Information Technolgy

*----> Task List <----*
0 System Process
4 System
368 smss.exe
416 csrss.exe
448 winlogon.exe
492 services.exe
504 lsass.exe
660 svchost.exe
716 svchost.exe
848 svchost.exe
900 svchost.exe
952 spoolsv.exe
568 msmsgs.exe
1084 rundll32.exe
1428 mmc.exe
1344 wmiprvse.exe
1020 explorer.exe
1552 drwtsn32.exe

*----> Module List <----*
(0000000000d90000 - 0000000000dad000: C:\WINDOWS\System32\hccutils.DLL
(0000000000dc0000 - 0000000000de6000: C:\WINDOWS\System32\igfxres.dll
(0000000000e00000 - 0000000000e50000: C:\WINDOWS\System32\igfxsrvc.dll
(0000000000e60000 - 0000000000e86000: C:\WINDOWS\System32\igfxdev.dll
(0000000001000000 - 00000000010f7000: C:\WINDOWS\explorer.exe
(0000000010000000 - 0000000010037000: C:\WINDOWS\System32\igfxpph.dll
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\UxTheme.dll
(000000005b630000 - 000000005b6a0000: C:\WINDOWS\System32\themeui.dll
(0000000071950000 - 0000000071a34000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac5000: C:\WINDOWS\system32\WS2_32.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c20000 - 0000000071c6f000: C:\WINDOWS\System32\NETAPI32.dll
(0000000071d40000 - 0000000071d5b000: C:\WINDOWS\System32\actxprxy.dll
(0000000073000000 - 0000000073023000: C:\WINDOWS\System32\winspool.drv
(0000000075a70000 - 0000000075b13000: C:\WINDOWS\system32\USERENV.dll
(0000000075cf0000 - 0000000075e80000: C:\WINDOWS\system32\NETSHELL.dll
(0000000075f40000 - 0000000075f5d000: C:\WINDOWS\system32\appHelp.dll
(0000000075f80000 - 000000007607c000: C:\WINDOWS\System32\BROWSEUI.dll
(00000000762a0000 - 00000000762af000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 000000007634a000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076360000 - 000000007636f000: C:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(0000000076600000 - 000000007661b000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076620000 - 000000007666e000: C:\WINDOWS\System32\cscui.dll
(0000000076670000 - 0000000076754000: C:\WINDOWS\System32\SETUPAPI.dll
(0000000076980000 - 0000000076987000: C:\WINDOWS\System32\LINKINFO.dll
(0000000076990000 - 00000000769b4000: C:\WINDOWS\System32\ntshrui.dll
(00000000769c0000 - 0000000076b09000: C:\WINDOWS\System32\SHDOCVW.dll
(0000000076b20000 - 0000000076b35000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2d000: C:\WINDOWS\system32\credui.dll
(0000000076d30000 - 0000000076d34000: C:\WINDOWS\system32\WMI.dll
(0000000076d40000 - 0000000076d56000: C:\WINDOWS\system32\MPRAPI.dll
(0000000076d60000 - 0000000076d75000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076d80000 - 0000000076d9a000: C:\WINDOWS\system32\DHCPCSVC.DLL
(0000000076da0000 - 0000000076dd0000: C:\WINDOWS\system32\WZCSvc.DLL
(0000000076de0000 - 0000000076e06000: C:\WINDOWS\system32\netman.dll
(0000000076e10000 - 0000000076e34000: C:\WINDOWS\system32\adsldpc.dll
(0000000076e40000 - 0000000076e6f000: C:\WINDOWS\system32\ACTIVEDS.dll
(0000000076e80000 - 0000000076e8d000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea1000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076eda000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f17000: C:\WINDOWS\system32\RASAPI32.dll
(0000000076f20000 - 0000000076f45000: C:\WINDOWS\system32\DNSAPI.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\System32\Secur32.dll
(0000000076fd0000 - 0000000077048000: C:\WINDOWS\System32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772ca000: C:\WINDOWS\system32\ole32.dll
(00000000772d0000 - 0000000077333000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc4000: C:\WINDOWS\system32\SHELL32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077cb0000: C:\WINDOWS\system32\GDI32.dll
(0000000077cc0000 - 0000000077d35000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077d40000 - 0000000077dcd000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f45000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff9000: C:\WINDOWS\System32\ntdll.dll

*----> State Dump for Thread Id 0x41c <----*

eax=00000004 ebx=0006ac58 ecx=00e937a0 edx=00310001 esi=00000004
edi=00000000
eip=77c43dc0 esp=0006a8ac ebp=0006a8e0 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\msvcrt.dll -
function: msvcrt!wcslen
77c43dac 66833800 cmp word ptr [eax],0x0
77c43db0 75dd jnz msvcrt!wcscspn+0x16
(77c43d8f)
77c43db2 2b442410 sub eax,[esp+0x10]
77c43db6 5f pop edi
77c43db7 5e pop esi
77c43db8 d1f8 sar eax,1
77c43dba 5b pop ebx
77c43dbb c3 ret
msvcrt!wcslen:
77c43dbc 8b442404 mov eax,[esp+0x4]
FAULT ->77c43dc0 668b08 mov cx,[eax]
ds:0023:00000004=????
77c43dc3 40 inc eax
77c43dc4 40 inc eax
77c43dc5 6685c9 test cx,cx
77c43dc8 75f6 jnz msvcrt!wcslen+0x4 (77c43dc0)
77c43dca 2b442404 sub eax,[esp+0x4]
77c43dce d1f8 sar eax,1
77c43dd0 48 dec eax
77c43dd1 c3 ret
msvcrt!wcsncat:
77c43dd2 55 push ebp

*----> Stack Back Trace <----*
*** WARNING: Unable to verify checksum for
C:\WINDOWS\System32\igfxdev.dll
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\igfxdev.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** WARNING: Unable to verify checksum for
C:\WINDOWS\System32\igfxsrvc.dll
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\igfxsrvc.dll -
*** WARNING: Unable to verify checksum for
C:\WINDOWS\System32\igfxpph.dll
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\igfxpph.dll -
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\SHELL32.dll -
ChildEBP RetAddr Args to Child
0006a8e0 00e6720a 00000004 00000000 0006ac70 msvcrt!wcslen+0x4
0006a930 00e66e83 0006a948 00e93630 00000020 igfxdev+0x720a
0006ab60 00e618c4 00000001 800400c9 00e93630 igfxdev+0x6e83
0006ab78 00e038a2 00e936ac 00e2f9b0 00000020 igfxdev+0x18c4
0006ac38 00e12df0 00e2f9b0 00000020 0006ac58 igfxsrvc+0x38a2
0006ac78 1000fb1d 00e54608 0006ee68 1002988c
igfxsrvc!DllUnregisterServer+0x759f
0006ee8c 1000f87b 00000000 00db38bc 00db38b8 igfxpph+0xfb1d
0006eef8 10009114 00db36fc 00000001 77d4bdca igfxpph+0xf87b
0006ef28 10004988 00db36fc 00000000 00000001 igfxpph+0x9114
0006efac 7741205d 00db38b8 000500d0 00000000 igfxpph+0x4988
0006f0cc d969a300 11d0e7ff a0003ba9 19270fc9
SHELL32!DragQueryFileAorW+0x2519
00000000 00000000 00000000 00000000 00000000 0xd969a300

*----> Raw Stack Dump <----*
000000000006a8ac 90 16 12 77 04 00 00 00 - a0 37 e9 00 0e 3d e6 00
....w.....7...=..
000000000006a8bc 04 00 00 00 38 a9 06 00 - 53 73 e6 00 04 00 00 00
.....8...Ss......
000000000006a8cc 48 a9 06 00 a0 37 e9 00 - 24 a9 06 00 5e 75 e7 00
H....7..$...^u..
000000000006a8dc 00 00 00 00 30 a9 06 00 - 0a 72 e6 00 04 00 00 00
.....0....r......
000000000006a8ec 00 00 00 00 70 ac 06 00 - 58 ac 06 00 01 ac 06 00
.....p...X.......
000000000006a8fc 58 ac 06 00 06 00 00 00 - 04 00 00 00 04 00 00 00
X...............
000000000006a90c 14 03 00 00 80 ee 06 00 - b0 77 e7 00 ff ff ff ff
..........w......
000000000006a91c 30 36 e9 00 d0 71 e6 00 - 80 ee 06 00 48 75 e7 00
06...q......Hu..
000000000006a92c ff ff ff ff 60 ab 06 00 - 83 6e e6 00 48 a9 06 00
.....`....n..H...
000000000006a93c 30 36 e9 00 20 00 00 00 - 58 ac 06 00 71 16 f5 77
06.. ...X...q..w
000000000006a94c d8 07 e9 00 8d 16 f5 77 - a4 f8 e7 00 f0 37 e9 00
........w.....7..
000000000006a95c a4 f8 e7 00 01 00 39 00 - 7d 00 5c 00 30 00 30 00
.......9.}.\.0.0.
000000000006a96c 30 00 30 00 00 00 00 00 - 00 00 00 00 00 00 00 00
0.0.............
000000000006a97c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000006a98c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000006a99c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 e9 00
.................
000000000006a9ac 00 00 00 00 00 01 01 00 - 00 00 00 00 64 aa 06 00
.............d...
000000000006a9bc 1c 68 e6 00 00 00 00 00 - 03 00 00 00 84 aa 06 00
..h..............
000000000006a9cc 00 00 00 00 94 00 00 00 - 05 00 00 00 01 00 00 00
.................
000000000006a9dc 07 00 00 00 38 00 00 00 - 00 00 00 00 00 00 00 00
.....8...........

*----> State Dump for Thread Id 0x414 <----*

eax=77cc165a ebx=000de588 ecx=77f516f5 edx=00000000 esi=00000100
edi=00000000
eip=7ffe0304 esp=009bfe28 ebp=009bff90 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\GDI32.dll -
ChildEBP RetAddr Args to Child
009bfe24 77f7efff 77cc1ac9 0000012c 009bff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
009bff90 77cc167e 77cc1505 00083080 77cebee0
ntdll!NtReplyWaitReceivePortEx+0xc
00098680 ffffffff 0000013c 00000140 00000000 RPCRT4+0x167e
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
00000000009bfe28 ff ef f7 77 c9 1a cc 77 - 2c 01 00 00 80 ff 9b 00
....w...w,.......
00000000009bfe38 00 00 00 00 88 e5 0d 00 - 60 ff 9b 00 40 00 00 00
.........`...@...
00000000009bfe48 80 d7 ba ff d0 b7 36 e1 - 8f 01 00 00 8e 01 00 00
.......6.........
00000000009bfe58 64 63 b4 80 9c d7 ba ff - d0 45 25 e1 0f 00 00 00
dc.......E%.....
00000000009bfe68 88 0b 75 f8 00 00 00 00 - 10 00 00 00 05 00 00 00
...u.............
00000000009bfe78 00 0e 57 80 00 00 00 00 - 03 00 00 00 a8 a7 57 ff
...W...........W.
00000000009bfe88 37 fc 56 80 05 00 00 00 - 05 00 00 00 20 2c 71 e1
7.V......... ,q.
00000000009bfe98 58 99 01 e1 02 00 00 00 - fe ff f8 00 b8 8e 36 e1
X.............6.
00000000009bfea8 20 2c 71 e1 c8 08 57 00 - 00 00 00 00 00 00 00 00
,q...W.........
00000000009bfeb8 5c 00 52 00 ff ff ff ff - 2c 0c 75 f8 9c 06 57 80
\.R.....,.u...W.
00000000009bfec8 49 03 00 00 34 00 00 c0 - 80 d7 ba ff 28 71 00 e1
I...4.......(q..
00000000009bfed8 24 d8 ba ff 6c 0c 75 f8 - 28 71 00 e1 78 3e 99 80
$...l.u.(q..x>..
00000000009bfee8 56 20 4e 80 0c 0c 75 f8 - 04 00 00 00 00 00 00 00 V
N...u.........
00000000009bfef8 78 3e 99 80 e4 e6 a5 80 - ff ff ff ff 46 02 00 00
x>..........F...
00000000009bff08 8b ff 4e 80 34 0c 75 f8 - 20 70 ba ff 20 f1 df ff
...N.4.u. p.. ...
00000000009bff18 bc 71 ba ff 32 a7 4e 80 - 90 70 ba ff 20 70 ba ff
..q..2.N..p.. p..
00000000009bff28 a3 a5 4e 80 20 70 ba ff - 95 f2 57 80 08 9b b2 ff
...N. p....W.....
00000000009bff38 20 70 ba ff 00 d0 fd 7f - 54 1a cc 77 60 ff 9b 00
p......T..w`...
00000000009bff48 6f 1a cc 77 d0 d5 08 00 - b8 7c 09 00 80 86 09 00
o..w.....|......
00000000009bff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x430 <----*

eax=004714b8 ebx=77d45e37 ecx=002809a8 edx=00000000 esi=0103e0f8
edi=00000000
eip=7ffe0304 esp=009fff18 ebp=009fff48 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\explorer.exe
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
009fff14 77d43fbe 01001aa5 00000000 0103e0f8 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
009fff48 0100eb26 00000000 772d9d72 0103e0f8 USER32!WaitMessage+0xc
009fffb4 77e802ed 00000000 00000000 00000004 explorer+0xeb26
009fffec 00000000 772d9d05 0006fedc 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
00000000009fff18 be 3f d4 77 a5 1a 00 01 - 00 00 00 00 f8 e0 03 01
..?.w............
00000000009fff28 00 00 00 00 f4 00 02 00 - 2a c0 00 00 02 00 00 00
.........*.......
00000000009fff38 e8 00 02 00 1a 6b 1b 00 - e1 01 00 00 48 01 00 00
......k......H...
00000000009fff48 b4 ff 9f 00 26 eb 00 01 - 00 00 00 00 72 9d 2d 77
.....&.......r.-w
00000000009fff58 f8 e0 03 01 00 00 00 00 - 04 00 00 00 dc fe 06 00
.................
00000000009fff68 01 eb 00 01 5c fb 00 01 - 44 01 00 00 f8 e0 03 01
.....\...D.......
00000000009fff78 08 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000009fff88 00 00 00 00 01 28 5a ff - 08 9b b2 ff d4 53 4f 80
......(Z......SO.
00000000009fff98 00 00 00 00 00 00 00 00 - 00 00 00 00 d7 53 4f 80
..............SO.
00000000009fffa8 00 00 00 00 43 6d 6b 80 - 6f ef f7 77 ec ff 9f 00
.....Cmk.o..w....
00000000009fffb8 ed 02 e8 77 00 00 00 00 - 00 00 00 00 04 00 00 00
....w............
00000000009fffc8 dc fe 06 00 07 00 00 00 - 00 c0 fd 7f c0 ff 9f 00
.................
00000000009fffd8 07 00 00 00 ff ff ff ff - 86 bb e9 77 80 5b e9 77
............w.[.w
00000000009fffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 05 9d 2d 77
...............-w
00000000009ffff8 dc fe 06 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a00008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a00018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a00028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a00038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a00048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x434 <----*

eax=77f5c55e ebx=00000000 ecx=77f51220 edx=00000000 esi=772d3960
edi=77e73193
eip=7ffe0304 esp=00a3ff9c ebp=00a3ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00a3ff98 77f7e76f 77f5c5a3 00000001 00a3ffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00a3ffb4 77e802ed 00000000 77e73193 772d3960
ntdll!NtDelayExecution+0xc
00a3ffec 00000000 77f5c55e 00000000 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
0000000000a3ff9c 6f e7 f7 77 a3 c5 f5 77 - 01 00 00 00 ac ff a3 00
o..w...w........
0000000000a3ffac 00 00 00 00 00 00 00 80 - ec ff a3 00 ed 02 e8 77
................w
0000000000a3ffbc 00 00 00 00 93 31 e7 77 - 60 39 2d 77 00 00 00 00
......1.w`9-w....
0000000000a3ffcc 00 00 00 00 00 b0 fd 7f - c0 ff a3 00 07 00 00 00
.................
0000000000a3ffdc ff ff ff ff 86 bb e9 77 - 80 5b e9 77 00 00 00 00
........w.[.w....
0000000000a3ffec 00 00 00 00 00 00 00 00 - 5e c5 f5 77 00 00 00 00
.........^..w....
0000000000a3fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a4009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a400ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a400bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a400cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x428 <----*

eax=008232d8 ebx=00000000 ecx=00820218 edx=00000000 esi=77fc51c0
edi=77fc51e0
eip=7ffe0304 esp=00a7ff70 ebp=00a7ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00a7ff6c 77f7ef9f 77f51d4f 0000016c 00a7ffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00a7ffb4 77e802ed 00000000 00000020 00000010
ntdll!ZwRemoveIoCompletion+0xc
00a7ffec 00000000 77f51d14 00000000 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
0000000000a7ff70 9f ef f7 77 4f 1d f5 77 - 6c 01 00 00 ac ff a7 00
....wO..wl.......
0000000000a7ff80 b0 ff a7 00 98 ff a7 00 - a0 ff a7 00 20 00 00 00
............. ...
0000000000a7ff90 10 00 00 00 00 00 00 00 - 00 00 00 00 c0 2d 0c 00
..............-..
0000000000a7ffa0 00 7c 28 e8 ff ff ff ff - a8 5c 96 f8 a5 c2 f5 77
..|(......\.....w
0000000000a7ffb0 98 ae 0b 00 ec ff a7 00 - ed 02 e8 77 00 00 00 00
............w....
0000000000a7ffc0 20 00 00 00 10 00 00 00 - 00 00 00 00 06 00 00 00
................
0000000000a7ffd0 00 a0 fd 7f c0 ff a7 00 - 07 00 00 00 ff ff ff ff
.................
0000000000a7ffe0 86 bb e9 77 80 5b e9 77 - 00 00 00 00 00 00 00 00
....w.[.w........
0000000000a7fff0 00 00 00 00 14 1d f5 77 - 00 00 00 00 00 00 00 00
........w........
0000000000a80000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a80090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a800a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x524 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000
edi=00000001
eip=7ffe0304 esp=00abfcec ebp=00abffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00abfce8 77f7f49f 77f63e7c 00000002 00abfd30 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00abffb4 77e802ed 00000000 00000020 00000020
ntdll!ZwWaitForMultipleObjects+0xc
00abffec 00000000 77f63d47 00000000 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
0000000000abfcec 9f f4 f7 77 7c 3e f6 77 - 02 00 00 00 30 fd ab 00
....w|>.w....0...
0000000000abfcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00
............. ...
0000000000abfd0c 20 00 00 00 00 00 00 00 - 78 69 fc 77 78 69 fc 77
........xi.wxi.w
0000000000abfd1c 74 01 00 00 24 05 00 00 - 02 00 00 00 02 00 00 00
t...$...........
0000000000abfd2c 01 00 00 00 70 01 00 00 - 58 01 00 00 00 00 00 00
.....p...X.......
0000000000abfd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x4f8 <----*

eax=771debfc ebx=00007530 ecx=00aff2f4 edx=00000000 esi=00000000
edi=00b3ff60
eip=7ffe0304 esp=00b3ff20 ebp=00b3ff78 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00b3ff1c 77f7e76f 77e775b7 00000000 00b3ff44 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00b3ff78 77e61bf1 0000ea60 00000000 771c987b
ntdll!NtDelayExecution+0xc
00000000 00000000 00000000 00000000 00000000 kernel32!Sleep+0xb

*----> Raw Stack Dump <----*
0000000000b3ff20 6f e7 f7 77 b7 75 e7 77 - 00 00 00 00 44 ff b3 00
o..w.u.w....D...
0000000000b3ff30 00 78 e7 77 f8 41 2b 77 - 30 75 00 00 00 00 00 00
..x.w.A+w0u......
0000000000b3ff40 44 ff b3 00 00 ba 3c dc - ff ff ff ff 14 00 00 00
D.....<.........
0000000000b3ff50 01 00 00 00 78 2c 0a 00 - 00 00 00 00 00 00 00 00
.....x,..........
0000000000b3ff60 30 ff b3 00 12 00 14 00 - dc ff b3 00 86 bb e9 77
0..............w
0000000000b3ff70 30 21 e8 77 00 00 00 00 - 00 00 00 00 f1 1b e6 77
0!.w...........w
0000000000b3ff80 60 ea 00 00 00 00 00 00 - 7b 98 1c 77 60 ea 00 00
`.......{..w`...
0000000000b3ff90 48 2c 0a 00 b7 eb 1d 77 - 00 00 00 00 00 00 1b 77
H,.....w.......w
0000000000b3ffa0 48 2c 0a 00 48 2c 0a 00 - ec ff b3 00 16 ec 1d 77
H,..H,.........w
0000000000b3ffb0 f8 1a f5 77 00 00 cc 77 - ed 02 e8 77 48 2c 0a 00
....w...w...wH,..
0000000000b3ffc0 f8 1a f5 77 00 00 cc 77 - 48 2c 0a 00 94 52 73 4e
....w...wH,...RsN
0000000000b3ffd0 00 70 fd 7f c0 ff b3 00 - 07 00 00 00 ff ff ff ff
..p..............
0000000000b3ffe0 86 bb e9 77 80 5b e9 77 - 00 00 00 00 00 00 00 00
....w.[.w........
0000000000b3fff0 00 00 00 00 fc eb 1d 77 - 48 2c 0a 00 00 00 00 00
........wH,......
0000000000b40000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b40010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b40020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b40030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b40040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b40050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x440 <----*

eax=000d4000 ebx=00affd78 ecx=00afef6c edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=00affd30 ebp=00affdcc iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00affd2c 77f7f49f 77e74bd8 00000007 00affd78 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00affdcc 77d46db9 00000007 00affdf4 00000000
ntdll!ZwWaitForMultipleObjects+0xc
00affe28 7741531e 00000006 00affe50 ffffffff
USER32!UserLpkPSMTextOut+0x15c
00afff4c 7740cb79 772d9d72 00000000 77f516b3
SHELL32!ExtractIconExW+0x6f
00afffb4 77e802ed 00000000 77f516b3 000a00d8 SHELL32!Ordinal181+0x61e
00afffec 00000000 772d9d05 009ff5ec 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
0000000000affd30 9f f4 f7 77 d8 4b e7 77 - 07 00 00 00 78 fd af 00
....w.K.w....x...
0000000000affd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000affd50 07 00 00 00 02 00 00 00 - 7f 58 d4 77 a4 58 d4 77
..........X.w.X.w
0000000000affd60 00 00 00 00 8e c0 00 00 - 00 00 00 00 07 00 00 00
.................
0000000000affd70 00 f0 fd 7f 00 80 fd 7f - 54 02 00 00 3c 02 00 00
.........T...<...
0000000000affd80 34 02 00 00 90 01 00 00 - ac 01 00 00 b4 01 00 00
4...............
0000000000affd90 88 01 00 00 8e c0 00 00 - 78 fd af 00 00 00 00 00
.........x.......
0000000000affda0 14 00 00 00 01 00 00 00 - 40 7b 0a 00 00 00 00 00
.........@{......
0000000000affdb0 00 00 00 00 4c fd af 00 - 00 00 00 00 dc ff af 00
.....L...........
0000000000affdc0 86 bb e9 77 80 19 e8 77 - 00 00 00 00 28 fe af 00
....w...w....(...
0000000000affdd0 b9 6d d4 77 07 00 00 00 - f4 fd af 00 00 00 00 00
..m.w............
0000000000affde0 ff ff ff ff 01 00 00 00 - 58 46 0a 00 06 00 00 00
.........XF......
0000000000affdf0 00 00 00 00 54 02 00 00 - 3c 02 00 00 34 02 00 00
.....T...<...4...
0000000000affe00 90 01 00 00 ac 01 00 00 - b4 01 00 00 88 01 00 00
.................
0000000000affe10 00 00 00 00 34 fe af 00 - 00 00 00 00 01 00 00 00
.....4...........
0000000000affe20 00 80 fd 7f 88 01 00 00 - 4c ff af 00 1e 53 41 77
.........L....SAw
0000000000affe30 06 00 00 00 50 fe af 00 - ff ff ff ff ff 04 00 00
.....P...........
0000000000affe40 f4 fd af 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000affe50 54 02 00 00 3c 02 00 00 - 34 02 00 00 90 01 00 00
T...<...4.......
0000000000affe60 ac 01 00 00 b4 01 00 00 - 00 00 3f 77 20 00 00 00
...........?w ...

*----> State Dump for Thread Id 0x620 <----*

eax=00c4fedc ebx=00000000 ecx=0103eac0 edx=00000000 esi=77fc51c0
edi=77fc51e0
eip=7ffe0304 esp=00c4ff70 ebp=00c4ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00c4ff6c 77f7ef9f 77f51d4f 0000016c 00c4ffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00c4ffb4 77e802ed 00000000 00000000 00000000
ntdll!ZwRemoveIoCompletion+0xc
00c4ffec 00000000 77f51d14 00000000 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
0000000000c4ff70 9f ef f7 77 4f 1d f5 77 - 6c 01 00 00 ac ff c4 00
....wO..wl.......
0000000000c4ff80 b0 ff c4 00 98 ff c4 00 - a0 ff c4 00 00 00 00 00
.................
0000000000c4ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 d0 1b 0c 00
.................
0000000000c4ffa0 00 7c 28 e8 ff ff ff ff - a8 dc 93 f8 a5 c2 f5 77
..|(............w
0000000000c4ffb0 50 4d 0d 00 ec ff c4 00 - ed 02 e8 77 00 00 00 00
PM.........w....
0000000000c4ffc0 00 00 00 00 00 00 00 00 - 00 00 00 00 06 00 00 00
.................
0000000000c4ffd0 00 60 fd 7f c0 ff c4 00 - 07 00 00 00 ff ff ff ff
..`..............
0000000000c4ffe0 86 bb e9 77 80 5b e9 77 - 00 00 00 00 00 00 00 00
....w.[.w........
0000000000c4fff0 00 00 00 00 14 1d f5 77 - 00 00 00 00 00 00 00 00
........w........
0000000000c50000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c50090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c500a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x5e4 <----*

eax=77f51d14 ebx=00000000 ecx=00000000 edx=00000000 esi=77fc51c0
edi=77fc51e0
eip=7ffe0304 esp=00c8ff70 ebp=00c8ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00c8ff6c 77f7ef9f 77f51d4f 0000016c 00c8ffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00c8ffb4 77e802ed 00000000 00000000 00000000
ntdll!ZwRemoveIoCompletion+0xc
00c8ffec 00000000 77f51d14 00000000 00000000
kernel32!OpenConsoleW+0xb8

*----> Raw Stack Dump <----*
0000000000c8ff70 9f ef f7 77 4f 1d f5 77 - 6c 01 00 00 ac ff c8 00
....wO..wl.......
0000000000c8ff80 b0 ff c8 00 98 ff c8 00 - a0 ff c8 00 00 00 00 00
.................
0000000000c8ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c8ffa0 00 7c 28 e8 ff ff ff ff - a8 dc 93 f8 43 6d 6b 80
..|(.........Cmk.
0000000000c8ffb0 6f ef f7 77 ec ff c8 00 - ed 02 e8 77 00 00 00 00
o..w.......w....
0000000000c8ffc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c8ffd0 00 50 fd 7f c0 ff c8 00 - 07 00 00 00 ff ff ff ff
..P..............
0000000000c8ffe0 86 bb e9 77 80 5b e9 77 - 00 00 00 00 00 00 00 00
....w.[.w........
0000000000c8fff0 00 00 00 00 14 1d f5 77 - 00 00 00 00 00 00 00 00
........w........
0000000000c90000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 10 00 00
.................
0000000000c90010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00
.............. ..
0000000000c90020 00 02 00 00 00 20 00 00 - 1e 14 00 00 ff ef fd 7f
...... ..........
0000000000c90030 07 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c90040 00 00 00 00 98 05 c9 00 - 0f 00 00 00 f8 ff ff ff
.................
0000000000c90050 50 00 c9 00 50 00 c9 00 - 40 06 c9 00 00 00 00 00
P...P...@.......
0000000000c90060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c90070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c90080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c90090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000c900a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x580 <----*

eax=77cc165a ebx=000c9f28 ecx=77120000 edx=00000000 esi=00000100
edi=00000000
eip=7ffe0304 esp=00d7fe28 ebp=00d7ff90 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 90 nop
7ffe0315 9c pushfd
7ffe0316 810c2400010000 or dword ptr [esp],0x100

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00d7fe24 77f7efff 77cc1ac9 0000012c 00d7ff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00d7ff90 77cc167e 77cc1505 00083080 00000000
ntdll!NtReplyWaitReceivePortEx+0xc
000dc4d8 ffffffff 000002d8 000002d4 00000000 RPCRT4+0x167e
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000d7fe28 ff ef f7 77 c9 1a cc 77 - 2c 01 00 00 80 ff d7 00
....w...w,.......
0000000000d7fe38 00 00 00 00 28 9f 0c 00 - 60 ff d7 00 15 01 f4 00
.....(...`.......
0000000000d7fe48 8a 15 8e 1d 92 21 54 0d - cc 10 29 25 ff 7f ff 7f
......!T...)%....
0000000000d7fe58 ff 7f ff 7f 9c 26 ff 2e - ff 2e ff 2e 57 01 98 01
......&......W...
0000000000d7fe68 99 01 99 01 99 01 ba 01 - 03 02 00 02 00 02 e0 01
.................
0000000000d7fe78 e0 01 ca 01 99 01 99 01 - 98 01 57 01 36 01 51 01
...........W.6.Q.
0000000000d7fe88 86 0d 8a 15 8e 1d 92 21 - ce 08 29 25 ff 7f ff 7f
........!..)%....
0000000000d7fe98 ff 7f ff 7f 9b 26 5c 1a - 1f 37 1f 37 1b 12 99 01
......&\..7.7....
0000000000d7fea8 ba 01 db 01 db 01 fc 01 - 12 02 00 02 00 02 05 02
.................
0000000000d7feb8 fc 01 db 01 db 01 ba 01 - 99 01 a6 01 8b 01 84 01
.................
0000000000d7fec8 82 05 86 0d 8a 15 8e 1d - f1 04 29 25 ff 7f ff 7f
...........)%....
0000000000d7fed8 ff 7f ff 7f 5b 1e 98 01 - fe 32 3f 3b 1f 37 ba 01
.....[....2?;.7..
0000000000d7fee8 db 01 fc 01 1c 02 30 02 - 36 02 49 02 2e 02 1d 02
.......0.6.I.....
0000000000d7fef8 1c 02 1c 02 fc 01 db 01 - e5 01 c0 01 a0 01 80 01
.................
0000000000d7ff08 80 01 82 05 86 0d 8c 15 - 12 05 29 25 ff 7f ff 7f
...........)%....
0000000000d7ff18 ff 7f ff 7f 1b 0a 78 01 - a4 e5 56 ff 6f a4 4e 80
.......x...V.o.N.
0000000000d7ff28 77 a4 4e 80 08 e4 56 ff - 95 f2 57 80 08 9b b2 ff
w.N...V...W.....
0000000000d7ff38 08 e4 56 ff 00 40 fd 7f - 54 1a cc 77 60 ff d7 00
[email protected]`...
0000000000d7ff48 6f 1a cc 77 d0 d5 08 00 - b0 c4 0d 00 d8 c4 0d 00
o..w............
0000000000d7ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......



Application exception occurred:
App: \??\C:\WINDOWS\system32\winlogon.exe (pid=644)
When: 10/21/2003 @ 15:22:38.375
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: NILE0120ZD08
User Name: SYSTEM
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 1 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Uniprocessor Free
Registered Organization: Southwestern Michigan College
Registered Owner: Information Technology

*----> Task List <----*
0 System Process
4 System
408 smss.exe
620 csrss.exe
644 winlogon.exe
696 services.exe
708 lsass.exe
892 svchost.exe
992 svchost.exe
1168 svchost.exe
1232 svchost.exe
1344 spoolsv.exe
1524 cusrvc.exe
1544 DefWatch.exe
1580 Iap.exe
1604 mdm.exe
1624 nalntsrv.exe
1708 Rtvscan.exe
1720 tsamain.exe
1744 WolSerNT.exe
1788 ZenRem32.exe
1920 winvnc.exe
1960 wm.exe
1072 wmiprvse.exe
1612 WMRUNDLL.EXE
2452 drwtsn32.exe

*----> Module List <----*
(0000000000dc0000 - 0000000000ddd000: C:\Program
Files\Novell\ZENworks\ZenPol32.dll
(0000000000df0000 - 0000000000df7000: C:\Program
Files\Novell\ZENworks\WMNTAPI.DLL
(0000000000e00000 - 0000000000e1b000:
C:\WINDOWS\System32\NLS\ENGLISH\MAPBASER.DLL
(0000000000e20000 - 0000000000e3d000:
C:\WINDOWS\System32\NLS\ENGLISH\NWSHLXNR.DLL
(0000000000fe0000 - 0000000000ffd000: C:\WINDOWS\System32\NRDWIN32.dll
(0000000001000000 - 0000000001083000:
\??\C:\WINDOWS\system32\winlogon.exe
(0000000001380000 - 00000000013f2000:
C:\WINDOWS\System32\NLS\ENGLISH\NOVNPNTR.DLL
(0000000001460000 - 0000000001469000: C:\WINDOWS\System32\LgnCLW32.DLL
(0000000001670000 - 000000000168b000: C:\Program
Files\Novell\ZENworks\ZENNW32.DLL
(0000000001690000 - 0000000001697000: C:\WINDOWS\System32\DPLGNW32.DLL
(00000000016a0000 - 00000000016a6000:
C:\WINDOWS\System32\Novell\nlscmnt.dll
(0000000001700000 - 0000000001709000: C:\WINDOWS\System32\RCUAGENT.DLL
(0000000001780000 - 0000000001791000: C:\WINDOWS\System32\LGNCON32.DLL
(00000000017b0000 - 00000000017b3000:
C:\WINDOWS\System32\NLS\ENGLISH\LGNCNR32.DLL
(00000000017c0000 - 00000000017c6000:
C:\WINDOWS\System32\Novell\nioctl.dll
(0000000001ca0000 - 0000000001d0d000: C:\WINDOWS\System32\DSCQRY32.DLL
(0000000001d10000 - 0000000001d3a000:
C:\WINDOWS\SYSTEM32\NLS\ENGLISH\LOGINW32.RLL
(0000000002480000 - 000000000248f000: C:\WINDOWS\System32\AXNMAS~1.OCX
(0000000002490000 - 00000000024a6000: C:\WINDOWS\System32\AXNMAS~2.OCX
(000000000ffd0000 - 000000000fff3000: C:\WINDOWS\System32\rsaenh.dll
(0000000010000000 - 00000000100f0000: C:\Program
Files\Novell\ZENworks\ZENLITE.DLL
(000000001f7b0000 - 000000001f7e1000: C:\WINDOWS\System32\ODBC32.dll
(000000001f850000 - 000000001f866000: C:\WINDOWS\System32\odbcint.dll
(0000000020000000 - 000000002000f000: C:\WINDOWS\System32\xmlparse.dll
(0000000050d00000 - 0000000050d15000: C:\WINDOWS\System32\CLNWIN32.DLL
(0000000050d20000 - 0000000050d48000: C:\WINDOWS\System32\CALWIN32.DLL
(0000000050d50000 - 0000000050d97000: C:\WINDOWS\System32\NETWIN32.DLL
(0000000050da0000 - 0000000050dab000: C:\WINDOWS\System32\CLXWIN32.DLL
(0000000050db0000 - 0000000050dd9000: C:\WINDOWS\System32\NCPWIN32.dll
(0000000050df0000 - 0000000050e10000: C:\WINDOWS\System32\LOCWIN32.DLL
(0000000051690000 - 000000005169c000: C:\WINDOWS\System32\NavLogon.dll
(0000000058200000 - 00000000582c7000: C:\WINDOWS\System32\NOVNPNT.DLL
(0000000058300000 - 0000000058338000: C:\WINDOWS\System32\MAPBASE.dll
(0000000058380000 - 00000000583bd000: C:\WINDOWS\System32\NWSHLXNT.dll
(0000000058d00000 - 0000000058d0b000: C:\WINDOWS\System32\axprf.ocx
(0000000058e00000 - 0000000058e69000: C:\WINDOWS\System32\LOGINW32.DLL
(0000000058f00000 - 0000000058f3b000: C:\WINDOWS\System32\LGNWNT32.DLL
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\uxtheme.dll
(000000005cf10000 - 000000005cf18000: C:\WINDOWS\system32\sclgntfy.dll
(000000005edd0000 - 000000005edea000: C:\WINDOWS\System32\OLEPRO32.DLL
(000000006a200000 - 000000006a23b000: C:\WINDOWS\System32\NWGina.DLL
(000000006a400000 - 000000006a43e000:
C:\WINDOWS\System32\NLS\english\NWGINAR.DLL
(000000006ba00000 - 000000006ba05000: C:\Program
Files\Novell\ZENworks\WMSCHAPI.dll
(000000006c200000 - 000000006c214000: C:\Program
Files\Novell\ZENworks\WMPM.DLL
(0000000070a70000 - 0000000070ad4000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac5000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad8000: C:\WINDOWS\System32\WSOCK32.dll
(0000000071b20000 - 0000000071b31000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1d000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\system32\NETAPI32.dll
(0000000071c80000 - 0000000071c86000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071ccc000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce6000: C:\WINDOWS\System32\NETUI0.dll
(00000000723d0000 - 00000000723ea000: C:\WINDOWS\System32\WINSCARD.DLL
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\System32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\System32\wdmaud.drv
(0000000073000000 - 0000000073023000: C:\WINDOWS\System32\WINSPOOL.DRV
(0000000073d50000 - 0000000073d60000: C:\WINDOWS\system32\cryptnet.dll
(0000000073dd0000 - 0000000073ec2000: C:\WINDOWS\System32\MFC42.DLL
(0000000074ed0000 - 0000000074edf000:
C:\WINDOWS\System32\wbem\wbemsvc.dll
(0000000074ef0000 - 0000000074efa000:
C:\WINDOWS\System32\wbem\wbemprox.dll
(0000000075290000 - 00000000752c8000:
C:\WINDOWS\System32\wbem\wbemcomn.dll
(0000000075690000 - 000000007571d000:
C:\WINDOWS\System32\wbem\fastprox.dll
(0000000075930000 - 000000007593a000: C:\WINDOWS\system32\PROFMAP.dll
(0000000075940000 - 0000000075947000: C:\WINDOWS\system32\NDdeApi.dll
(0000000075950000 - 0000000075969000: C:\WINDOWS\system32\WlNotify.dll
(0000000075970000 - 0000000075a61000: C:\WINDOWS\System32\MSGINA.dll
(0000000075a70000 - 0000000075b15000: C:\WINDOWS\system32\USERENV.dll
(0000000075e90000 - 0000000075f37000: C:\WINDOWS\System32\sxs.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\Apphelp.dll
(0000000075f60000 - 0000000075f66000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(0000000076200000 - 0000000076298000: C:\WINDOWS\system32\WININET.dll
(00000000762a0000 - 00000000762af000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 0000000076348000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076360000 - 000000007636f000: C:\WINDOWS\system32\WINSTA.dll
(00000000763b0000 - 00000000763f5000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661b000: C:\WINDOWS\system32\cscdll.dll
(0000000076670000 - 0000000076757000: C:\WINDOWS\system32\SETUPAPI.dll
(00000000767a0000 - 00000000767b3000: C:\WINDOWS\System32\NTDSAPI.dll
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\System32\WINMM.dll
(0000000076b70000 - 0000000076bad000: C:\WINDOWS\System32\ES.DLL
(0000000076bb0000 - 0000000076bb4000: C:\WINDOWS\system32\sfc.dll
(0000000076bc0000 - 0000000076bce000: C:\WINDOWS\system32\REGAPI.dll
(0000000076bd0000 - 0000000076bef000: C:\WINDOWS\System32\SHSVCS.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076c30000 - 0000000076c5b000: C:\WINDOWS\System32\WINTRUST.dll
(0000000076c60000 - 0000000076c89000: C:\WINDOWS\System32\sfc_os.dll
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076cc0000 - 0000000076cd0000: C:\WINDOWS\system32\AUTHZ.dll
(0000000076ce0000 - 0000000076cff000: C:\WINDOWS\System32\NTMARTA.DLL
(0000000076d10000 - 0000000076d2d000: C:\WINDOWS\system32\msv1_0.dll
(0000000076d60000 - 0000000076d77000: C:\WINDOWS\System32\iphlpapi.dll
(0000000076e80000 - 0000000076e8d000: C:\WINDOWS\System32\rtutils.dll
(0000000076e90000 - 0000000076ea1000: C:\WINDOWS\System32\rasman.dll
(0000000076eb0000 - 0000000076edb000: C:\WINDOWS\System32\TAPI32.dll
(0000000076ee0000 - 0000000076f17000: C:\WINDOWS\System32\RASAPI32.dll
(0000000076f20000 - 0000000076f45000: C:\WINDOWS\System32\DNSAPI.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\wldap32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\system32\Secur32.dll
(0000000076fd0000 - 0000000077048000: C:\WINDOWS\System32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772c7000: C:\WINDOWS\system32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\COMCTL32.dll
(00000000773d0000 - 0000000077bc2000: C:\WINDOWS\system32\SHELL32.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\System32\midimap.dll
(0000000077be0000 - 0000000077bf4000: C:\WINDOWS\System32\MSACM32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077cb0000: C:\WINDOWS\system32\GDI32.dll
(0000000077d40000 - 0000000077dc6000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 000000007807e000: C:\WINDOWS\system32\RPCRT4.dll

*----> State Dump for Thread Id 0x288 <----*

eax=58f34210 ebx=00000006 ecx=233e0001 edx=00000000 esi=00000000
edi=00000ac8
eip=7ffe0304 esp=0006d24c ebp=024dee04 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\ntdll.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0006d248 77f5b984 50d01116 00000764 00000ac8 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
024dee04 00060009 000d0101 00ca6838 0000002e ntdll!ZwFsControlFile+0xc
00000000 00000000 00000000 00000000 00000000 0x60009

*----> Raw Stack Dump <----*
000000000006d24c 84 b9 f5 77 16 11 d0 50 - 64 07 00 00 c8 0a 00 00
....w...Pd.......
000000000006d25c 00 00 00 00 00 00 00 00 - 88 d2 06 00 47 38 14 00
.............G8..
000000000006d26c c0 d2 06 00 10 00 00 00 - c0 d2 06 00 10 00 00 00
.................
000000000006d27c cc d3 06 00 00 00 00 00 - 06 00 00 00 cc d3 06 00
.................
000000000006d28c 00 00 00 00 06 00 00 00 - ee 1a d0 50 47 38 14 00
............PG8..
000000000006d29c c0 d2 06 00 10 00 00 00 - c0 d2 06 00 10 00 00 00
.................
000000000006d2ac 00 00 00 00 68 bf 00 00 - 09 00 00 00 06 00 00 00
.....h...........
000000000006d2bc ec 90 ca 00 a8 3a c7 00 - 0a 00 00 00 b4 d2 06 00
......:..........
000000000006d2cc 58 00 00 00 01 00 00 00 - 0b 00 00 00 0b 00 00 00
X...............
000000000006d2dc a8 3a c7 00 00 00 00 00 - 00 00 00 00 72 d7 d7 50
..:..........r..P
000000000006d2ec 14 d3 06 00 0a 00 00 00 - 04 d3 06 00 cc d3 06 00
.................
000000000006d2fc 09 00 00 00 00 00 00 00 - 09 00 00 00 06 00 00 00
.................
000000000006d30c 06 00 00 00 ec 90 ca 00 - 01 00 00 00 0a 00 00 00
.................
000000000006d31c 0b 00 00 00 a0 d4 d8 50 - 00 00 00 00 00 00 00 00
........P........
000000000006d32c ac 3e d7 50 e0 90 ca 00 - 0a 00 00 00 cc d3 06 00
..>.P............
000000000006d33c 06 00 00 00 34 d5 06 00 - 01 00 00 00 f0 ff e7 01
.....4...........
000000000006d34c 09 00 00 00 e0 ed 4d 02 - 18 07 4e 02 01 00 00 00
.......M...N.....
000000000006d35c 0c 00 00 00 e0 90 ca 00 - 0a 00 00 00 49 00 00 00
.............I...
000000000006d36c 01 00 00 00 01 00 00 00 - 4e 65 74 77 6f 72 6b 20
.........Network
000000000006d37c 41 64 64 72 65 73 73 00 - 00 00 00 00 c0 2e 07 00
Address.........

*----> State Dump for Thread Id 0x2a4 <----*

eax=00000000 ebx=00085638 ecx=01223b98 edx=00000000 esi=80020000
edi=00000000
eip=7ffe0304 esp=00a7fe28 ebp=00a7ff90 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\GDI32.dll -
ChildEBP RetAddr Args to Child
00a7fe24 77f5c084 78016e61 00000808 00a7ff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00a7ff90 78017228 78019720 0120b320 77fa88f0
ntdll!NtReplyWaitReceivePortEx+0xc
00084ed8 ffffffff 0000013c 00000138 00000000
RPCRT4!I_RpcBindingInqLocalClientPID+0x3a4f
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000a7fe28 84 c0 f5 77 61 6e 01 78 - 08 08 00 00 80 ff a7 00
....wan.x........
0000000000a7fe38 00 00 00 00 38 56 08 00 - 00 00 00 00 c8 2b 15 f7
.....8V.......+..
0000000000a7fe48 58 00 70 00 00 00 00 00 - b8 02 00 00 bc 02 00 00
X.p.............
0000000000a7fe58 01 01 00 00 00 00 00 00 - 02 3f 5e 80 00 00 15 f7
..........?^.....
0000000000a7fe68 a4 f4 06 00 96 30 5e 80 - 40 00 00 00 48 a5 95 82
......0^[email protected]...
0000000000a7fe78 08 cc 54 e1 03 00 00 00 - 00 00 00 00 00 00 00 00
...T.............
0000000000a7fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a7fe98 00 00 00 00 05 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000a7fea8 b0 55 95 82 b0 55 95 82 - 95 02 5e 80 04 00 00 00
..U...U....^.....
0000000000a7feb8 05 00 00 00 b0 4c 03 e1 - 68 6b 03 e1 00 00 00 00
......L..hk......
0000000000a7fec8 00 00 c8 00 1e 82 00 e1 - c8 d6 41 e1 ae 5a 59 00
...........A..ZY.
0000000000a7fed8 68 6b 03 e1 30 00 30 00 - ee 81 00 e1 48 03 00 00
hk..0.0.....H...
0000000000a7fee8 2c 2c 15 f7 c6 62 59 80 - 48 03 00 00 34 00 00 c0
,,...bY.H...4...
0000000000a7fef8 48 a5 95 82 5e fa 50 80 - 7c b5 3b c0 24 2c 15 f7
H...^.P.|.;.$,..
0000000000a7ff08 ca fa 52 80 f4 2b 15 f7 - 01 00 00 00 00 00 00 00
...R..+..........
0000000000a7ff18 09 00 00 00 04 5e 53 80 - 44 0f 94 82 07 12 4f 80
......^S.D.....O.
0000000000a7ff28 0f 12 4f 80 14 0f 94 82 - a8 0d 94 82 69 2b 61 80
...O.........i+a.
0000000000a7ff38 28 5a 95 82 a8 0d 94 82 - 94 6d 01 78 60 ff a7 00
(Z.......m.x`...
0000000000a7ff48 af 6d 01 78 28 49 08 00 - b0 4e 08 00 b4 49 08 00
..m.x(I...N...I..
0000000000a7ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x2a8 <----*

eax=ffffffff ebx=00085748 ecx=0007a830 edx=00000000 esi=f79bed40
edi=00000000
eip=7ffe0304 esp=00abfe28 ebp=00abff90 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00abfe24 77f5c084 78016e61 00000110 00abff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00abff90 78017228 78019720 00085070 77fa88f0
ntdll!NtReplyWaitReceivePortEx+0xc
000851e0 ffffffff 00000144 00000140 00000000
RPCRT4!I_RpcBindingInqLocalClientPID+0x3a4f
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000abfe28 84 c0 f5 77 61 6e 01 78 - 10 01 00 00 80 ff ab 00
....wan.x........
0000000000abfe38 00 00 00 00 48 57 08 00 - 00 00 00 00 00 00 00 00
.....HW..........
0000000000abfe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfeb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000abfec8 bd 2c 4f f7 f7 01 00 00 - 6c 03 bd 82 e8 00 bd 82
..,O.....l.......
0000000000abfed8 68 03 bd 82 30 9c 4f f7 - 6c 03 bd 82 08 40 ba 82
h...0.O.l....@..
0000000000abfee8 24 76 52 80 08 ec 9b f7 - 04 00 00 00 00 00 00 00
$vR.............
0000000000abfef8 08 40 ba 82 64 a9 ab 82 - cc 6a b6 75 01 00 00 00
[email protected]....
0000000000abff08 fa 15 00 00 e8 17 00 00 - 00 00 00 00 2c ec 9b f7
.............,...
0000000000abff18 ad 77 52 80 00 00 b1 82 - 34 fb 95 82 07 12 4f 80
..wR.....4.....O.
0000000000abff28 0f 12 4f 80 04 fb 95 82 - 98 f9 95 82 69 2b 61 80
...O.........i+a.
0000000000abff38 28 5a 95 82 98 f9 95 82 - 94 6d 01 78 60 ff ab 00
(Z.......m.x`...
0000000000abff48 af 6d 01 78 28 49 08 00 - b8 51 08 00 e0 51 08 00
..m.x(I...Q...Q..
0000000000abff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x2ac <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000008
edi=00000000
eip=7ffe0304 esp=00afff9c ebp=00afffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\kernel32.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00afff98 77f5b7f4 77f88423 00000001 00afffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00afffb4 77e7d33b 00000000 00000000 00000008
ntdll!ZwDelayExecution+0xc
00afffec 00000000 77f883de 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000afff9c f4 b7 f5 77 23 84 f8 77 - 01 00 00 00 ac ff af 00
....w#..w........
0000000000afffac 00 00 00 00 00 00 00 80 - ec ff af 00 3b d3 e7 77
.............;..w
0000000000afffbc 00 00 00 00 00 00 00 00 - 08 00 00 00 00 00 00 00
.................
0000000000afffcc e8 ec a6 f7 00 a0 fd 7f - c0 ff af 00 07 00 00 00
................
0000000000afffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00
......H.w.=.w....
0000000000afffec 00 00 00 00 00 00 00 00 - de 83 f8 77 00 00 00 00
............w....
0000000000affffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b0009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b000ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b000bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b000cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x2b0 <----*

eax=00000102 ebx=00000000 ecx=00b3ff70 edx=00000000 esi=77fc59a0
edi=77fc59fc
eip=7ffe0304 esp=00b3ff70 ebp=00b3ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00b3ff6c 77f5c024 77f95b41 0000015c 00b3ffac *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00b3ffb4 77e7d33b 00000000 00070000 77f944a8
ntdll!ZwRemoveIoCompletion+0xc
00b3ffec 00000000 77f95b06 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000b3ff70 24 c0 f5 77 41 5b f9 77 - 5c 01 00 00 ac ff b3 00
$..wA[.w\.......
0000000000b3ff80 b0 ff b3 00 98 ff b3 00 - a0 ff b3 00 00 00 07 00
.................
0000000000b3ff90 a8 44 f9 77 00 00 00 00 - 00 00 00 00 c0 3e 23 01
..D.w.........>#.
0000000000b3ffa0 00 7c 28 e8 ff ff ff ff - 84 6f 4f 80 26 61 f9 77
..|(......oO.&a.w
0000000000b3ffb0 a0 b5 25 01 ec ff b3 00 - 3b d3 e7 77 00 00 00 00
...%.....;..w....
0000000000b3ffc0 00 00 07 00 a8 44 f9 77 - 00 00 00 00 00 00 00 00
......D.w........
0000000000b3ffd0 00 90 fd 7f c0 ff b3 00 - 07 00 00 00 ff ff ff ff
.................
0000000000b3ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
0000000000b3fff0 00 00 00 00 06 5b f9 77 - 00 00 00 00 00 00 00 00
......[.w........
0000000000b40000 41 63 74 78 20 00 00 00 - 01 00 00 00 94 09 00 00
Actx ...........
0000000000b40010 94 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00
......... .......
0000000000b40020 14 00 00 00 01 00 00 00 - 04 00 00 00 34 00 00 00
.............4...
0000000000b40030 c4 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b40040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00
.................
0000000000b40050 00 00 00 00 00 00 00 00 - 00 00 00 00 98 01 00 00
.................
0000000000b40060 4a 01 00 00 00 00 00 00 - 4e ef 26 1a e4 02 00 00
J.......N.&.....
0000000000b40070 44 00 00 00 2c 03 00 00 - e4 02 00 00 00 00 00 00
D...,...........
0000000000b40080 5b 49 59 2d 10 06 00 00 - 32 00 00 00 44 06 00 00
[IY-....2...D...
0000000000b40090 b4 02 00 00 10 00 00 00 - 02 00 00 00 a4 00 00 00
.................
0000000000b400a0 02 00 00 00 01 00 00 00 - c4 00 00 00 60 08 00 00
.............`...

*----> State Dump for Thread Id 0x2b4 <----*

eax=012599e8 ebx=00007530 ecx=0007b208 edx=00000000 esi=77e7a671
edi=00000000
eip=7ffe0304 esp=00b8fec0 ebp=00b8feec iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00b8febc 77f5c024 77e7594a 00000160 00b8ff14 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00b8feec 78061a65 00000160 00b8ff24 00b8ff14
ntdll!ZwRemoveIoCompletion+0xc
00b8ff28 7802c279 00007530 00b8ff78 00b8ff7c
RPCRT4!I_RpcProxyNewConnection+0x6f3c
00b8ff90 7802c6e3 78019720 000864e0 00000000
RPCRT4!I_RpcLogEvent+0x191
00086c30 ffffffff 00000178 00000174 00000000
RPCRT4!I_RpcLogEvent+0x5fb
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000b8fec0 24 c0 f5 77 4a 59 e7 77 - 60 01 00 00 14 ff b8 00
$..wJY.w`.......
0000000000b8fed0 04 ff b8 00 e4 fe b8 00 - dc fe b8 00 00 5d 1e ee
..............]..
0000000000b8fee0 ff ff ff ff 00 00 00 00 - 93 99 00 00 28 ff b8 00
.............(...
0000000000b8fef0 65 1a 06 78 60 01 00 00 - 24 ff b8 00 14 ff b8 00
e..x`...$.......
0000000000b8ff00 1c ff b8 00 30 75 00 00 - 00 00 00 00 71 a6 e7 77
.....0u......q..w
0000000000b8ff10 00 00 00 00 dd a7 00 78 - 60 01 00 00 be 8d 02 78
........x`......x
0000000000b8ff20 5c 32 08 00 00 00 00 00 - 90 ff b8 00 79 c2 02 78
\2..........y..x
0000000000b8ff30 30 75 00 00 78 ff b8 00 - 7c ff b8 00 84 ff b8 00
0u..x...|.......
0000000000b8ff40 70 ff b8 00 74 ff b8 00 - 80 ff b8 00 28 49 08 00
p...t.......(I..
0000000000b8ff50 08 6c 08 00 30 6c 08 00 - 30 6c 08 00 60 01 00 00
..l..0l..0l..`...
0000000000b8ff60 01 00 00 00 1c 00 00 00 - 00 00 00 00 30 75 00 00
.............0u..
0000000000b8ff70 93 99 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000b8ff80 00 00 00 00 60 01 00 00 - 00 00 00 00 e0 64 08 00
.....`........d..
0000000000b8ff90 30 6c 08 00 e3 c6 02 78 - 20 97 01 78 e0 64 08 00
0l.....x ..x.d..
0000000000b8ffa0 00 00 00 00 00 00 00 00 - ec ff b8 00 30 6c 08 00
.............0l..
0000000000b8ffb0 3e 78 01 78 08 6c 08 00 - 3b d3 e7 77 30 6c 08 00
x.x.l..;..w0l..
Click to expand...
0000000000b8ffc0 00 00 00 00 00 00 00 00 - 30 6c 08 00 00 00 00 00
.........0l......
0000000000b8ffd0 00 80 fd 7f c0 ff b8 00 - 07 00 00 00 ff ff ff ff
.................
0000000000b8ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
0000000000b8fff0 00 00 00 00 28 78 01 78 - 30 6c 08 00 00 00 00 00
.....(x.x0l......

*----> State Dump for Thread Id 0x2c0 <----*

eax=000000c0 ebx=00000000 ecx=000870f0 edx=00000000 esi=00000000
edi=00000001
eip=7ffe0304 esp=00bcfcec ebp=00bcffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00bcfce8 77f5c524 77f91f83 00000008 00bcfd30 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00bcffb4 77e7d33b 00000000 00000000 00070000
ntdll!NtWaitForMultipleObjects+0xc
00bcffec 00000000 77f91e38 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000bcfcec 24 c5 f5 77 83 1f f9 77 - 08 00 00 00 30 fd bc 00
$..w...w....0...
0000000000bcfcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfd0c 00 00 07 00 00 00 00 00 - 20 5a fc 77 20 5a fc 77
......... Z.w Z.w
0000000000bcfd1c 80 01 00 00 c0 02 00 00 - 08 00 00 00 08 00 00 00
.................
0000000000bcfd2c 07 00 00 00 84 01 00 00 - 88 01 00 00 94 01 00 00
.................
0000000000bcfd3c 5c 02 00 00 40 02 00 00 - 64 02 00 00 b8 06 00 00
\[email protected].......
0000000000bcfd4c 20 02 00 00 3c 0a 00 00 - 54 0a 00 00 f4 09 00 00
....<...T.......
0000000000bcfd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000bcfe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x480 <----*

eax=00000051 ebx=00000002 ecx=00070110 edx=00000000 esi=76c629c0
edi=00000000
eip=7ffe0304 esp=00f3ff64 ebp=00f3ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00f3ff60 77f5c524 76c6c70f 00000002 00122950 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00f3ffb4 77e7d33b 00000000 00000000 00000000
ntdll!NtWaitForMultipleObjects+0xc
00f3ffec 00000000 76c6c343 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000f3ff64 24 c5 f5 77 0f c7 c6 76 - 02 00 00 00 50 29 12 00
$..w...v....P)..
0000000000f3ff74 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f3ff84 00 00 00 00 00 00 00 00 - 4c 35 09 00 b8 f3 16 00
.........L5......
0000000000f3ff94 b0 f3 16 00 50 29 12 00 - 98 f3 16 00 00 00 00 00
.....P)..........
0000000000f3ffa4 00 2a 19 01 48 35 09 00 - d8 1e 19 01 02 00 00 00
..*..H5..........
0000000000f3ffb4 ec ff f3 00 3b d3 e7 77 - 00 00 00 00 00 00 00 00
.....;..w........
0000000000f3ffc4 00 00 00 00 00 00 00 00 - e0 2c d2 ee 00 f0 fa 7f
..........,......
0000000000f3ffd4 c0 ff f3 00 07 00 00 00 - ff ff ff ff 09 48 e9 77
..............H.w
0000000000f3ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
0000000000f3fff4 43 c3 c6 76 00 00 00 00 - 00 00 00 00 00 00 00 00
C..v............
0000000000f40004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f40094 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x484 <----*

eax=01186fb8 ebx=0016f398 ecx=1f543b79 edx=00000000 esi=76c629c0
edi=00000000
eip=7ffe0304 esp=00f7ff4c ebp=00f7ffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00f7ff48 77f5c524 76c6c307 00000040 0008ff98 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00f7ffb4 77e7d33b 0120a568 00000000 00000000
ntdll!NtWaitForMultipleObjects+0xc
00f7ffec 00000000 76c6c08d 0016f398 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000f7ff4c 24 c5 f5 77 07 c3 c6 76 - 40 00 00 00 98 ff 08 00
$..w...v@.......
0000000000f7ff5c 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f7ff6c 00 00 00 00 98 f3 16 00 - 00 00 00 00 01 00 00 00
.................
0000000000f7ff7c 02 00 00 00 04 00 00 00 - 08 00 00 00 10 00 00 00
.................
0000000000f7ff8c 01 c4 9e 82 00 00 00 00 - 28 5a 95 82 78 6b 4f 80
.........(Z..xkO.
0000000000f7ff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 d8 1e 19 01
.................
0000000000f7ffac 70 20 19 01 13 00 00 00 - ec ff f7 00 3b d3 e7 77 p
...........;..w
0000000000f7ffbc 68 a5 20 01 00 00 00 00 - 00 00 00 00 98 f3 16 00
h. .............
0000000000f7ffcc e0 2c d3 ee 00 e0 fa 7f - c0 ff f7 00 07 00 00 00
..,..............
0000000000f7ffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00
......H.w.=.w....
0000000000f7ffec 00 00 00 00 00 00 00 00 - 8d c0 c6 76 98 f3 16 00
............v....
0000000000f7fffc 00 00 00 00 41 63 74 78 - 20 00 00 00 01 00 00 00
.....Actx .......
0000000000f8000c 50 17 00 00 7c 00 00 00 - 00 00 00 00 20 00 00 00
P...|....... ...
0000000000f8001c 00 00 00 00 14 00 00 00 - 01 00 00 00 03 00 00 00
.................
0000000000f8002c 34 00 00 00 bc 00 00 00 - 01 00 00 00 00 00 00 00
4...............
0000000000f8003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f8004c 02 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000f8005c 78 01 00 00 58 01 00 00 - 00 00 00 00 cd ea ce 32
x...X..........2
0000000000f8006c d0 02 00 00 42 00 00 00 - 14 03 00 00 e4 02 00 00
.....B...........
0000000000f8007c 10 00 00 00 03 00 00 00 - 8c 00 00 00 02 00 00 00
.................

*----> State Dump for Thread Id 0x488 <----*

eax=76c6c08d ebx=0016f3a4 ecx=00000000 edx=00000000 esi=76c629c0
edi=0120ad90
eip=7ffe0304 esp=00fcff4c ebp=00fcffb4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00fcff48 77f5c524 76c6c307 00000039 01192a08 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00fcffb4 77e7d33b 0120a980 00000000 00000000
ntdll!NtWaitForMultipleObjects+0xc
00fcffec 00000000 76c6c08d 0016f3a4 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000000fcff4c 24 c5 f5 77 07 c3 c6 76 - 39 00 00 00 08 2a 19 01
$..w...v9....*..
0000000000fcff5c 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fcff6c 00 00 00 00 a4 f3 16 00 - 00 00 00 00 01 00 00 00
.................
0000000000fcff7c 02 00 00 00 04 00 00 00 - 08 00 00 00 10 00 00 00
.................
0000000000fcff8c 01 00 00 00 00 00 00 00 - 28 5a 95 82 78 6b 4f 80
.........(Z..xkO.
0000000000fcff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 c0 24 19 01
..............$..
0000000000fcffac a8 ec d1 ee f4 bf f5 77 - ec ff fc 00 3b d3 e7 77
........w....;..w
0000000000fcffbc 80 a9 20 01 00 00 00 00 - 00 00 00 00 a4 f3 16 00
... .............
0000000000fcffcc 00 00 00 00 00 d0 fa 7f - c0 ff fc 00 07 00 00 00
.................
0000000000fcffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00
......H.w.=.w....
0000000000fcffec 00 00 00 00 00 00 00 00 - 8d c0 c6 76 a4 f3 16 00
............v....
0000000000fcfffc 00 00 00 00 c8 00 00 00 - 00 01 00 00 ff ee ff ee
.................
0000000000fd000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00
.................
0000000000fd001c 00 20 00 00 00 02 00 00 - 00 20 00 00 2f 02 00 00 .
........ ../...
0000000000fd002c ff ef fd 7f 12 00 08 06 - 00 00 00 00 00 00 00 00
.................
0000000000fd003c 00 00 00 00 00 00 00 00 - 98 05 fd 00 0f 00 00 00
.................
0000000000fd004c f8 ff ff ff 50 00 fd 00 - 50 00 fd 00 40 06 fd 00
.....P...P...@...
0000000000fd005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x4a8 <----*

eax=0108127a ebx=0144fea0 ecx=00000000 edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=0144fe58 ebp=0144fef4 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\cscdll.dll -
ChildEBP RetAddr Args to Child
0144fe54 77f5c524 77e75ee0 00000004 0144fea0 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0144fef4 77e75faa 00000004 0144ff30 00000000
ntdll!NtWaitForMultipleObjects+0xc
0144ff40 76602516 011ba9db 011aaba5 00000000
kernel32!WaitForMultipleObjects+0x17
0144ffb4 77e7d33b 0016fff0 0016fff0 0006fc28
cscdll!MprServiceProc+0x17
0144ffec 00000000 01038824 0016fff0 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000144fe58 24 c5 f5 77 e0 5e e7 77 - 04 00 00 00 a0 fe 44 01
$..w.^.w......D.
000000000144fe68 01 00 00 00 00 00 00 00 - 00 00 00 00 1b 82 12 01
.................
000000000144fe78 00 00 00 00 9b a2 e7 77 - e0 fe 44 01 a4 ff 44 01
........w..D...D.
000000000144fe88 00 00 00 00 08 32 e8 77 - ff ff ff ff 04 00 00 00
......2.w........
000000000144fe98 00 f0 fd 7f 00 a0 fa 7f - 04 07 00 00 08 07 00 00
.................
000000000144fea8 0c 07 00 00 14 07 00 00 - 04 fe 44 01 1c ff 44 01
...........D...D.
000000000144feb8 b7 a7 dc 76 00 00 00 00 - a0 fe 44 01 89 1e 60 76
....v......D...`v
000000000144fec8 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000144fed8 10 00 00 00 74 fe 44 01 - 00 00 00 00 a4 ff 44 01
.....t.D.......D.
000000000144fee8 09 48 e9 77 78 32 e8 77 - 00 00 00 00 40 ff 44 01
[email protected].
000000000144fef8 aa 5f e7 77 04 00 00 00 - 30 ff 44 01 00 00 00 00
.._.w....0.D.....
000000000144ff08 ff ff ff ff 00 00 00 00 - 65 1c 60 76 04 00 00 00
.........e.`v....
000000000144ff18 30 ff 44 01 00 00 00 00 - ff ff ff ff f0 ff 16 00
0.D.............
000000000144ff28 00 00 00 00 18 a7 07 00 - 04 07 00 00 08 07 00 00
.................
000000000144ff38 0c 07 00 00 14 07 00 00 - b4 ff 44 01 16 25 60 76
...........D..%`v
000000000144ff48 db a9 1b 01 a5 ab 1a 01 - 00 00 00 00 05 00 00 00
.................
000000000144ff58 f3 24 60 76 00 00 00 00 - e4 88 03 01 78 ff 44 01
..$`v........x.D.
000000000144ff68 f0 ff 16 00 28 fc 06 00 - f0 ff 16 00 9a 42 4f 80
.....(........BO.
000000000144ff78 20 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000144ff88 f0 a7 07 00 00 00 00 00 - 94 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x4b0 <----*

eax=76602574 ebx=014aff10 ecx=77f6a08d edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=014afec8 ebp=014aff64 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
014afec4 77f5c524 77e75ee0 00000002 014aff10 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
014aff64 77e75faa 00000002 014affa0 00000000
ntdll!NtWaitForMultipleObjects+0xc
014affb4 77e7d33b 00000000 00000000 00000000
kernel32!WaitForMultipleObjects+0x17
014affec 00000000 76602574 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000014afec8 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 10 ff 4a 01
$..w.^.w......J.
00000000014afed8 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000014afee8 00 00 00 00 8a 71 09 00 - 00 00 00 00 00 00 00 00
......q..........
00000000014afef8 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00
.................
00000000014aff08 00 f0 fd 7f 00 90 fa 7f - 18 07 00 00 fc 06 00 00
.................
00000000014aff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000014aff28 00 00 00 00 00 00 00 00 - 10 ff 4a 01 00 00 00 00
...........J.....
00000000014aff38 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000014aff48 10 00 00 00 e4 fe 4a 01 - 00 00 00 00 dc ff 4a 01
.......J.......J.
00000000014aff58 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff 4a 01
..H.wx2.w......J.
00000000014aff68 aa 5f e7 77 02 00 00 00 - a0 ff 4a 01 00 00 00 00
.._.w......J.....
00000000014aff78 ff ff ff ff 00 00 00 00 - d9 25 60 76 02 00 00 00
..........%`v....
00000000014aff88 a0 ff 4a 01 00 00 00 00 - ff ff ff ff 00 00 00 00
...J.............
00000000014aff98 00 00 00 00 00 00 00 00 - 18 07 00 00 fc 06 00 00
.................
00000000014affa8 00 00 00 00 ff ff 00 00 - 00 00 00 00 ec ff 4a 01
...............J.
00000000014affb8 3b d3 e7 77 00 00 00 00 - 00 00 00 00 00 00 00 00
;..w............
00000000014affc8 00 00 00 00 00 00 00 00 - 00 90 fa 7f c0 ff 4a 01
...............J.
00000000014affd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77
..........H.w.=.w
00000000014affe8 00 00 00 00 00 00 00 00 - 00 00 00 00 74 25 60 76
.............t%`v
00000000014afff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x610 <----*

eax=00000000 ebx=012bff18 ecx=012bfed0 edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=012bfed0 ebp=012bff6c iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
012bfecc 77f5c524 77e75ee0 00000003 012bff18 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
012bff6c 77e75faa 00000003 75b03300 00000000
ntdll!NtWaitForMultipleObjects+0xc
00000000 00000000 00000000 00000000 00000000
kernel32!WaitForMultipleObjects+0x17

*----> Raw Stack Dump <----*
00000000012bfed0 24 c5 f5 77 e0 5e e7 77 - 03 00 00 00 18 ff 2b 01
$..w.^.w......+.
00000000012bfee0 01 00 00 00 00 00 00 00 - 00 00 00 00 a4 33 b0 75
..............3.u
00000000012bfef0 00 00 00 00 f0 a6 e7 77 - 00 00 00 00 00 00 00 00
........w........
00000000012bff00 00 00 00 00 00 00 01 00 - 00 00 07 00 03 00 00 00
.................
00000000012bff10 00 f0 fd 7f 00 c0 fa 7f - b0 06 00 00 b4 06 00 00
.................
00000000012bff20 58 0a 00 00 37 90 f5 77 - 2e d9 e7 77 00 00 07 00
X...7..w...w....
00000000012bff30 00 00 00 00 3e d9 e7 77 - 18 ff 2b 01 00 00 00 00
.....>..w..+.....
00000000012bff40 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000012bff50 10 00 00 00 ec fe 2b 01 - 16 00 18 00 dc ff 2b 01
.......+.......+.
00000000012bff60 09 48 e9 77 78 32 e8 77 - 00 00 00 00 00 00 00 00
..H.wx2.w........
00000000012bff70 aa 5f e7 77 03 00 00 00 - 00 33 b0 75 00 00 00 00
.._.w.....3.u....
00000000012bff80 ff ff ff ff 00 00 00 00 - 45 5b a7 75 03 00 00 00
.........E[.u....
00000000012bff90 00 33 b0 75 00 00 00 00 - ff ff ff ff 00 00 00 00
..3.u............
00000000012bffa0 00 00 00 00 00 00 00 00 - ec ff 2b 01 00 00 00 00
...........+.....
00000000012bffb0 03 00 00 00 00 00 a7 75 - 3b d3 e7 77 00 00 00 00
........u;..w....
00000000012bffc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000012bffd0 00 c0 fa 7f c0 ff 2b 01 - 07 00 00 00 ff ff ff ff
.......+.........
00000000012bffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
00000000012bfff0 00 00 00 00 ea 5a a7 75 - 00 00 00 00 00 00 00 00
......Z.u........
00000000012c0000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 10 00 00
.................

*----> State Dump for Thread Id 0x614 <----*

eax=00000000 ebx=0137fe58 ecx=01257d34 edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=0137fe10 ebp=0137feac iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0137fe0c 77f5c524 77e75ee0 00000004 0137fe58 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0137feac 77e75faa 00000004 0137ff8c 00000000
ntdll!NtWaitForMultipleObjects+0xc
0137ffb4 77e7d33b 00000000 77f57d70 77f58a3a
kernel32!WaitForMultipleObjects+0x17
0137ffec 00000000 75a7db95 01180090 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000137fe10 24 c5 f5 77 e0 5e e7 77 - 04 00 00 00 58 fe 37 01
$..w.^.w....X.7.
000000000137fe20 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000137fe30 90 00 18 01 8c 39 f9 77 - 26 ff 37 01 0a 00 00 00
......9.w&.7.....
000000000137fe40 00 00 00 00 02 00 00 80 - 00 00 00 00 04 00 00 00
.................
000000000137fe50 00 f0 fd 7f 00 80 fa 7f - d0 03 00 00 c0 06 00 00
.................
000000000137fe60 28 07 00 00 24 07 00 00 - 2e ff 37 01 a4 e0 d4 77
(...$.....7....w
000000000137fe70 26 ff 37 01 2c ff 37 01 - 58 fe 37 01 90 00 18 01
&.7.,.7.X.7.....
000000000137fe80 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000137fe90 10 00 00 00 2c fe 37 01 - 00 00 00 00 dc ff 37 01
.....,.7.......7.
000000000137fea0 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff 37 01
..H.wx2.w......7.
000000000137feb0 aa 5f e7 77 04 00 00 00 - 8c ff 37 01 00 00 00 00
.._.w......7.....
000000000137fec0 ff ff ff ff 00 00 00 00 - 1b dd a7 75 04 00 00 00
............u....
000000000137fed0 8c ff 37 01 00 00 00 00 - ff ff ff ff 70 7d f5 77
...7.........p}.w
000000000137fee0 3a 8a f5 77 90 00 18 01 - 75 00 73 00 65 00 72 00
:..w....u.s.e.r.
000000000137fef0 65 00 6e 00 76 00 3a 00 - 20 00 72 00 65 00 66 00
e.n.v.:. .r.e.f.
000000000137ff00 72 00 65 00 73 00 68 00 - 20 00 74 00 69 00 6d 00
r.e.s.h. .t.i.m.
000000000137ff10 65 00 72 00 20 00 66 00 - 6f 00 72 00 20 00 36 00
e.r. .f.o.r. .6.
000000000137ff20 34 00 34 00 3a 00 31 00 - 35 00 35 00 36 00 00 00
4.4.:.1.5.5.6...
000000000137ff30 68 03 95 82 69 2b 61 80 - 28 5a 95 82 68 03 95 82
h...i+a.(Z..h...
000000000137ff40 00 80 fa 7f 00 00 00 00 - 00 00 00 00 90 9c b9 ee
.................

*----> State Dump for Thread Id 0x2d0 <----*

eax=78017828 ebx=012417d8 ecx=00250178 edx=00000000 esi=f73bad40
edi=00000000
eip=7ffe0304 esp=00c4fe28 ebp=00c4ff90 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00c4fe24 77f5c084 78016e61 00000134 00c4ff80 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00c4ff90 78017228 78019720 00084ce8 000000fa
ntdll!NtReplyWaitReceivePortEx+0xc
01216848 ffffffff 000003d4 000003cc 00000000
RPCRT4!I_RpcBindingInqLocalClientPID+0x3a4f
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000000c4fe28 84 c0 f5 77 61 6e 01 78 - 34 01 00 00 80 ff c4 00
....wan.x4.......
0000000000c4fe38 00 00 00 00 d8 17 24 01 - 00 00 00 00 00 00 00 00
.......$.........
0000000000c4fe48 9c 36 50 c0 9c 36 50 c0 - c0 8d 9d 82 4d 03 00 00
..6P..6P.....M...
0000000000c4fe58 32 fd 50 80 4d 03 00 00 - c0 8d 9d 82 00 a0 fa 7f
2.P.M...........
0000000000c4fe68 fc 07 30 c0 00 00 00 00 - 4d 03 00 00 00 00 00 00
...0.....M.......
0000000000c4fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 c0 66 87 82
..............f..
0000000000c4fe88 c4 ab 3b f7 b5 00 51 80 - fc 07 30 c0 c4 ab 3b f7
...;...Q...0...;.
0000000000c4fe98 f2 00 51 80 00 a0 fa 7f - 00 00 00 00 00 00 00 00
...Q.............
0000000000c4fea8 98 f6 85 82 c8 8b 9d 82 - 01 8c 9d 82 00 00 00 00
.................
0000000000c4feb8 a8 fe 1f c0 c8 8b 9d 82 - 00 00 00 00 00 00 a0 00
.................
0000000000c4fec8 ff ff 9f 00 00 00 00 00 - 00 00 a0 00 00 71 4f 80
..............qO.
0000000000c4fed8 c8 8b 9d 82 3c ab 3b f7 - 00 01 00 00 ff ff ff ff
.....<.;.........
0000000000c4fee8 60 2a 52 80 68 23 4d 80 - ff ff ff ff 00 a0 fa 7f
`*R.h#M.........
0000000000c4fef8 71 95 52 80 ff ff ff ff - 88 ac 3b f7 8c ac 3b f7
q.R.......;...;.
0000000000c4ff08 00 80 00 00 78 91 9c 82 - 80 91 9c 82 00 00 00 00
.....x...........
0000000000c4ff18 28 ac 3b f7 50 60 bf 82 - 44 df 87 82 07 12 4f 80
(.;.P`..D.....O.
0000000000c4ff28 0f 12 4f 80 14 df 87 82 - a8 dd 87 82 69 2b 61 80
...O.........i+a.
0000000000c4ff38 28 5a 95 82 a8 dd 87 82 - 94 6d 01 78 60 ff c4 00
(Z.......m.x`...
0000000000c4ff48 af 6d 01 78 28 49 08 00 - 58 ee 16 00 48 68 21 01
..m.x(I..X...Hh!.
0000000000c4ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0xb38 <----*

eax=72d22ecc ebx=0166ff1c ecx=013bf8fc edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=0166fed4 ebp=0166ff70 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0166fed0 77f5c524 77e75ee0 00000002 0166ff1c *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0166ff70 77e75faa 00000002 0166ffa4 00000000
ntdll!NtWaitForMultipleObjects+0xc
0166ffb4 77e7d33b 00000000 00000007 000707d8
kernel32!WaitForMultipleObjects+0x17
0166ffec 00000000 72d22ecc 00000000 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000166fed4 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 1c ff 66 01
$..w.^.w......f.
000000000166fee4 01 00 00 00 00 00 00 00 - 00 00 00 00 07 00 00 00
.................
000000000166fef4 00 00 00 00 00 00 00 00 - ff ff ff ff 88 9c 26 ee
...............&.
000000000166ff04 00 00 00 00 00 80 00 00 - 78 91 9c 82 02 00 00 00
.........x.......
000000000166ff14 00 f0 fd 7f 00 40 fa 7f - 30 09 00 00 50 0a 00 00
[email protected]...
000000000166ff24 07 12 4f 80 0f 12 4f 80 - 74 8d 3d 82 08 8c 3d 82
...O...O.t.=...=.
000000000166ff34 69 2b 61 80 28 5a 95 82 - 1c ff 66 01 00 40 fa 7f
i+a.(Z....f..@..
000000000166ff44 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000166ff54 10 00 00 00 f0 fe 66 01 - 00 00 00 00 dc ff 66 01
.......f.......f.
000000000166ff64 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff 66 01
..H.wx2.w......f.
000000000166ff74 aa 5f e7 77 02 00 00 00 - a4 ff 66 01 00 00 00 00
.._.w......f.....
000000000166ff84 ff ff ff ff 00 00 00 00 - 0c 2f d2 72 02 00 00 00
........../.r....
000000000166ff94 a4 ff 66 01 00 00 00 00 - ff ff ff ff d8 07 07 00
...f.............
000000000166ffa4 30 09 00 00 50 0a 00 00 - a8 9c 26 ee f4 bf f5 77
0...P.....&....w
000000000166ffb4 ec ff 66 01 3b d3 e7 77 - 00 00 00 00 07 00 00 00
...f.;..w........
000000000166ffc4 d8 07 07 00 00 00 00 00 - 08 00 20 00 00 40 fa 7f
........... ..@..
000000000166ffd4 c0 ff 66 01 07 00 00 00 - ff ff ff ff 09 48 e9 77
...f..........H.w
000000000166ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
000000000166fff4 cc 2e d2 72 00 00 00 00 - 00 00 00 00 4d 5a 90 00
....r........MZ..
0000000001670004 03 00 00 00 04 00 00 00 - ff ff 00 00 b8 00 00 00
.................

*----> State Dump for Thread Id 0xbc8 <----*

eax=015eff08 ebx=000008dc ecx=77d4bb48 edx=00000000 esi=015eff98
edi=77d45aaf
eip=7ffe0304 esp=015eff54 ebp=015eff78 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
015eff50 77d8a2a8 77d45b3a 015eff98 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
015eff78 76b41c79 015eff98 00000000 00000000
USER32!GetMenuItemRect+0x1c
015effb4 77e7d33b 000008dc 00010002 00070000 WINMM!timeGetTime+0x1a1
015effec 00000000 76b41c14 000008dc 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000015eff54 a8 a2 d8 77 3a 5b d4 77 - 98 ff 5e 01 00 00 00 00
....w:[.w..^.....
00000000015eff64 00 00 00 00 00 00 00 00 - dc 08 00 00 af 5a d4 77
..............Z.w
00000000015eff74 00 00 00 00 b4 ff 5e 01 - 79 1c b4 76 98 ff 5e 01
.......^.y..v..^.
00000000015eff84 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 01 00
.................
00000000015eff94 00 00 07 00 44 00 05 00 - 19 02 00 00 07 00 00 00
.....D...........
00000000015effa4 00 00 00 00 be 94 0d 00 - 4b 01 00 00 63 00 00 00
.........K...c...
00000000015effb4 ec ff 5e 01 3b d3 e7 77 - dc 08 00 00 02 00 01 00
...^.;..w........
00000000015effc4 00 00 07 00 dc 08 00 00 - 00 00 00 00 00 60 fa 7f
..............`..
00000000015effd4 c0 ff 5e 01 07 00 00 00 - ff ff ff ff 09 48 e9 77
...^..........H.w
00000000015effe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
00000000015efff4 14 1c b4 76 dc 08 00 00 - 00 00 00 00 00 00 00 00
....v............
00000000015f0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000015f0084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x8f8 <----*

eax=75abc402 ebx=00d7ff1c ecx=77f53870 edx=00000000 esi=00000000
edi=7ffdf000
eip=7ffe0304 esp=00d7fed4 ebp=00d7ff70 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00d7fed0 77f5c524 77e75ee0 00000002 00d7ff1c *SharedUserSystemCall+0xc
(FPO: [0,0,0])
00d7ff70 77e75faa 00000002 0025b05c 00000000
ntdll!NtWaitForMultipleObjects+0xc
00000000 00000000 00000000 00000000 00000000
kernel32!WaitForMultipleObjects+0x17

*----> Raw Stack Dump <----*
0000000000d7fed4 24 c5 f5 77 e0 5e e7 77 - 02 00 00 00 1c ff d7 00
$..w.^.w........
0000000000d7fee4 01 00 00 00 00 00 00 00 - 00 00 00 00 d0 49 b0 75
..............I.u
0000000000d7fef4 58 b0 25 00 00 00 00 00 - 15 00 00 00 00 00 00 00
X.%.............
0000000000d7ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00
.................
0000000000d7ff14 00 f0 fd 7f 00 40 fd 7f - 30 08 00 00 78 00 00 00
[email protected]...
0000000000d7ff24 07 12 4f 80 0f 12 4f 80 - 04 35 3a 82 98 33 3a 82
...O...O..5:..3:.
0000000000d7ff34 69 2b 61 80 28 5a 95 82 - 1c ff d7 00 00 40 fd 7f
i+a.(Z.......@..
0000000000d7ff44 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000d7ff54 10 00 00 00 f0 fe d7 00 - 00 00 00 00 dc ff d7 00
.................
0000000000d7ff64 09 48 e9 77 78 32 e8 77 - 00 00 00 00 00 00 00 00
..H.wx2.w........
0000000000d7ff74 aa 5f e7 77 02 00 00 00 - 5c b0 25 00 00 00 00 00
.._.w....\.%.....
0000000000d7ff84 ff ff ff ff 00 00 00 00 - 26 c2 ab 75 02 00 00 00
.........&..u....
0000000000d7ff94 5c b0 25 00 00 00 00 00 - ff ff ff ff ec ff d7 00
\.%.............
0000000000d7ffa4 58 b0 25 00 08 f4 06 00 - 70 7d f5 77 00 00 00 00
X.%.....p}.w....
0000000000d7ffb4 d0 49 b0 75 3b d3 e7 77 - 00 00 00 00 08 f4 06 00
..I.u;..w........
0000000000d7ffc4 70 7d f5 77 58 b0 25 00 - 00 00 00 00 00 40 fd 7f
p}.wX.%......@..
0000000000d7ffd4 c0 ff d7 00 07 00 00 00 - ff ff ff ff 09 48 e9 77
..............H.w
0000000000d7ffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00
..=.w............
0000000000d7fff4 02 c4 ab 75 58 b0 25 00 - 00 00 00 00 41 63 74 78
....uX.%.....Actx
0000000000d80004 20 00 00 00 01 00 00 00 - 3c 17 00 00 7c 00 00 00
........<...|...

*----> State Dump for Thread Id 0xd88 <----*

eax=0124f000 ebx=00079250 ecx=01252000 edx=00000000 esi=0162ff98
edi=77d55811
eip=7ffe0304 esp=0162fe5c ebp=0162fe78 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Module load completed but symbols could not be loaded for
\??\C:\WINDOWS\system32\winlogon.exe
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0162fe58 77d8a2a8 77d55842 0162ff98 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0162fe78 01021aed 0162ff98 00000000 00000000
USER32!GetMenuItemRect+0x1c
0162ffb4 77e7d33b 00079250 00000000 00000000 winlogon+0x21aed
0162ffec 00000000 010219cc 00079250 00000000
kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000162fe5c a8 a2 d8 77 42 58 d5 77 - 98 ff 62 01 00 00 00 00
....wBX.w..b.....
000000000162fe6c 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 62 01
...............b.
000000000162fe7c ed 1a 02 01 98 ff 62 01 - 00 00 00 00 00 00 00 00
.......b.........
000000000162fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 db 5b 27 00
..............['.
000000000162fe9c dc 5a 24 00 dd 59 24 00 - e0 5b 25 00 e0 5a 22 00
..Z$..Y$..[%..Z".
000000000162feac e1 59 21 00 e2 59 21 00 - e2 59 21 00 e2 59 21 00
..Y!..Y!..Y!..Y!.
000000000162febc e2 59 21 00 e2 59 20 00 - e1 58 20 00 e1 58 20 00
..Y!..Y ..X ..X .
000000000162fecc e1 58 20 00 e1 58 20 00 - e1 58 20 00 e1 58 20 00
..X ..X ..X ..X .
000000000162fedc e1 58 20 00 e1 58 20 00 - e1 58 20 00 e1 58 20 00
..X ..X ..X ..X .
000000000162feec e1 58 20 00 e1 58 20 00 - e1 58 20 00 e2 59 1f 00
..X ..X ..X ..Y..
000000000162fefc e5 58 1f 00 e5 59 1e 00 - e5 59 1e 00 e5 59 1e 00
..X...Y...Y...Y..
000000000162ff0c e5 59 1e 00 e5 59 1e 00 - e5 59 1e 00 e5 59 1e 00
..Y...Y...Y...Y..
000000000162ff1c e5 59 1e 00 14 1a 3b 82 - 07 12 4f 80 0f 12 4f 80
..Y....;...O...O.
000000000162ff2c e4 19 3b 82 78 18 3b 82 - 69 2b 61 80 28 5a 95 82
...;.x.;.i+a.(Z..
000000000162ff3c 78 18 3b 82 00 b0 fa 7f - 00 00 00 00 00 00 00 00
x.;.............
000000000162ff4c 90 1c 52 ee 9c 6f 4f 80 - 00 00 00 00 05 00 00 00
...R..oO.........
000000000162ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 de 41 4f 80
..............AO.
000000000162ff6c 00 00 00 00 00 00 00 00 - 9a 42 4f 80 28 5a 95 82
..........BO.(Z..
000000000162ff7c 78 18 3b 82 40 1d 52 ee - 38 1c 45 82 90 c8 42 00
x.;[email protected].
000000000162ff8c 01 1c 52 ee 00 00 00 00 - 28 5a 95 82 78 6b 4f 80
...R.....(Z..xkO.

*----> State Dump for Thread Id 0x924 <----*

eax=6a2226a2 ebx=00000000 ecx=0006e584 edx=00000000 esi=00474490
edi=00000001
eip=7ffe0304 esp=016efe9c ebp=016efed0 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\NWGina.DLL -
ChildEBP RetAddr Args to Child
016efe98 77d8aa0e 77d613f4 00000000 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
016efed0 77d746fe 00040028 00000000 00000001 USER32!WaitMessage+0xc
016efef8 77d6644e 6a400000 01244ef0 00000000
USER32!CheckRadioButton+0x132
016eff18 77d6ee00 6a400000 01244ef0 00000000
USER32!DialogBoxIndirectParamAorW+0x35
016eff38 0103c38e 6a400000 01244ef0 00000000
USER32!DialogBoxIndirectParamW+0x19
016eff5c 0103a787 6a400000 01244ef0 00000000 winlogon+0x3c38e
016eff8c 6a22272d 00079250 6a400000 01244ef0 winlogon+0x3a787
016effec 00000000 6a2226a2 01254bb0 00000000 NWGina+0x2272d

*----> Raw Stack Dump <----*
00000000016efe9c 0e aa d8 77 f4 13 d6 77 - 00 00 00 00 00 00 00 00
....w...w........
00000000016efeac 00 00 00 00 84 08 c8 80 - 00 00 99 01 6f 01 ce 00
.............o...
00000000016efebc 22 00 6e 01 02 00 00 00 - f8 fe 6e 01 d7 46 d7 77
".n.......n..F.w
00000000016efecc 00 00 00 00 f8 fe 6e 01 - fe 46 d7 77 28 00 04 00
.......n..F.w(...
00000000016efedc 00 00 00 00 01 00 00 00 - 00 00 00 00 50 92 07 00
.............P...
00000000016efeec e0 92 07 00 00 00 00 00 - 00 00 00 00 18 ff 6e 01
...............n.
00000000016efefc 4e 64 d6 77 00 00 40 6a - f0 4e 24 01 00 00 00 00
(e-mail address removed)$.....
00000000016eff0c 71 a2 03 01 84 ff 6e 01 - 01 00 00 00 38 ff 6e 01
q.....n.....8.n.
00000000016eff1c 00 ee d6 77 00 00 40 6a - f0 4e 24 01 00 00 00 00
(e-mail address removed)$.....
00000000016eff2c 71 a2 03 01 84 ff 6e 01 - 00 00 00 00 5c ff 6e 01
q.....n.....\.n.
00000000016eff3c 8e c3 03 01 00 00 40 6a - f0 4e 24 01 00 00 00 00
(e-mail address removed)$.....
00000000016eff4c 71 a2 03 01 84 ff 6e 01 - e0 92 07 00 01 00 24 19
q.....n.......$.
00000000016eff5c 8c ff 6e 01 87 a7 03 01 - 00 00 40 6a f0 4e 24 01
(e-mail address removed)$.
00000000016eff6c 00 00 00 00 71 a2 03 01 - 84 ff 6e 01 00 00 00 00
.....q.....n.....
00000000016eff7c b0 4b 25 01 f0 4e 24 01 - 50 92 07 00 e0 92 07 00
..K%..N$.P.......
00000000016eff8c ec ff 6e 01 2d 27 22 6a - 50 92 07 00 00 00 40 6a
...n.-'"jP.....@j
00000000016eff9c f0 4e 24 01 00 00 00 00 - 47 27 22 6a b0 4b 25 01
..N$.....G'"j.K%.
00000000016effac 68 08 07 00 0a 00 00 00 - b0 4b 25 01 3b d3 e7 77
h........K%.;..w
00000000016effbc b0 4b 25 01 0a 00 00 00 - 68 08 07 00 b0 4b 25 01
..K%.....h....K%.
00000000016effcc f6 f5 ef 00 00 d0 fd 7f - c0 ff 6e 01 07 00 00 00
...........n.....

*----> State Dump for Thread Id 0x930 <----*

eax=00000001 ebx=00000000 ecx=023afdfc edx=00000000 esi=01e9c65c
edi=01e9c65c
eip=7ffe0304 esp=023afebc ebp=023afee0 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINDOWS\System32\MFC42.DLL -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
023afeb8 77d8a2a8 77d45b3a 01e9c65c 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
023afee0 73dd11a7 01e9c65c 00000000 00000000
USER32!GetMenuItemRect+0x1c
01e9c65c 00000000 00000000 00000000 0006d16c MFC42!Ordinal5307+0x13

*----> Raw Stack Dump <----*
00000000023afebc a8 a2 d8 77 3a 5b d4 77 - 5c c6 e9 01 00 00 00 00
....w:[.w\.......
00000000023afecc 00 00 00 00 00 00 00 00 - 00 00 00 00 5c c6 e9 01
.............\...
00000000023afedc 28 c6 e9 01 5c c6 e9 01 - a7 11 dd 73 5c c6 e9 01
(...\......s\...
00000000023afeec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000023afefc 28 c6 e9 01 a4 91 dd 73 - cc d4 06 00 28 c6 e9 01
(......s....(...
00000000023aff0c 80 ff 3a 02 c4 03 00 00 - 01 00 00 00 cc e7 e2 73
...:............s
00000000023aff1c 12 00 00 00 a8 47 25 00 - e0 b7 e9 01 70 ff 3a 02
......G%.....p.:.
00000000023aff2c b4 b8 e6 73 01 00 00 00 - 00 00 00 00 00 00 00 00
....s............
00000000023aff3c 00 00 00 00 01 00 00 00 - 00 00 00 00 58 d0 21 01
.............X.!.
00000000023aff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000023aff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000023aff6c 28 c6 e9 01 1c ff 3a 02 - a4 ff 3a 02 32 48 e6 73
(.....:...:.2H.s
00000000023aff7c 00 00 00 00 b4 ff 3a 02 - b8 7f c3 77 cc d4 06 00
.......:....w....
00000000023aff8c 12 00 00 00 e8 09 25 00 - e0 b7 e9 01 78 6b 4f 80
.......%.....xkO.
00000000023aff9c 8c ff 3a 02 00 00 00 00 - dc ff 3a 02 b0 3e c3 77
...:.......:..>.w
00000000023affac c8 40 c1 77 00 00 00 00 - ec ff 3a 02 3b d3 e7 77
[email protected]......:.;..w
00000000023affbc e0 b7 e9 01 12 00 00 00 - e8 09 25 00 e0 b7 e9 01
...........%.....
00000000023affcc e0 1c 52 ee 00 50 fa 7f - c0 ff 3a 02 07 00 00 00
...R..P....:.....
00000000023affdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00
......H.w.=.w....
00000000023affec 00 00 00 00 00 00 00 00 - 49 7f c3 77 e0 b7 e9 01
.........I..w....

*----> State Dump for Thread Id 0xaa4 <----*

eax=0000000f ebx=77e7ac12 ecx=00000015 edx=00000000 esi=00000c7c
edi=00000000
eip=7ffe0304 esp=0243feb8 ebp=0243ff1c iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0243feb4 77f5c534 77e7a62d 00000c7c 00000000 *SharedUserSystemCall+0xc
(FPO: [0,0,0])
0243ff1c 77e7ac21 00000c7c ffffffff 00000000
ntdll!NtWaitForSingleObject+0xc
77f5b2a0 8b000000 83042454 7500147a 42fff04f
kernel32!WaitForSingleObject+0xf
180d8b64 00000000 00000000 00000000 00000000 0x8b000000

*----> Raw Stack Dump <----*
000000000243feb8 34 c5 f5 77 2d a6 e7 77 - 7c 0c 00 00 00 00 00 00
4..w-..w|.......
000000000243fec8 00 00 00 00 e5 4d e7 77 - 00 00 00 00 12 ac e7 77
......M.w.......w
000000000243fed8 28 ee 07 00 00 00 00 00 - dc fa 43 02 ff ff ff ff
(.........C.....
000000000243fee8 00 f0 fd 7f 00 60 fd 7f - 14 00 00 00 01 00 00 00
......`..........
000000000243fef8 80 ba 24 01 00 00 00 00 - 00 00 00 00 cc fe 43 02
...$...........C.
000000000243ff08 00 00 00 00 dc ff 43 02 - 09 48 e9 77 e0 3a e8 77
.......C..H.w.:.w
000000000243ff18 00 00 00 00 a0 b2 f5 77 - 21 ac e7 77 7c 0c 00 00
........w!..w|...
000000000243ff28 ff ff ff ff 00 00 00 00 - 1a 55 dc 00 7c 0c 00 00
..........U..|...
000000000243ff38 ff ff ff ff ec ff 43 02 - 01 00 00 00 00 00 00 00
.......C.........
000000000243ff48 a4 8c 06 00 00 00 00 00 - 06 00 00 00 18 96 25 00
...............%.
000000000243ff58 01 00 00 00 64 ff 43 02 - 74 ff 43 02 00 00 00 00
.....d.C.t.C.....
000000000243ff68 ff ff ff ff b0 fa 00 00 - 7c 0c 00 00 e8 23 23 01
.........|....##.
000000000243ff78 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000243ff88 00 00 00 00 30 5f dc 00 - 6c 0c 00 00 00 00 00 00
.....0_..l.......
000000000243ff98 a4 8c 06 00 a8 44 f9 77 - 70 7d f5 77 a4 8c 06 00
......D.wp}.w....
000000000243ffa8 01 00 00 00 15 00 00 00 - 00 00 00 00 ff ff ff ff
.................
000000000243ffb8 3b d3 e7 77 05 00 00 00 - a8 44 f9 77 70 7d f5 77
;..w.....D.wp}.w
000000000243ffc8 a4 8c 06 00 e0 1c 55 ee - 00 60 fd 7f c0 ff 43 02
.......U..`....C.
000000000243ffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77
..........H.w.=.w
000000000243ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 c0 5d dc 00
..............]..

*----> State Dump for Thread Id 0xd54 <----*

eax=00000000 ebx=01eb9d70 ecx=027dffbc edx=173f0001 esi=0243ff58
edi=01eb9d74
eip=00dc524e esp=027dffa0 ebp=00000001 iopl=0 nv up ei pl zr
na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246

*** WARNING: Unable to verify checksum for C:\Program
Files\Novell\ZENworks\ZenPol32.dll
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\Program Files\Novell\ZENworks\ZenPol32.dll -
function: ZenPol32!WMGetAssociatedObject
No prior disassembly possible
00dc524e 0083f9017504 add [ebx+0x47501f9],al
00dc5254 33f6 xor esi,esi
00dc5256 eb0e jmp
ZenPol32!WMGetAssociatedObject+0x86 (00dc5266)
00dc5258 83f902 cmp ecx,0x2
00dc525b 0f85b0000000 jne
ZenPol32!WMGetAssociatedObject+0x131 (00dc5311)
00dc5261 be01000000 mov esi,0x1
00dc5266 6a00 push 0x0
00dc5268 6a00 push 0x0
00dc526a 8d8c2418010000 lea ecx,[esp+0x118]
FAULT ->00dc524e 0083f9017504 add [ebx+0x47501f9],al
ds:0023:06609f69=??
00dc5254 33f6 xor esi,esi
00dc5256 eb0e jmp
ZenPol32!WMGetAssociatedObject+0x86 (00dc5266)
00dc5258 83f902 cmp ecx,0x2
00dc525b 0f85b0000000 jne
ZenPol32!WMGetAssociatedObject+0x131 (00dc5311)
00dc5261 be01000000 mov esi,0x1
00dc5266 6a00 push 0x0
00dc5268 6a00 push 0x0
00dc526a 8d8c2418010000 lea ecx,[esp+0x118]
00dc5271 6800010000 push 0x100
00dc5276 51 push ecx

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00000001 00000000 00000000 00000000 00000000
ZenPol32!WMGetAssociatedObject+0x6e

*----> Raw Stack Dump <----*
00000000027dffa0 74 b6 f5 77 00 60 fd 7f - ec ff 7d 02 70 9d eb 01
t..w.`....}.p...
00000000027dffb0 f4 bf f5 77 00 00 00 00 - 3b d3 e7 77 01 00 3f 17
....w....;..w..?.
00000000027dffc0 74 b6 f5 77 00 60 fd 7f - 70 9d eb 01 05 00 00 c0
t..w.`..p.......
00000000027dffd0 00 70 fa 7f c0 ff 7d 02 - c8 fb 7d 02 ff ff ff ff
..p....}...}.....
00000000027dffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00
..H.w.=.w........
00000000027dfff0 00 00 00 00 10 52 dc 00 - 70 9d eb 01 00 00 00 00
......R..p.......
00000000027e0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e00b0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e00c0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000027e00d0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
 
M

Malke

Scott said:
I've seen a few related posts to this situation, but haven't found a
solution. We are an educational institution and run Windows XP
Professional with all the latest Windows Updates installed (as of
October's security release). The users all login with restricted user
access. We use Zenworks 4x to push printer drivers (mostly HP
drivers), and run Novell 6 using NDPS printing.

Some of our machines encounter the print spooler stopping w/o error
messages or warning. We can start the service again but aren't sure
what's causing it. One post suggested finding the Dr. Watson log on
an offending machine and, so as to spare the newsgroup, post the log
from the latest "application exception" occurance to the end of the
log. I've done that and will post it, (I apologize for the length),
in the hopes it may help.

Any suggestions would be appreciated!

Scott

Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=1020)
When: 7/3/2003 @ 10:02:13.423
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: GX260XPTEST
User Name: Administrator
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 1 Stepping 2
Windows Version: 5.1
Current Build: 2600
Service Pack: None
Click to expand...

(snip absolutely useless infodump)

The very first thing for you to do is to contact Novell Tech Support.
After you speak to them, if you still have questions please do post
back. Without the lengthy log, which is not useful.

Malke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Svchost.exe Errors 9
Application exception occurred 1
Explorer exception 2
What's Happening? 1
ntdll crash and allocateheap problem 0
Windows reboots very often... 1
SP2 crashes explorer.exe and iexplorer.exe 2
Help with windows XP big problem 1

Top