svchost.exe error

P

pongo

i upgraded two HP Pavilion (circa 1999, including model
6535) Win98 machines to 2000, and each one gets
the "svchost.exe has generated errors and will shut
down..." error message after being connected by dialup to
the internet for a short time. After this error, no
copy/paste, no printing, no working e-mail or links in
browser, etc. i suspect a virus/worm, but Norton hasn't
fixed this.

can anyone offer help with this?

thanks

Dr. Watson dump:
Application exception occurred:
App: svchost.exe (pid=380)
When: 2/21/2004 @ 15:17:15.562
Exception number: c0000096 (privileged instruction)

*----> System Information <----*
Computer Name: RUTHIE
User Name: SYSTEM
Number of Processors: 1
Processor Type: x86 Family 6 Model 6 Stepping 5
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: None
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Ruth Bocko

*----> Task List <----*
0 Idle.exe
8 System.exe
140 smss.exe
164 csrss.exe
160 winlogon.exe
212 services.exe
224 lsass.exe
380 svchost.exe
408 SPOOLSV.exe
436 ccEvtMgr.exe
540 cisvc.exe
556 svchost.exe
576 Navapsvc.exe
608 regsvc.exe
660 mstask.exe
688 winmgmt.exe
820 explorer.exe
900 ccApp.exe
1180 MDM.exe
448 NMain.exe
592 LUCOMS~1.exe
1212 drwtsn32.exe
1228 cmd.exe
1236 cidaemon.exe
0 _Total.exe

(01000000 - 01005000)
(77F80000 - 77FF9000)
(77DB0000 - 77E0A000)
(77E80000 - 77F36000)
(77D40000 - 77DAF000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CC000)
(78000000 - 78046000)
(77C10000 - 77C6D000)
(75030000 - 75044000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FE1000)
(75010000 - 75017000)
(77840000 - 7784C000)
(777E0000 - 777E8000)
(77950000 - 77979000)
(777F0000 - 777F5000)
(77830000 - 7783E000)
(77CC0000 - 77D40000)
(65340000 - 653D5000)
(78140000 - 7815A000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(75150000 - 7515F000)

State Dump for Thread Id 0x178

eax=00000001 ebx=00000000 ecx=00076970 edx=00000000
esi=00000000 edi=00000048
eip=77f8fb68 esp=0006fc38 ebp=0006fca8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: ZwReadFile
77f8fb5d b8a1000000 mov eax,0xa1
77f8fb62 8d542404 lea edx,
[esp+0x4] ss:00add20f=????????
77f8fb66 cd2e int 2e
77f8fb68 c22400 ret 0x24
77f8fb6b 55 push ebp
77f8fb6c 8bec mov ebp,esp
77f8fb6e 56 push esi
77f8fb6f 8b7508 mov esi,
[ebp+0x8] ss:00add27e=????????
77f8fb72 8b4608 mov eax,
[esi+0x8] ds:00a6d5d6=????????
77f8fb75 25ffff0000 and eax,0xffff
77f8fb7a 0d0000efcd or eax,0xcdef0000
77f8fb7f 894608 mov
[esi+0x8],eax ds:00a6d5d6=????????
77f8fb82
f60578e3fc7702
ds:77fce378=00
test byte ptr
[NlsAnsiCodePage+0x6aa (77fce378)],0x2
77f8fb89 0f85499c0100 jne
RtlDeleteTimerQueueEx+0xa16 (77fa97d8)
77f8fb8f 8b4610 mov eax,
[esi+0x10] ds:00a6d5d6=????????

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FCA8 77DC86D3 00000048 0006FD80 00000216 0006FCD0
ntdll!ZwReadFile
0006FCD4 77DC9431 00000048 0006FD80 00000216 0006FD0C
advapi32!SetSecurityDescriptorSacl
0006FD50 77DC9182 00000048 0006FD80 00000216 00074718
advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 00074718 00720065 00500000 77E87903
advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100
svchost!<nosymbols>

*----> Raw Stack Dump <----*
0006fc38 65 49 e8 77 48 00 00 00 - 00 00 00 00 00 00 00
00 eI.wH...........
0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00
00 ................
0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 da 48 e8
77 .............H.w
0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 30 55 07
00 ............0U..
0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 30 47 07
00 ........p...0G..
0006fc88 7c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06
00 |.......`...@...
0006fc98 40 fd 06 00 fd 13 ea 77 - 20 f3 e9 77 ff ff ff
ff @......w ..w....
0006fca8 d4 fc 06 00 d3 86 dc 77 - 48 00 00 00 80 fd 06
00 .......wH.......
0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 30 55 07
00 ............0U..
0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06
00 ............P...
0006fcd8 31 94 dc 77 48 00 00 00 - 80 fd 06 00 16 02 00
00 1..wH...........
0006fce8 0c fd 06 00 18 47 07 00 - 00 00 00 00 00 f0 fd
7f .....G..........
0006fcf8 62 97 d4 77 70 47 07 00 - 94 fd 06 00 00 00 00
00 b..wpG..........
0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
0006fd18 e0 4f 07 00 30 47 07 00 - 88 01 00 00 70 00 65
00 .O..0G......p.e.
0006fd28 32 00 00 00 01 00 00 00 - c5 95 dc 77 00 00 00
00 2..........w....
0006fd38 ec fc 06 00 70 47 07 00 - a0 ff 06 00 8b 19 db
77 ....pG.........w
0006fd48 e8 99 dc 77 ff ff ff ff - b0 ff 06 00 82 91 dc
77 ...w...........w
0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 18 47 07
00 H............G..
0006fd68 78 46 07 00 00 f0 fd 7f - 03 00 00 00 00 00 00
00 xF..............

State Dump for Thread Id 0x188

eax=761bb054 ebx=00000000 ecx=000003e8 edx=00000000
esi=77f90328 edi=0042fe84
eip=77f90333 esp=0042fe70 ebp=0042fe8c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwDelayExecution
77f90328 b832000000 mov eax,0x32
77f9032d 8d542404 lea edx,
[esp+0x4] ss:00e9d447=????????
77f90331 cd2e int 2e
77f90333 c20800 ret 0x8
77f90336 33c0 xor eax,eax
77f90338 e99ac6ffff jmp RtlCopySid+0x64
(77f8c9d7)
77f9033d 23d1 and edx,ecx
77f9033f 8a06 mov al,
[esi] ds:77f90328=b8
77f90341 8807 mov
[edi],al ds:0042fe84=30
77f90343 8a4601 mov al,
[esi+0x1] ds:789fd8fe=??
77f90346 884701 mov
[edi+0x1],al ds:00e9d45a=??
77f90349 8a4602 mov al,
[esi+0x2] ds:789fd8fe=??
77f9034c c1e902 shr ecx,0x2
77f9034f 884702 mov
[edi+0x2],al ds:00e9d45a=??
77f90352 83c603 add esi,0x3

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0042FE8C 761939B9 000120DD 00000000 000006B3 00000002
ntdll!ZwDelayExecution
0042FEB8 76191B02 00000000 00074FEC 00000000 01003000
rpcss!<nosymbols>
0042FF84 0100157B 00000001 00074FE8 00000000 00074FE0
rpcss!<nosymbols>
76191954 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000
svchost!<nosymbols>

*----> Raw Stack Dump <----*
0042fe70 ab 4b e8 77 00 00 00 00 - 84 fe 42 00 00 00 00
00 .K.w......B.....
0042fe80 dd 20 01 00 30 47 ec d3 - ff ff ff ff b8 fe 42
00 . ..0G........B.
0042fe90 b9 39 19 76 dd 20 01 00 - 00 00 00 00 b3 06 00
00 .9.v. ..........
0042fea0 02 00 00 00 00 00 00 00 - 30 04 00 00 46 33 07
00 ........0...F3..
0042feb0 46 33 07 00 1b 02 08 00 - 84 ff 42 00 02 1b 19
76 F3........B....v
0042fec0 00 00 00 00 ec 4f 07 00 - 00 00 00 00 00 30 00
01 .....O.......0..
0042fed0 d8 4e 41 80 70 3d 56 fe - 60 fc 55 fe c4 7c c8
f9 .NA.p=V.`.U..|..
0042fee0 6e da 44 80 04 00 00 00 - 88 19 56 fe eb 57 49
80 n.D.......V..WI.
0042fef0 80 f3 06 00 02 00 00 00 - ec 4f 07 00 00 00 00
00 .........O......
0042ff00 e8 46 07 00 00 00 00 00 - 01 00 00 00 19 00 02
00 .F..............
0042ff10 7c 27 50 c0 84 00 00 00 - 00 00 00 00 00 00 00
00 |'P.............
0042ff20 84 00 00 00 01 00 00 00 - 00 20 50 c0 00 59 50
ff ......... P..YP.
0042ff30 20 39 50 ff 00 00 00 00 - b0 3a 50 ff 68 32 07
00 9P......:p.h2..
0042ff40 46 02 00 00 86 d6 42 80 - 00 2f 06 80 80 3a 50
ff F.....B../...:p.
0042ff50 20 39 50 ff 70 7c c8 f9 - 01 10 f4 77 00 20 50
c0 9P.p|.....w. P.
0042ff60 00 00 00 00 d5 aa e8 77 - f6 4f 07 00 01 00 00
00 .......w.O......
0042ff70 80 00 00 00 ff ff ff ff - e8 46 07 00 f2 46 07
00 .........F...F..
0042ff80 00 00 00 00 54 19 19 76 - 7b 15 00 01 01 00 00
00 ....T..v{.......
0042ff90 e8 4f 07 00 00 00 00 00 - e0 4f 07 00 ec ff 42
00 .O.......O....B.
0042ffa0 e0 4f 07 00 00 00 00 00 - d3 95 dc 77 01 00 00
00 .O.........w....

State Dump for Thread Id 0x18c

eax=778321fe ebx=00000003 ecx=7ffdd000 edx=00000000
esi=77f87e6c edi=00000003
eip=77f87e77 esp=004efd24 ebp=004efd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,
[esp+0x4] ss:00f5d2fb=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,
[eax] ds:778321fe=8b55
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov
[ebp+0xa4],eax ss:00f5d346=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz
RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp
[eax],si ds:778321fe=8b55
77f87e8a 75ee jnz
ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov
[ebp+0xa4],eax ss:00f5d346=????????

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
004EFD70 77E9E68A 004EFD48 00000001 00000000 00000000
ntdll!ZwWaitForMultipleObjects
004EFFB4 77E92CA8 00000004 0008043C 7FFDD000 00080F58
kernel32!WaitForMultipleObjects
004EFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x190

eax=00088e68 ebx=00088e5a ecx=0052fd00 edx=00088e68
esi=000746e8 edi=0052f860
eip=0052f863 esp=0052f768 ebp=00580046 iopl=0 nv
up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000216


function: <nosymbols>
0052f84a 7ce1 jl 0053b72d
0052f84c be329409f9 mov esi,0xf9099432
0052f851 3a6bb6 cmp ch,
[ebx+0xb6] ds:00af6430=??
0052f854 d7 xlat
0052f855 9f lahf
0052f856 4d dec ebp
0052f857 8571da test
[ecx+0xda],esi ds:00f9d2d6=????????
0052f85a c681bf321dc6b3 mov byte ptr
[ecx+0xc61d32bf],0xb3 ds:c6702fbf=??
0052f861 5a pop edx
0052f862 f8 clc
FAULT ->0052f863 ec in al,dx
0052f864 bf32fcb38d mov edi,0x8db3fc32
0052f869 1cf0 sbb al,0xf0
0052f86b e8c841a6df call dff93a38
0052f870 ebcd jmp 0053bb3f
0052f872 c28836 ret 0x3688
0052f875 7490 jz 00537807
0052f877 7f89 jg 00535302
0052f879 5a pop edx
0052f87a e67e out 7e,al
0052f87c 0c24 or al,0x24
0052f87e 7cad jl 0053b72d

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00580046 FFF80000 0050FFFF 00500058 06400058 00000058
<nosymbols>
000F0058 00000000 00000000 00000000 00000000 00000000
<nosymbols>

*----> Raw Stack Dump <----*
0052f768 c0 13 00 01 e8 46 07 00 - 90 90 90 90 90 90 90
90 .....F..........
0052f778 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f788 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f798 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7a8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7b8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7c8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7d8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7e8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7f8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f808 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
eb ................
0052f818 19 5e 31 c9 81 e9 89 ff - ff ff 81 36 80 bf 32
94 .^1........6..2.
0052f828 81 ee fc ff ff ff e2 f2 - eb 05 e8 e2 ff ff ff
03 ................
0052f838 53 06 1f 74 57 75 95 80 - bf bb 92 7f 89 5a 1a
ce S..tWu.......Z..
0052f848 b1 de 7c e1 be 32 94 09 - f9 3a 6b b6 d7 9f 4d
85 ..|..2...:k...M.
0052f858 71 da c6 81 bf 32 1d c6 - b3 5a f8 ec bf 32 fc
b3 q....2...Z...2..
0052f868 8d 1c f0 e8 c8 41 a6 df - eb cd c2 88 36 74 90
7f .....A......6t..
0052f878 89 5a e6 7e 0c 24 7c ad - be 32 94 09 f9 22 6b
b6 .Z.~.$|..2..."k.
0052f888 d7 4c 4c 62 cc da 8a 81 - bf 32 1d c6 ab cd e2
84 .LLb.....2......
0052f898 d7 f9 79 7c 84 da 9a 81 - bf 32 1d c6 a7 cd e2
84 ..y|.....2......

State Dump for Thread Id 0x35c

eax=0045cda8 ebx=8024000d ecx=0045d388 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00a1fe28 ebp=00a1ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:0148d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A1FF74 77D4B407 77D4B7BF 00079368 7619567E 76195670
ntdll!ZwReplyWaitReceivePortEx
00A1FFA8 77D4B771 00090C88 00A1FFEC 77E92CA8 00091748
rpcrt4!RpcBindingSetOption
00A1FFB4 77E92CA8 00091748 7619567E 76195670 00091748
rpcrt4!RpcBindingSetOption
00A1FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x364

eax=0000003d ebx=8024000d ecx=0045e438 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00a5fe28 ebp=00a5ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:014cd3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A5FF74 77D4B407 77D4B7BF 00079368 00000000 00000006
ntdll!ZwReplyWaitReceivePortEx
00A5FFA8 77D4B771 0009B8C8 00A5FFEC 77E92CA8 0009B1F0
rpcrt4!RpcBindingSetOption
00A5FFB4 77E92CA8 0009B1F0 00000000 00000006 0009B1F0
rpcrt4!RpcBindingSetOption
00A5FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x340

eax=0045ffd8 ebx=8024000d ecx=00452e78 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00a9fe28 ebp=00a9ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000206


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:0150d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A9FF74 77D4B407 77D4B7BF 00079368 00000000 00000006
ntdll!ZwReplyWaitReceivePortEx
00A9FFA8 77D4B771 00095F90 00A9FFEC 77E92CA8 00091190
rpcrt4!RpcBindingSetOption
00A9FFB4 77E92CA8 00091190 00000000 00000006 00091190
rpcrt4!RpcBindingSetOption
00A9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x13c

eax=00ad0001 ebx=8024000d ecx=00079368 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00adfe28 ebp=00adff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:0154d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00ADFF74 77D4B407 77D4B7BF 00079368 00091D40 77D457AA
ntdll!ZwReplyWaitReceivePortEx
00ADFFA8 77D4B771 000A1E70 00ADFFEC 77E92CA8 00099398
rpcrt4!RpcBindingSetOption
00ADFFB4 77E92CA8 00099398 00091D40 77D457AA 00099398
rpcrt4!RpcBindingSetOption
00ADFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x430

eax=0008006e ebx=000b17a0 ecx=000a1d70 edx=00000000
esi=00000000 edi=00087ec0
eip=77f8aab5 esp=00b1f9a8 ebp=00b1f9d0 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: NtRequestWaitReplyPort
77f8aaaa b8b0000000 mov eax,0xb0
77f8aaaf 8d542404 lea edx,
[esp+0x4] ss:0158cf7f=????????
77f8aab3 cd2e int 2e
77f8aab5 c20c00 ret 0xc

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00B1F9D0 77D4565A 00B1FBD0 00B1FDC8 77D45689 00B1FBD0
ntdll!NtRequestWaitReplyPort
00B1F9DC 77D45689 00B1FBD0 000B190C 00B1FE90 761A35C2
rpcrt4!I_RpcSendReceive
00B1FDC8 761A34AB 761A3528 761A3582 00B1FDE0 761A3365
rpcrt4!NdrSendReceive
00B1FE44 7619755D 00000013 00B1FE90 00000000 00000384
rpcss!<nosymbols>
00B1FE70 761A2DBD 00000013 00B1FE90 00B1FF8C 0042FB50
rpcss!<nosymbols>
00B1FFB4 77E92CA8 00000000 0042FB50 77D4E7D7 00000000
rpcss!<nosymbols>
00B1FFEC 00000000 761A2CB9 00000000 00000000 00000008
kernel32!CreateFileA

*----> Raw Stack Dump <----*
00b1f9a8 e1 70 d4 77 a4 03 00 00 - 90 7e 08 00 90 7e 08
00 .p.w.....~...~..
00b1f9b8 1c fc b1 00 d0 fb b1 00 - c8 00 00 00 1c fc b1
00 ................
00b1f9c8 00 00 00 00 00 00 00 00 - dc f9 b1 00 5a 56 d4
77 ............ZV.w
00b1f9d8 d0 fb b1 00 c8 fd b1 00 - 89 56 d4 77 d0 fb b1
00 .........V.w....
00b1f9e8 0c 19 0b 00 90 fe b1 00 - c2 35 1a 76 ee 1e da
77 .........5.v...w
00b1f9f8 1c fc b1 00 a8 19 0b 00 - 00 fa b1 00 00 fa b1
00 ................
00b1fa08 17 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa28 00 00 00 00 00 00 00 00 - 60 fc b1 00 33 c4 e8
77 ........`...3..w
00b1fa38 00 00 e8 77 02 00 00 00 - 00 00 00 00 00 f0 fd
7f ...w............
00b1fa48 74 fc b1 00 d8 c3 e8 77 - 00 00 00 00 00 00 00
00 t......w........
00b1fa58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa88 00 00 00 00 00 00 00 00 - c4 fa b1 00 03 00 00
00 ................
00b1fa98 d3 43 f9 77 18 07 07 00 - d4 fa b1 00 1c 00 00
00 .C.w............
00b1faa8 d3 43 f9 77 c8 0b 07 00 - 00 00 07 00 1c 00 00
00 .C.w............
00b1fab8 c0 0a 0a 00 ac fa b1 00 - 00 02 00 00 64 fc b1
00 ............d...
00b1fac8 db 80 fb 77 18 44 f9 77 - ff ff ff ff 74 fc b1
00 ...w.D.w....t...
00b1fad8 16 98 fc 77 c8 0b 07 00 - dc 9c d4 77 20 88 08
00 ...w.......w ...

State Dump for Thread Id 0x4c0

eax=00c9fed4 ebx=000493e0 ecx=00075240 edx=00000000
esi=00075038 edi=000493e0
eip=77f8b520 esp=00c9febc ebp=00c9fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297


function: ZwRemoveIoCompletion
77f8b515 b8a8000000 mov eax,0xa8
77f8b51a 8d542404 lea edx,
[esp+0x4] ss:0170d493=????????
77f8b51e cd2e int 2e
77f8b520 c21400 ret 0x14
77f8b523 8b4124 mov eax,
[ecx+0x24] ds:00ae2816=????????
77f8b526 39420c cmp
[edx+0xc],eax ds:00a6d5d6=????????
77f8b529 0f85bc370000 jne
RtlAddAccessAllowedAce+0x1c (77f8eceb)
77f8b52f ff4208 inc dword ptr
[edx+0x8] ds:00a6d5d6=????????
77f8b532 33c0 xor eax,eax
77f8b534 c20400 ret 0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C9FEE4 77D5C3A7 00000058 00C9FF1C 00C9FF0C 00C9FF14
ntdll!ZwRemoveIoCompletion
00C9FF20 77D5BB26 000493E0 00C9FF60 00C9FF5C 00C9FF70
rpcrt4!NdrServerMarshall
00C9FF74 77D5BA15 77D4B7BF 00075038 77FC9A67 00079F60
rpcrt4!I_RpcBCacheAllocate
00C9FFA8 77D4B771 0009A1C8 00C9FFEC 77E92CA8 000A1810
rpcrt4!I_RpcBCacheAllocate
00C9FFB4 77E92CA8 000A1810 77FC9A67 00079F60 000A1810
rpcrt4!RpcBindingSetOption
00C9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA
 
C

Charles Huo

I had this similar one before, then I went to Microsoft
web page, and checked all win update issues, since I
updated all critical ones, non of these error happened
Charles Huo

-----Original Message-----
i upgraded two HP Pavilion (circa 1999, including model
6535) Win98 machines to 2000, and each one gets
the "svchost.exe has generated errors and will shut
down..." error message after being connected by dialup to
the internet for a short time. After this error, no
copy/paste, no printing, no working e-mail or links in
browser, etc. i suspect a virus/worm, but Norton hasn't
fixed this.

can anyone offer help with this?

thanks

Dr. Watson dump:
Application exception occurred:
App: svchost.exe (pid=380)
When: 2/21/2004 @ 15:17:15.562
Exception number: c0000096 (privileged instruction)

*----> System Information <----*
Computer Name: RUTHIE
User Name: SYSTEM
Number of Processors: 1
Processor Type: x86 Family 6 Model 6 Stepping 5
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: None
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner: Ruth Bocko

*----> Task List <----*
0 Idle.exe
8 System.exe
140 smss.exe
164 csrss.exe
160 winlogon.exe
212 services.exe
224 lsass.exe
380 svchost.exe
408 SPOOLSV.exe
436 ccEvtMgr.exe
540 cisvc.exe
556 svchost.exe
576 Navapsvc.exe
608 regsvc.exe
660 mstask.exe
688 winmgmt.exe
820 explorer.exe
900 ccApp.exe
1180 MDM.exe
448 NMain.exe
592 LUCOMS~1.exe
1212 drwtsn32.exe
1228 cmd.exe
1236 cidaemon.exe
0 _Total.exe

(01000000 - 01005000)
(77F80000 - 77FF9000)
(77DB0000 - 77E0A000)
(77E80000 - 77F36000)
(77D40000 - 77DAF000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CC000)
(78000000 - 78046000)
(77C10000 - 77C6D000)
(75030000 - 75044000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FE1000)
(75010000 - 75017000)
(77840000 - 7784C000)
(777E0000 - 777E8000)
(77950000 - 77979000)
(777F0000 - 777F5000)
(77830000 - 7783E000)
(77CC0000 - 77D40000)
(65340000 - 653D5000)
(78140000 - 7815A000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(75150000 - 7515F000)

State Dump for Thread Id 0x178

eax=00000001 ebx=00000000 ecx=00076970 edx=00000000
esi=00000000 edi=00000048
eip=77f8fb68 esp=0006fc38 ebp=0006fca8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: ZwReadFile
77f8fb5d b8a1000000 mov eax,0xa1
77f8fb62 8d542404 lea edx,
[esp+0x4] ss:00add20f=????????
77f8fb66 cd2e int 2e
77f8fb68 c22400 ret 0x24
77f8fb6b 55 push ebp
77f8fb6c 8bec mov ebp,esp
77f8fb6e 56 push esi
77f8fb6f 8b7508 mov esi,
[ebp+0x8] ss:00add27e=????????
77f8fb72 8b4608 mov eax,
[esi+0x8] ds:00a6d5d6=????????
77f8fb75 25ffff0000 and eax,0xffff
77f8fb7a 0d0000efcd or eax,0xcdef0000
77f8fb7f 894608 mov
[esi+0x8],eax ds:00a6d5d6=????????
77f8fb82
f60578e3fc7702
ds:77fce378=00
test byte ptr
[NlsAnsiCodePage+0x6aa (77fce378)],0x2
77f8fb89 0f85499c0100 jne
RtlDeleteTimerQueueEx+0xa16 (77fa97d8)
77f8fb8f 8b4610 mov eax,
[esi+0x10] ds:00a6d5d6=????????

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FCA8 77DC86D3 00000048 0006FD80 00000216 0006FCD0
ntdll!ZwReadFile
0006FCD4 77DC9431 00000048 0006FD80 00000216 0006FD0C
advapi32!SetSecurityDescriptorSacl
0006FD50 77DC9182 00000048 0006FD80 00000216 00074718
advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 00074718 00720065 00500000 77E87903
advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100
svchost!<nosymbols>

*----> Raw Stack Dump <----*
0006fc38 65 49 e8 77 48 00 00 00 - 00 00 00 00 00 00 00
00 eI.wH...........
0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00
00 ................
0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 da 48 e8
77 .............H.w
0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 30 55 07
00 ............0U..
0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 30 47 07
00 ........p...0G..
0006fc88 7c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06
00 |.......`...@...
0006fc98 40 fd 06 00 fd 13 ea 77 - 20 f3 e9 77 ff ff ff
ff @......w ..w....
0006fca8 d4 fc 06 00 d3 86 dc 77 - 48 00 00 00 80 fd 06
00 .......wH.......
0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 30 55 07
00 ............0U..
0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06
00 ............P...
0006fcd8 31 94 dc 77 48 00 00 00 - 80 fd 06 00 16 02 00
00 1..wH...........
0006fce8 0c fd 06 00 18 47 07 00 - 00 00 00 00 00 f0 fd
7f .....G..........
0006fcf8 62 97 d4 77 70 47 07 00 - 94 fd 06 00 00 00 00
00 b..wpG..........
0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
0006fd18 e0 4f 07 00 30 47 07 00 - 88 01 00 00 70 00 65
00 .O..0G......p.e.
0006fd28 32 00 00 00 01 00 00 00 - c5 95 dc 77 00 00 00
00 2..........w....
0006fd38 ec fc 06 00 70 47 07 00 - a0 ff 06 00 8b 19 db
77 ....pG.........w
0006fd48 e8 99 dc 77 ff ff ff ff - b0 ff 06 00 82 91 dc
77 ...w...........w
0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 18 47 07
00 H............G..
0006fd68 78 46 07 00 00 f0 fd 7f - 03 00 00 00 00 00 00
00 xF..............

State Dump for Thread Id 0x188

eax=761bb054 ebx=00000000 ecx=000003e8 edx=00000000
esi=77f90328 edi=0042fe84
eip=77f90333 esp=0042fe70 ebp=0042fe8c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwDelayExecution
77f90328 b832000000 mov eax,0x32
77f9032d 8d542404 lea edx,
[esp+0x4] ss:00e9d447=????????
77f90331 cd2e int 2e
77f90333 c20800 ret 0x8
77f90336 33c0 xor eax,eax
77f90338 e99ac6ffff jmp RtlCopySid+0x64
(77f8c9d7)
77f9033d 23d1 and edx,ecx
77f9033f 8a06 mov al,
[esi] ds:77f90328=b8
77f90341 8807 mov
[edi],al ds:0042fe84=30
77f90343 8a4601 mov al,
[esi+0x1] ds:789fd8fe=??
77f90346 884701 mov
[edi+0x1],al ds:00e9d45a=??
77f90349 8a4602 mov al,
[esi+0x2] ds:789fd8fe=??
77f9034c c1e902 shr ecx,0x2
77f9034f 884702 mov
[edi+0x2],al ds:00e9d45a=??
77f90352 83c603 add esi,0x3

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0042FE8C 761939B9 000120DD 00000000 000006B3 00000002
ntdll!ZwDelayExecution
0042FEB8 76191B02 00000000 00074FEC 00000000 01003000
rpcss!<nosymbols>
0042FF84 0100157B 00000001 00074FE8 00000000 00074FE0
rpcss!<nosymbols>
76191954 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000
svchost!<nosymbols>

*----> Raw Stack Dump <----*
0042fe70 ab 4b e8 77 00 00 00 00 - 84 fe 42 00 00 00 00
00 .K.w......B.....
0042fe80 dd 20 01 00 30 47 ec d3 - ff ff ff ff b8 fe 42
00 . ..0G........B.
0042fe90 b9 39 19 76 dd 20 01 00 - 00 00 00 00 b3 06 00
00 .9.v. ..........
0042fea0 02 00 00 00 00 00 00 00 - 30 04 00 00 46 33 07
00 ........0...F3..
0042feb0 46 33 07 00 1b 02 08 00 - 84 ff 42 00 02 1b 19
76 F3........B....v
0042fec0 00 00 00 00 ec 4f 07 00 - 00 00 00 00 00 30 00
01 .....O.......0..
0042fed0 d8 4e 41 80 70 3d 56 fe - 60 fc 55 fe c4 7c c8
f9 .NA.p=V.`.U..|..
0042fee0 6e da 44 80 04 00 00 00 - 88 19 56 fe eb 57 49
80 n.D.......V..WI.
0042fef0 80 f3 06 00 02 00 00 00 - ec 4f 07 00 00 00 00
00 .........O......
0042ff00 e8 46 07 00 00 00 00 00 - 01 00 00 00 19 00 02
00 .F..............
0042ff10 7c 27 50 c0 84 00 00 00 - 00 00 00 00 00 00 00
00 |'P.............
0042ff20 84 00 00 00 01 00 00 00 - 00 20 50 c0 00 59 50
ff ......... P..YP.
0042ff30 20 39 50 ff 00 00 00 00 - b0 3a 50 ff 68 32 07
00 9P......:p.h2..
0042ff40 46 02 00 00 86 d6 42 80 - 00 2f 06 80 80 3a 50
ff F.....B../...:p.
0042ff50 20 39 50 ff 70 7c c8 f9 - 01 10 f4 77 00 20 50
c0 9P.p|.....w. P.
0042ff60 00 00 00 00 d5 aa e8 77 - f6 4f 07 00 01 00 00
00 .......w.O......
0042ff70 80 00 00 00 ff ff ff ff - e8 46 07 00 f2 46 07
00 .........F...F..
0042ff80 00 00 00 00 54 19 19 76 - 7b 15 00 01 01 00 00
00 ....T..v{.......
0042ff90 e8 4f 07 00 00 00 00 00 - e0 4f 07 00 ec ff 42
00 .O.......O....B.
0042ffa0 e0 4f 07 00 00 00 00 00 - d3 95 dc 77 01 00 00
00 .O.........w....

State Dump for Thread Id 0x18c

eax=778321fe ebx=00000003 ecx=7ffdd000 edx=00000000
esi=77f87e6c edi=00000003
eip=77f87e77 esp=004efd24 ebp=004efd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,
[esp+0x4] ss:00f5d2fb=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,
[eax] ds:778321fe=8b55
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov
[ebp+0xa4],eax ss:00f5d346=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz
RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp
[eax],si ds:778321fe=8b55
77f87e8a 75ee jnz
ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov
[ebp+0xa4],eax ss:00f5d346=????????

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
004EFD70 77E9E68A 004EFD48 00000001 00000000 00000000
ntdll!ZwWaitForMultipleObjects
004EFFB4 77E92CA8 00000004 0008043C 7FFDD000 00080F58
kernel32!WaitForMultipleObjects
004EFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x190

eax=00088e68 ebx=00088e5a ecx=0052fd00 edx=00088e68
esi=000746e8 edi=0052f860
eip=0052f863 esp=0052f768 ebp=00580046 iopl=0 nv
up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000216


function: <nosymbols>
0052f84a 7ce1 jl 0053b72d
0052f84c be329409f9 mov esi,0xf9099432
0052f851 3a6bb6 cmp ch,
[ebx+0xb6] ds:00af6430=??
0052f854 d7 xlat
0052f855 9f lahf
0052f856 4d dec ebp
0052f857 8571da test
[ecx+0xda],esi ds:00f9d2d6=????????
0052f85a c681bf321dc6b3 mov byte ptr
[ecx+0xc61d32bf],0xb3 ds:c6702fbf=??
0052f861 5a pop edx
0052f862 f8 clc
FAULT ->0052f863 ec in al,dx
0052f864 bf32fcb38d mov edi,0x8db3fc32
0052f869 1cf0 sbb al,0xf0
0052f86b e8c841a6df call dff93a38
0052f870 ebcd jmp 0053bb3f
0052f872 c28836 ret 0x3688
0052f875 7490 jz 00537807
0052f877 7f89 jg 00535302
0052f879 5a pop edx
0052f87a e67e out 7e,al
0052f87c 0c24 or al,0x24
0052f87e 7cad jl 0053b72d

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00580046 FFF80000 0050FFFF 00500058 06400058 00000058
<nosymbols>
000F0058 00000000 00000000 00000000 00000000 00000000
<nosymbols>

*----> Raw Stack Dump <----*
0052f768 c0 13 00 01 e8 46 07 00 - 90 90 90 90 90 90 90
90 .....F..........
0052f778 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f788 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f798 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7a8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7b8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7c8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7d8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7e8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f7f8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0052f808 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
eb ................
0052f818 19 5e 31 c9 81 e9 89 ff - ff ff 81 36 80 bf 32
94 .^1........6..2.
0052f828 81 ee fc ff ff ff e2 f2 - eb 05 e8 e2 ff ff ff
03 ................
0052f838 53 06 1f 74 57 75 95 80 - bf bb 92 7f 89 5a 1a
ce S..tWu.......Z..
0052f848 b1 de 7c e1 be 32 94 09 - f9 3a 6b b6 d7 9f 4d
85 ..|..2...:k...M.
0052f858 71 da c6 81 bf 32 1d c6 - b3 5a f8 ec bf 32 fc
b3 q....2...Z...2..
0052f868 8d 1c f0 e8 c8 41 a6 df - eb cd c2 88 36 74 90
7f .....A......6t..
0052f878 89 5a e6 7e 0c 24 7c ad - be 32 94 09 f9 22 6b
b6 .Z.~.$|..2..."k.
0052f888 d7 4c 4c 62 cc da 8a 81 - bf 32 1d c6 ab cd e2
84 .LLb.....2......
0052f898 d7 f9 79 7c 84 da 9a 81 - bf 32 1d c6 a7 cd e2
84 ..y|.....2......

State Dump for Thread Id 0x35c

eax=0045cda8 ebx=8024000d ecx=0045d388 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00a1fe28 ebp=00a1ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:0148d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A1FF74 77D4B407 77D4B7BF 00079368 7619567E 76195670
ntdll!ZwReplyWaitReceivePortEx
00A1FFA8 77D4B771 00090C88 00A1FFEC 77E92CA8 00091748
rpcrt4!RpcBindingSetOption
00A1FFB4 77E92CA8 00091748 7619567E 76195670 00091748
rpcrt4!RpcBindingSetOption
00A1FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x364

eax=0000003d ebx=8024000d ecx=0045e438 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00a5fe28 ebp=00a5ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:014cd3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A5FF74 77D4B407 77D4B7BF 00079368 00000000 00000006
ntdll!ZwReplyWaitReceivePortEx
00A5FFA8 77D4B771 0009B8C8 00A5FFEC 77E92CA8 0009B1F0
rpcrt4!RpcBindingSetOption
00A5FFB4 77E92CA8 0009B1F0 00000000 00000006 0009B1F0
rpcrt4!RpcBindingSetOption
00A5FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x340

eax=0045ffd8 ebx=8024000d ecx=00452e78 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00a9fe28 ebp=00a9ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000206


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:0150d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A9FF74 77D4B407 77D4B7BF 00079368 00000000 00000006
ntdll!ZwReplyWaitReceivePortEx
00A9FFA8 77D4B771 00095F90 00A9FFEC 77E92CA8 00091190
rpcrt4!RpcBindingSetOption
00A9FFB4 77E92CA8 00091190 00000000 00000006 00091190
rpcrt4!RpcBindingSetOption
00A9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x13c

eax=00ad0001 ebx=8024000d ecx=00079368 edx=00000000
esi=00079368 edi=000882c8
eip=77f82eec esp=00adfe28 ebp=00adff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,
[esp+0x4] ss:0154d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00ADFF74 77D4B407 77D4B7BF 00079368 00091D40 77D457AA
ntdll!ZwReplyWaitReceivePortEx
00ADFFA8 77D4B771 000A1E70 00ADFFEC 77E92CA8 00099398
rpcrt4!RpcBindingSetOption
00ADFFB4 77E92CA8 00099398 00091D40 77D457AA 00099398
rpcrt4!RpcBindingSetOption
00ADFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA

State Dump for Thread Id 0x430

eax=0008006e ebx=000b17a0 ecx=000a1d70 edx=00000000
esi=00000000 edi=00087ec0
eip=77f8aab5 esp=00b1f9a8 ebp=00b1f9d0 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: NtRequestWaitReplyPort
77f8aaaa b8b0000000 mov eax,0xb0
77f8aaaf 8d542404 lea edx,
[esp+0x4] ss:0158cf7f=????????
77f8aab3 cd2e int 2e
77f8aab5 c20c00 ret 0xc

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00B1F9D0 77D4565A 00B1FBD0 00B1FDC8 77D45689 00B1FBD0
ntdll!NtRequestWaitReplyPort
00B1F9DC 77D45689 00B1FBD0 000B190C 00B1FE90 761A35C2
rpcrt4!I_RpcSendReceive
00B1FDC8 761A34AB 761A3528 761A3582 00B1FDE0 761A3365
rpcrt4!NdrSendReceive
00B1FE44 7619755D 00000013 00B1FE90 00000000 00000384
rpcss!<nosymbols>
00B1FE70 761A2DBD 00000013 00B1FE90 00B1FF8C 0042FB50
rpcss!<nosymbols>
00B1FFB4 77E92CA8 00000000 0042FB50 77D4E7D7 00000000
rpcss!<nosymbols>
00B1FFEC 00000000 761A2CB9 00000000 00000000 00000008
kernel32!CreateFileA

*----> Raw Stack Dump <----*
00b1f9a8 e1 70 d4 77 a4 03 00 00 - 90 7e 08 00 90 7e 08
00 .p.w.....~...~..
00b1f9b8 1c fc b1 00 d0 fb b1 00 - c8 00 00 00 1c fc b1
00 ................
00b1f9c8 00 00 00 00 00 00 00 00 - dc f9 b1 00 5a 56 d4
77 ............ZV.w
00b1f9d8 d0 fb b1 00 c8 fd b1 00 - 89 56 d4 77 d0 fb b1
00 .........V.w....
00b1f9e8 0c 19 0b 00 90 fe b1 00 - c2 35 1a 76 ee 1e da
77 .........5.v...w
00b1f9f8 1c fc b1 00 a8 19 0b 00 - 00 fa b1 00 00 fa b1
00 ................
00b1fa08 17 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa28 00 00 00 00 00 00 00 00 - 60 fc b1 00 33 c4 e8
77 ........`...3..w
00b1fa38 00 00 e8 77 02 00 00 00 - 00 00 00 00 00 f0 fd
7f ...w............
00b1fa48 74 fc b1 00 d8 c3 e8 77 - 00 00 00 00 00 00 00
00 t......w........
00b1fa58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00b1fa88 00 00 00 00 00 00 00 00 - c4 fa b1 00 03 00 00
00 ................
00b1fa98 d3 43 f9 77 18 07 07 00 - d4 fa b1 00 1c 00 00
00 .C.w............
00b1faa8 d3 43 f9 77 c8 0b 07 00 - 00 00 07 00 1c 00 00
00 .C.w............
00b1fab8 c0 0a 0a 00 ac fa b1 00 - 00 02 00 00 64 fc b1
00 ............d...
00b1fac8 db 80 fb 77 18 44 f9 77 - ff ff ff ff 74 fc b1
00 ...w.D.w....t...
00b1fad8 16 98 fc 77 c8 0b 07 00 - dc 9c d4 77 20 88 08
00 ...w.......w ...

State Dump for Thread Id 0x4c0

eax=00c9fed4 ebx=000493e0 ecx=00075240 edx=00000000
esi=00075038 edi=000493e0
eip=77f8b520 esp=00c9febc ebp=00c9fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297


function: ZwRemoveIoCompletion
77f8b515 b8a8000000 mov eax,0xa8
77f8b51a 8d542404 lea edx,
[esp+0x4] ss:0170d493=????????
77f8b51e cd2e int 2e
77f8b520 c21400 ret 0x14
77f8b523 8b4124 mov eax,
[ecx+0x24] ds:00ae2816=????????
77f8b526 39420c cmp
[edx+0xc],eax ds:00a6d5d6=????????
77f8b529 0f85bc370000 jne
RtlAddAccessAllowedAce+0x1c (77f8eceb)
77f8b52f ff4208 inc dword ptr
[edx+0x8] ds:00a6d5d6=????????
77f8b532 33c0 xor eax,eax
77f8b534 c20400 ret 0x4

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C9FEE4 77D5C3A7 00000058 00C9FF1C 00C9FF0C 00C9FF14
ntdll!ZwRemoveIoCompletion
00C9FF20 77D5BB26 000493E0 00C9FF60 00C9FF5C 00C9FF70
rpcrt4!NdrServerMarshall
00C9FF74 77D5BA15 77D4B7BF 00075038 77FC9A67 00079F60
rpcrt4!I_RpcBCacheAllocate
00C9FFA8 77D4B771 0009A1C8 00C9FFEC 77E92CA8 000A1810
rpcrt4!I_RpcBCacheAllocate
00C9FFB4 77E92CA8 000A1810 77FC9A67 00079F60 000A1810
rpcrt4!RpcBindingSetOption
00C9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!CreateFileA
.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Application Exception occurred in Explorer.exe 1
WinMgmt drwatson program error 1
Exception number: c0000005 (access violation) explorer keeps crashing 0
Termsrv.exe and ICAAPI.dll 0
Dr. Watson error 0
IE crashes when I open windows media player 2
Dr.Watson entry - what does it mean? 1
DR WATSON 32 ERROR HELP ME!!! 1

Top