1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ah, tons of problems.

Discussion in 'Virus & Other Malware Removal' started by Harmon5, Jan 25, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Harmon5

    Harmon5 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    58
    My audio was acting kind of weird, the wave volume control would randomly mute itself, for no apparent reason.
    After exhausting all ideas I resorted to the only idea I had left, viruses or malware.
    I run kaspersky, and it comes up with all sorts of trojans, rootkits, etc. so I deleted them.
    Now, I'm getting an application error from drwtsn32.exe: "The application failed to initialize properly (0x0000142) Click on OK to terminate the application." But, if I do this windows restarts, and the same error comes up.
    After a bit of this, windows decided it wouldn't start at all unless I went back in safe mode and restored ALL of what I originally deleted w/kaspersky.
    Even now, it'll randomly restart with no warning of any sort. (Thank god firefox can restore text when it closes unexpectedly, I'd have had to redo this entire post a few times now if it didn't.)

    I'd post the error report from Dr.Watson, but it's too large for this...


    Here's my HiJackThis log before restoring all of the deleted file:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:12:50 AM, on 1/25/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\drwtsn32.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Microsoft IntelliType Pro\itype.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\WINDOWS\Mixer.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\AIM6\aim6.exe
    D:\Documents and Settings\Thomas Horton\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    C:\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    D:\WINDOWS\System32\cisvc.exe
    D:\WINDOWS\system32\LxrSII1s.exe
    D:\WINDOWS\System32\perfs.exe
    D:\WINDOWS\System32\HPZipm12.exe
    D:\Program Files\AIM6\aolsoftware.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\WINDOWS\System32\routing.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Viewpoint\Common\ViewpointService.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\iPod\bin\iPodService.exe
    D:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F3 - REG:win.ini: run=
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "D:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [LxrAutorun] D:\Documents and Settings\Thomas Horton\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: office.lnk = D:\WINDOWS\system\sslxpes080112.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - D:\WINDOWS\SYSTEM32\LxrSII1s.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - D:\WINDOWS\System32\perfs.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - D:\WINDOWS\System32\routing.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5627 bytes


    And here's the HJT log after restoring the deleted files:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:53:14 AM, on 1/25/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Microsoft IntelliType Pro\itype.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\WINDOWS\Mixer.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\AIM6\aim6.exe
    D:\Documents and Settings\Thomas Horton\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    C:\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    D:\WINDOWS\System32\cisvc.exe
    D:\WINDOWS\system32\LxrSII1s.exe
    D:\WINDOWS\System32\perfs.exe
    D:\WINDOWS\System32\HPZipm12.exe
    D:\WINDOWS\System32\routing.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\AIM6\aolsoftware.exe
    D:\Program Files\Viewpoint\Common\ViewpointService.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\WINDOWS\System32\wuauclt.exe
    D:\WINDOWS\System32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F3 - REG:win.ini: run=
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "D:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [LxrAutorun] D:\Documents and Settings\Thomas Horton\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: office.lnk = D:\WINDOWS\system\sslxpes080112.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - D:\WINDOWS\SYSTEM32\LxrSII1s.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - D:\WINDOWS\System32\perfs.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - D:\WINDOWS\System32\routing.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5593 bytes


    Hopefully not too much info, and hopefully none is irrelevant.
    Any help on this matter would be appreciated to a point where words can't explain.
     
  2. Harmon5

    Harmon5 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    58
    Dr. Watson's error log:
    Application exception occurred:
    App: \??\D:\WINDOWS\system32\winlogon.exe (pid=572)
    When: 1/13/2008 @ 11:13:21.910
    Exception number: c0000005 (access violation)

    *----> System Information <----*
    Computer Name: DOWNSTAIRS
    User Name: SYSTEM
    Terminal Session Id: 0
    Number of Processors: 1
    Processor Type: x86 Family 6 Model 10 Stepping 0
    Windows Version: 5.1
    Current Build: 2600
    Service Pack: None
    Current Type: Uniprocessor Free
    Registered Organization:
    Registered Owner: Patrick Horton

    *----> Task List <----*
    0 System Process
    4 System
    492 smss.exe
    548 csrss.exe
    572 winlogon.exe
    636 services.exe
    648 lsass.exe
    832 svchost.exe
    884 svchost.exe
    1012 svchost.exe
    1068 svchost.exe
    1164 spoolsv.exe
    1408 Explorer.EXE
    1500 iTunesHelper.exe
    1516 Mixer.exe
    1608 HPWuSchd2.exe
    1620 msmsgs.exe
    1640 hpqtra08.exe
    1800 perfs.exe
    1812 HPZipm12.exe
    1836 routing.exe
    1872 svchost.exe
    1908 ViewpointService.exe
    284 hprblog.exe
    540 iPodService.exe
    1532 IEXPLORE.EXE
    4076 svchosts.exe
    2524 IEXPLORE.EXE
    2912 csrss.exe
    4040 winlogon.exe
    3964 Explorer.EXE
    2924 svchosts.exe
    3668 iTunesHelper.exe
    3848 Mixer.exe
    3172 HPWuSchd2.exe
    1352 msmsgs.exe
    412 aim6.exe
    3700 hpqtra08.exe
    3544 aolsoftware.exe
    1668 hprblog.exe
    2084 iTunes.exe
    1220 HPWUCli.exe
    2508 firefox.exe
    3500 drwtsn32.exe
     
  3. Harmon5

    Harmon5 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    58
    *----> Module List <----*
    (0000000000720000 - 000000000075b000: D:\WINDOWS\system32\msip32.dll
    (0000000001000000 - 000000000106e000: \??\D:\WINDOWS\system32\winlogon.exe
    (000000000ffd0000 - 000000000fff2000: D:\WINDOWS\System32\rsaenh.dll
    (0000000010000000 - 0000000010008000: D:\WINDOWS\system32\FaxMessage.dll
    (000000001f7b0000 - 000000001f7e1000: D:\WINDOWS\system32\ODBC32.dll
    (000000001f850000 - 000000001f866000: D:\WINDOWS\system32\odbcint.dll
    (000000005ad70000 - 000000005ada4000: D:\WINDOWS\system32\uxtheme.dll
    (0000000071950000 - 0000000071a34000: D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    (0000000071a50000 - 0000000071a8b000: D:\WINDOWS\system32\mswsock.dll
    (0000000071a90000 - 0000000071a98000: D:\WINDOWS\System32\wshtcpip.dll
    (0000000071aa0000 - 0000000071aa8000: D:\WINDOWS\system32\WS2HELP.dll
    (0000000071ab0000 - 0000000071ac5000: D:\WINDOWS\system32\WS2_32.dll
    (0000000071ad0000 - 0000000071ad8000: D:\WINDOWS\system32\wsock32.dll
    (0000000071b20000 - 0000000071b31000: D:\WINDOWS\system32\MPR.dll
    (0000000071bf0000 - 0000000071c01000: D:\WINDOWS\system32\SAMLIB.dll
    (0000000071c20000 - 0000000071c6f000: D:\WINDOWS\system32\NETAPI32.dll
    (00000000722b0000 - 00000000722b5000: D:\WINDOWS\system32\sensapi.dll
    (00000000723d0000 - 00000000723ea000: D:\WINDOWS\system32\WINSCARD.DLL
    (0000000072d10000 - 0000000072d18000: D:\WINDOWS\system32\msacm32.drv
    (0000000072d20000 - 0000000072d29000: D:\WINDOWS\system32\wdmaud.drv
    (0000000073000000 - 0000000073023000: D:\WINDOWS\system32\WINSPOOL.DRV
    (0000000074ed0000 - 0000000074edf000: D:\WINDOWS\System32\wbem\wbemsvc.dll
    (0000000074ef0000 - 0000000074efa000: D:\WINDOWS\System32\wbem\wbemprox.dll
    (0000000075290000 - 00000000752c8000: D:\WINDOWS\System32\wbem\wbemcomn.dll
    (0000000075690000 - 0000000075722000: D:\WINDOWS\System32\wbem\fastprox.dll
    (0000000075930000 - 000000007593a000: D:\WINDOWS\system32\PROFMAP.dll
    (0000000075940000 - 0000000075947000: D:\WINDOWS\system32\NDdeApi.dll
    (0000000075950000 - 0000000075969000: D:\WINDOWS\system32\WlNotify.dll
    (0000000075970000 - 0000000075a61000: D:\WINDOWS\system32\MSGINA.dll
    (0000000075a70000 - 0000000075b13000: D:\WINDOWS\system32\USERENV.dll
    (0000000075e90000 - 0000000075f31000: D:\WINDOWS\system32\sxs.dll
    (0000000076080000 - 00000000760e1000: D:\WINDOWS\system32\msvcp60.dll
    (00000000760f0000 - 0000000076168000: D:\WINDOWS\system32\urlmon.dll
    (0000000076200000 - 0000000076297000: D:\WINDOWS\system32\wininet.dll
    (00000000762a0000 - 00000000762af000: D:\WINDOWS\system32\MSASN1.dll
    (00000000762c0000 - 000000007634a000: D:\WINDOWS\system32\CRYPT32.dll
    (0000000076360000 - 000000007636f000: D:\WINDOWS\system32\WINSTA.dll
    (00000000763b0000 - 00000000763f5000: D:\WINDOWS\system32\comdlg32.dll
    (0000000076600000 - 000000007661b000: D:\WINDOWS\system32\cscdll.dll
    (0000000076620000 - 000000007666e000: D:\WINDOWS\system32\cscui.dll
    (0000000076670000 - 0000000076754000: D:\WINDOWS\system32\SETUPAPI.dll
    (0000000076b20000 - 0000000076b35000: D:\WINDOWS\system32\ATL.DLL
    (0000000076b40000 - 0000000076b6c000: D:\WINDOWS\system32\WINMM.dll
    (0000000076bb0000 - 0000000076bb4000: D:\WINDOWS\system32\sfc.dll
    (0000000076bc0000 - 0000000076bce000: D:\WINDOWS\system32\REGAPI.dll
    (0000000076bd0000 - 0000000076bee000: D:\WINDOWS\system32\SHSVCS.dll
    (0000000076bf0000 - 0000000076bfb000: D:\WINDOWS\system32\PSAPI.DLL
    (0000000076c30000 - 0000000076c5b000: D:\WINDOWS\system32\WINTRUST.dll
    (0000000076c60000 - 0000000076c89000: D:\WINDOWS\system32\sfc_os.dll
    (0000000076c90000 - 0000000076cb2000: D:\WINDOWS\system32\IMAGEHLP.dll
    (0000000076cc0000 - 0000000076cd0000: D:\WINDOWS\system32\AUTHZ.dll
    (0000000076ce0000 - 0000000076cff000: D:\WINDOWS\system32\NTMARTA.DLL
    (0000000076d10000 - 0000000076d2d000: D:\WINDOWS\system32\msv1_0.dll
    (0000000076d30000 - 0000000076d34000: D:\WINDOWS\system32\WMI.dll
    (0000000076d40000 - 0000000076d56000: D:\WINDOWS\system32\MPRAPI.dll
    (0000000076d60000 - 0000000076d75000: D:\WINDOWS\system32\Iphlpapi.dll
    (0000000076d80000 - 0000000076d9a000: D:\WINDOWS\system32\DHCPCSVC.DLL
    (0000000076da0000 - 0000000076dd0000: D:\WINDOWS\system32\WZCSvc.DLL
    (0000000076de0000 - 0000000076e06000: D:\WINDOWS\system32\netman.dll
    (0000000076e10000 - 0000000076e34000: D:\WINDOWS\system32\adsldpc.dll
    (0000000076e40000 - 0000000076e6f000: D:\WINDOWS\system32\ACTIVEDS.dll
    (0000000076e80000 - 0000000076e8d000: D:\WINDOWS\system32\rtutils.dll
    (0000000076e90000 - 0000000076ea1000: D:\WINDOWS\system32\rasman.dll
    (0000000076eb0000 - 0000000076eda000: D:\WINDOWS\system32\TAPI32.dll
    (0000000076ee0000 - 0000000076f17000: D:\WINDOWS\system32\RASAPI32.dll
    (0000000076f20000 - 0000000076f45000: D:\WINDOWS\system32\DNSAPI.dll
    (0000000076f50000 - 0000000076f58000: D:\WINDOWS\system32\WTSAPI32.dll
    (0000000076f60000 - 0000000076f8c000: D:\WINDOWS\system32\WLDAP32.dll
    (0000000076f90000 - 0000000076fa0000: D:\WINDOWS\system32\Secur32.dll
    (0000000076fb0000 - 0000000076fb7000: D:\WINDOWS\System32\winrnr.dll
    (0000000076fc0000 - 0000000076fc5000: D:\WINDOWS\system32\rasadhlp.dll
    (0000000076fd0000 - 0000000077048000: D:\WINDOWS\system32\CLBCATQ.DLL
    (0000000077050000 - 0000000077115000: D:\WINDOWS\system32\COMRes.dll
    (0000000077120000 - 00000000771ab000: D:\WINDOWS\system32\OLEAUT32.dll
    (00000000771b0000 - 00000000772ca000: D:\WINDOWS\system32\ole32.dll
    (00000000772d0000 - 0000000077333000: D:\WINDOWS\system32\SHLWAPI.dll
    (0000000077340000 - 00000000773cb000: D:\WINDOWS\system32\comctl32.dll
    (00000000773d0000 - 0000000077bc4000: D:\WINDOWS\system32\shell32.dll
    (0000000077bd0000 - 0000000077bd7000: D:\WINDOWS\system32\midimap.dll
    (0000000077be0000 - 0000000077bf4000: D:\WINDOWS\system32\MSACM32.dll
    (0000000077c00000 - 0000000077c07000: D:\WINDOWS\system32\VERSION.dll
    (0000000077c10000 - 0000000077c63000: D:\WINDOWS\system32\msvcrt.dll
    (0000000077c70000 - 0000000077cb0000: D:\WINDOWS\system32\GDI32.dll
    (0000000077cc0000 - 0000000077d35000: D:\WINDOWS\system32\RPCRT4.dll
    (0000000077d40000 - 0000000077dcd000: D:\WINDOWS\system32\USER32.dll
    (0000000077dd0000 - 0000000077e5b000: D:\WINDOWS\system32\ADVAPI32.dll
    (0000000077e60000 - 0000000077f45000: D:\WINDOWS\system32\kernel32.dll
    (0000000077f50000 - 0000000077ff9000: D:\WINDOWS\System32\ntdll.dll

    *----> State Dump for Thread Id 0x240 <----*

    eax=010d1848 ebx=00000000 ecx=0006f528 edx=00000000 esi=006f1248 edi=00000001
    eip=7ffe0304 esp=0006fd9c ebp=0006fdd0 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100
     
  4. Harmon5

    Harmon5 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    58
    *----> Stack Back Trace <----*
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\USER32.dll -
    WARNING: Stack unwind information not available. Following frames may be wrong.
    *** ERROR: Module load completed but symbols could not be loaded for \??\D:\WINDOWS\system32\winlogon.exe
    ChildEBP RetAddr Args to Child
    0006fd98 77d43fbe 77d487a7 00000000 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    0006fdd0 77d4f58c 000100b0 00000000 00000010 USER32!WaitMessage+0xc
    0006fdf8 77d4f5c7 01000000 01064dd0 00000000 USER32!DrawStateW+0xbc8
    0006fe18 77d52a0b 01000000 01064dd0 00000000 USER32!DialogBoxIndirectParamAorW+0x34
    0006fe3c 01033b5f 01000000 00000578 00000000 USER32!DialogBoxParamW+0x3d
    0006fe60 01027326 01000000 00000578 00000000 winlogon+0x33b5f
    0006fe9c 01031f08 0007c008 01000000 00000578 winlogon+0x27326
    0006fed4 0102e94f 0007c008 01000000 00000578 winlogon+0x31f08
    0006ff18 0102ac49 0007c008 00072364 00000000 winlogon+0x2e94f
    0006fff4 00000000 7ffdf000 000000c8 00000100 winlogon+0x2ac49

    *----> Raw Stack Dump <----*
    000000000006fd9c be 3f d4 77 a7 87 d4 77 - 00 00 00 00 00 00 00 00 .?.w...w........
    000000000006fdac 00 00 00 00 24 00 01 00 - 4c 00 00 00 09 00 00 00 ....$...L.......
    000000000006fdbc 07 00 00 00 6e 4f 66 08 - ae 03 00 00 28 02 00 00 ....nOf.....(...
    000000000006fdcc 00 00 00 00 f8 fd 06 00 - 8c f5 d4 77 b0 00 01 00 ...........w....
    000000000006fddc 00 00 00 00 10 00 00 00 - 00 00 00 00 98 c0 07 00 ................
    000000000006fdec ff ff ff ff 00 00 00 00 - 00 00 00 00 18 fe 06 00 ................
    000000000006fdfc c7 f5 d4 77 00 00 00 01 - d0 4d 06 01 00 00 00 00 ...w.....M......
    000000000006fe0c 75 1a 03 01 cc fe 06 00 - 01 00 00 00 3c fe 06 00 u...........<...
    000000000006fe1c 0b 2a d5 77 00 00 00 01 - d0 4d 06 01 00 00 00 00 .*.w.....M......
    000000000006fe2c 75 1a 03 01 cc fe 06 00 - 00 00 00 00 08 c0 07 00 u...............
    000000000006fe3c 60 fe 06 00 5f 3b 03 01 - 00 00 00 01 78 05 00 00 `..._;......x...
    000000000006fe4c 00 00 00 00 75 1a 03 01 - cc fe 06 00 08 c0 07 00 ....u...........
    000000000006fe5c 0a 00 40 12 9c fe 06 00 - 26 73 02 01 00 00 00 01 [email protected]&s......
    000000000006fe6c 78 05 00 00 00 00 00 00 - 75 1a 03 01 cc fe 06 00 x.......u.......
    000000000006fe7c 08 c0 07 00 80 0f 05 fd - ff ff ff ff 00 f0 fd 7f ................
    000000000006fe8c 00 e0 fd 7f 14 00 00 00 - 01 00 00 00 00 00 00 00 ................
    000000000006fe9c d4 fe 06 00 08 1f 03 01 - 08 c0 07 00 00 00 00 01 ................
    000000000006feac 78 05 00 00 00 00 00 00 - 75 1a 03 01 cc fe 06 00 x.......u.......
    000000000006febc 00 00 00 10 00 00 00 00 - 02 00 00 00 08 c0 07 00 ................
    000000000006fecc 08 c0 07 00 98 c0 07 00 - 18 ff 06 00 4f e9 02 01 ............O...

    *----> State Dump for Thread Id 0x248 <----*

    eax=00000000 ebx=00000000 ecx=7ffdd000 edx=7627aaf4 esi=00000000 edi=77d47e92
    eip=77d46303 esp=0060f118 ebp=0060f76c iopl=0 nv up ei ng nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282

    function: USER32!GetWindow
    77d462db 8b7738 mov esi,[edi+0x38]
    77d462de ebcc jmp USER32!GetWindow+0x58 (77d462ac)
    77d462e0 8b773c mov esi,[edi+0x3c]
    77d462e3 ebc7 jmp USER32!GetWindow+0x58 (77d462ac)
    77d462e5 64a118000000 mov eax,fs:[00000018]
    77d462eb 83784000 cmp dword ptr [eax+0x40],0x0
    77d462ef 0f84dee70000 je USER32!SwitchDesktop+0xf (77d54ad3)
    77d462f5 64a118000000 mov eax,fs:[00000018]
    77d462fb 8bc8 mov ecx,eax
    77d462fd 8b81e4060000 mov eax,[ecx+0x6e4]
    FAULT ->77d46303 8b4008 mov eax,[eax+0x8] ds:0023:00000008=????????
    77d46306 2b81e8060000 sub eax,[ecx+0x6e8]
    77d4630c c3 ret
    USER32!SetCursor:
    77d4630d b8ff110000 mov eax,0x11ff
    77d46312 ba0003fe7f mov edx,0x7ffe0300
    77d46317 ffd2 call edx
    77d46319 c20400 ret 0x4
    USER32!PtInRect:
    77d4631c 8b442404 mov eax,[esp+0x4]
    77d46320 85c0 test eax,eax

    *----> Stack Back Trace <----*
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\wininet.dll -
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    0060f76c 7622d9fc 00000000 00000000 010e24e0 USER32!GetWindow+0xaf
    0060f7a0 7620aa51 01165950 0116b398 010d5048 wininet!PrivacyGetZonePreferenceW+0x1f90
    0060f7dc 76205a74 010d5048 00000000 00000000 wininet!IncrementUrlCacheHeaderData+0x2604
    0060f83c 76208c50 01762e70 762053a4 01762e70 wininet!HttpSendRequestA+0xd1
    0060f85c 76205a74 010d5048 00000000 00000000 wininet!IncrementUrlCacheHeaderData+0x803
    0060f8a4 76208b81 00079438 762053a4 00079438 wininet!HttpSendRequestA+0xd1
    0060f8c4 76205a74 010d5048 00000000 00000000 wininet!IncrementUrlCacheHeaderData+0x734
    0060f914 762089eb 00000000 762053a4 01765248 wininet!HttpSendRequestA+0xd1
    0060f934 76205a74 010d5048 00000000 00000000 wininet!IncrementUrlCacheHeaderData+0x59e
    0060f964 76205371 00000001 010d5048 0008ce00 wininet!HttpSendRequestA+0xd1
    0060f98c 76205a74 010d5048 00000000 00000000 wininet!InternetCloseHandle+0x524
    0060f9c8 762059be 00000000 00000000 00000000 wininet!HttpSendRequestA+0xd1
    0060f9ec 76214a73 00cc0084 00000000 00000000 wininet!HttpSendRequestA+0x1b
    0060fb3c 762053a4 010c0000 010cdbe0 00000000 wininet!InternetOpenUrlA+0x323
    0060fb54 76205a74 010d5048 00000000 00000000 wininet!InternetCloseHandle+0x557
    00200000 021a051c 021b051c 021c051c 021d051c wininet!HttpSendRequestA+0xd1
    0219051c 00000000 00000000 00000000 00000000 0x21a051c

    *----> Raw Stack Dump <----*
    000000000060f118 98 7e d4 77 00 00 00 00 - 80 ba 23 76 50 77 2d 77 .~.w......#vPw-w
    000000000060f128 00 01 00 00 00 00 00 00 - 80 66 f7 77 ff ff ff ff .........f.w....
    000000000060f138 d9 60 f5 77 00 00 08 02 - 34 ef 60 00 dc f3 60 00 .`.w....4.`...`.
    000000000060f148 f4 6a f5 77 24 50 fc 77 - 60 69 f5 77 00 00 00 00 .j.w$P.w`i.w....
    000000000060f158 08 00 15 c0 00 00 00 00 - 00 00 07 00 e8 9a 76 01 ..............v.
    000000000060f168 00 00 00 00 40 f2 60 00 - bf 1f f5 77 78 01 07 00 [email protected]`....wx...
    000000000060f178 83 20 f5 77 08 06 07 00 - 01 00 00 00 42 6f 21 15 . .w........Bo!.
    000000000060f188 38 35 17 00 18 00 16 02 - 98 f1 60 00 98 f1 60 00 85........`...`.
    000000000060f198 69 00 70 00 68 00 6c 00 - 70 00 61 00 70 00 69 00 i.p.h.l.p.a.p.i.
    000000000060f1a8 2e 00 64 00 6c 00 6c 00 - 00 00 00 00 00 00 00 00 ..d.l.l.........
    000000000060f1b8 90 f2 60 00 00 00 00 00 - b3 16 f5 77 e8 5a 16 01 ..`........w.Z..
    000000000060f1c8 71 16 f5 77 a4 f2 60 00 - 00 00 00 00 b3 16 f5 77 q..w..`........w
    000000000060f1d8 08 51 16 01 71 16 f5 77 - 78 07 07 00 8d 16 f5 77 .Q..q..wx......w
    000000000060f1e8 30 51 16 01 10 51 16 01 - 80 5d 0f 01 78 01 07 00 0Q...Q...]..x...
    000000000060f1f8 83 20 f5 77 08 06 07 00 - 8d 16 f5 77 97 15 f5 77 . .w.......w...w
    000000000060f208 f0 9a 76 01 f0 9a 76 01 - e8 f2 60 00 00 00 00 00 ..v...v...`.....
    000000000060f218 b3 16 f5 77 b0 68 16 01 - 71 16 f5 77 e8 09 07 00 ...w.h..q..w....
    000000000060f228 8d 16 f5 77 00 00 00 00 - 08 f3 60 00 00 00 00 00 ...w......`.....
    000000000060f238 b3 16 f5 77 14 f3 60 00 - 00 00 00 00 b3 16 f5 77 ...w..`........w
    000000000060f248 c0 7e 16 01 24 f3 60 00 - 00 00 00 00 b3 16 f5 77 .~..$.`........w

    *----> State Dump for Thread Id 0x258 <----*

    eax=01cd2300 ebx=00254504 ecx=77e775dd edx=00000000 esi=00000000 edi=0079fe80
    eip=7ffe0304 esp=0079fe40 ebp=0079fe98 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\System32\ntdll.dll -
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\kernel32.dll -
    WARNING: Stack unwind information not available. Following frames may be wrong.
    *** WARNING: Unable to verify checksum for D:\WINDOWS\system32\msip32.dll
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\msip32.dll -
    ChildEBP RetAddr Args to Child
    0079fe3c 77f7e76f 77e775b7 00000000 0079fe64 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    0079fe98 77e61bf1 00000064 00000000 0072adb7 ntdll!NtDelayExecution+0xc
    002544c0 00250100 00000000 0000014c 00000001 kernel32!Sleep+0xb
    0074c1e0 0072f040 00721242 0072cc70 0072ce90 0x250100
    0072137f 00000028 082444f6 56077401 008a89e8 msip32+0xf040

    *----> Raw Stack Dump <----*
    000000000079fe40 6f e7 f7 77 b7 75 e7 77 - 00 00 00 00 64 fe 79 00 o..w.u.w....d.y.
    000000000079fe50 68 45 25 00 78 45 25 00 - 04 45 25 00 00 00 00 00 hE%.xE%..E%.....
    000000000079fe60 64 fe 79 00 c0 bd f0 ff - ff ff ff ff 14 00 00 00 d.y.............
    000000000079fe70 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
    000000000079fe80 50 fe 79 00 b0 3e c3 77 - e0 fe 79 00 86 bb e9 77 P.y..>.w..y....w
    000000000079fe90 30 21 e8 77 00 00 00 00 - c0 44 25 00 f1 1b e6 77 0!.w.....D%....w
    000000000079fea0 64 00 00 00 00 00 00 00 - b7 ad 72 00 64 00 00 00 d.........r.d...
    000000000079feb0 68 45 25 00 14 45 25 00 - 01 00 00 00 18 45 25 00 hE%..E%......E%.
    000000000079fec0 78 47 25 00 00 00 00 00 - 00 00 00 00 00 23 cd 01 xG%..........#..
    000000000079fed0 00 1d f5 77 f1 47 25 00 - 0b 00 00 00 1f 00 00 00 ...w.G%.........
    000000000079fee0 a4 ff 79 00 a1 97 74 00 - 01 00 00 00 cd 74 73 00 ..y...t......ts.
    000000000079fef0 78 47 25 00 b0 03 07 00 - b4 ff 79 00 d8 5a 25 00 xG%.......y..Z%.
    000000000079ff00 40 5c 25 00 58 02 00 00 - 78 5b 25 00 b8 5a 25 00 @\%.X...x[%..Z%.
    000000000079ff10 18 45 25 00 68 45 25 00 - 58 01 00 00 00 ff ff ff .E%.hE%.X.......
    000000000079ff20 68 5b 25 00 00 73 73 00 - 68 5b 25 00 00 73 73 00 h[%..ss.h[%..ss.
    000000000079ff30 68 5b 25 00 00 ff ff ff - 8d 16 f5 77 a0 ab 72 00 h[%........w..r.
    000000000079ff40 c0 44 25 00 58 02 00 00 - 8d 16 f5 77 2e ab c2 77 .D%.X......w...w
    000000000079ff50 00 00 25 00 d8 5a 25 00 - 05 00 00 00 00 00 00 00 ..%..Z%.........
    000000000079ff60 00 00 00 00 00 00 00 00 - 4c ff 79 00 00 00 00 00 ........L.y.....
    000000000079ff70 a4 ff 79 00 b0 4a 25 00 - ac 5a 25 00 ff ff ff ff ..y..J%..Z%.....

    *----> State Dump for Thread Id 0x25c <----*

    eax=00000103 ebx=00083ee0 ecx=007df984 edx=00000000 esi=7fffffff edi=ffffffff
    eip=7ffe0304 esp=007df960 ebp=007df99c iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\mswsock.dll -
    WARNING: Stack unwind information not available. Following frames may be wrong.
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\WS2_32.dll -
    ChildEBP RetAddr Args to Child
    007df95c 77f7f4af 71a51f97 00000174 00000001 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    007df99c 71a61021 00000174 0000014c 00000000 ntdll!NtWaitForSingleObject+0xc
    007dfe24 71ab870e 0000014c 007dfe94 007dfe90 mswsock!ServiceMain+0x64d7
    007dfe58 71ab86a2 0000014c 007dfe94 007dfe90 WS2_32!WSAAccept+0x69
    002544c0 00250100 00000000 0000014c 00000001 WS2_32!accept+0x15
    0074c1e0 0072f040 00721242 0072cc70 0072ce90 0x250100
    0072137f 00000028 082444f6 56077401 008a89e8 msip32+0xf040

    *----> Raw Stack Dump <----*
    00000000007df960 af f4 f7 77 97 1f a5 71 - 74 01 00 00 01 00 00 00 ...w...qt.......
    00000000007df970 88 f9 7d 00 03 01 00 00 - 00 00 00 00 40 3c 08 00 ..}[email protected]<..
    00000000007df980 4c f0 ae 34 b7 54 c8 01 - ff ff ff ff ff ff ff 7f L..4.T..........
    00000000007df990 e0 3e 08 00 00 00 00 00 - 00 00 00 00 24 fe 7d 00 .>..........$.}.
    00000000007df9a0 21 10 a6 71 74 01 00 00 - 4c 01 00 00 00 00 00 00 !..qt...L.......
    00000000007df9b0 04 00 00 00 00 00 00 00 - f0 00 08 00 00 00 00 00 ................
    00000000007df9c0 00 00 00 00 b4 f9 7d 00 - 00 00 00 00 cc fb 7d 00 ......}.......}.
    00000000007df9d0 02 24 f8 77 20 55 f7 77 - ff ff ff ff f5 16 f5 77 .$.w U.w.......w
    00000000007df9e0 0f 2e f5 77 0b 18 f5 77 - 00 00 00 00 14 00 00 00 ...w...w........
    00000000007df9f0 0c f0 fd 7f 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa40 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa50 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa70 00 00 00 00 40 06 07 00 - 00 00 00 00 00 00 00 00 [email protected]
    00000000007dfa80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    00000000007dfa90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

    *----> State Dump for Thread Id 0x26c <----*

    eax=ffffffff ebx=00088378 ecx=0007f3f8 edx=00000000 esi=f3f28d40 edi=00000000
    eip=7ffe0304 esp=00cafe28 ebp=00caff90 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\RPCRT4.dll -
    WARNING: Stack unwind information not available. Following frames may be wrong.
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\WINDOWS\system32\AUTHZ.dll -
    ChildEBP RetAddr Args to Child
    00cafe24 77f7efff 77cc1ac9 000001bc 00caff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00caff90 77cc167e 77cc1505 00087c10 77cebee0 ntdll!NtReplyWaitReceivePortEx+0xc
    00087d80 ffffffff 000001f4 000001f0 00000000 RPCRT4+0x167e
    00000000 00000000 00000000 00000000 00000000 0xffffffff

    *----> Raw Stack Dump <----*
    0000000000cafe28 ff ef f7 77 c9 1a cc 77 - bc 01 00 00 80 ff ca 00 ...w...w........
    0000000000cafe38 00 00 00 00 78 83 08 00 - 00 00 00 00 00 00 00 00 ....x...........
    0000000000cafe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafe58 04 00 00 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafe88 04 00 00 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafeb8 04 00 00 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cafee8 04 00 00 01 01 00 00 00 - 01 00 00 00 00 00 00 00 ................
    0000000000cafef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000caff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000caff18 04 00 00 01 00 00 00 00 - ac e9 5f 81 6f a4 4e 80 .........._.o.N.
    0000000000caff28 77 a4 4e 80 10 e8 5f 81 - 95 f2 57 80 60 16 63 81 w.N..._...W.`.c.
    0000000000caff38 10 e8 5f 81 00 80 fd 7f - 54 1a cc 77 60 ff ca 00 .._.....T..w`...
    0000000000caff48 6f 1a cc 77 40 74 08 00 - 58 7d 08 00 80 7d 08 00 [email protected]}...}..
    0000000000caff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

    *----> State Dump for Thread Id 0x270 <----*

    eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
    eip=7ffe0304 esp=00cfff9c ebp=00cfffb4 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    00cfff98 77f7e76f 77f5c5a3 00000001 00cfffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00cfffb4 77e802ed 00000000 00000000 00000000 ntdll!NtDelayExecution+0xc
    00cfffec 00000000 77f5c55e 00000000 00000000 kernel32!OpenConsoleW+0xb8

    *----> Raw Stack Dump <----*
    0000000000cfff9c 6f e7 f7 77 a3 c5 f5 77 - 01 00 00 00 ac ff cf 00 o..w...w........
    0000000000cfffac 00 00 00 00 00 00 00 80 - ec ff cf 00 ed 02 e8 77 ...............w
    0000000000cfffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000cfffcc 00 00 00 00 00 70 fd 7f - c0 ff cf 00 07 00 00 00 .....p..........
    0000000000cfffdc ff ff ff ff 86 bb e9 77 - 80 5b e9 77 00 00 00 00 .......w.[.w....
    0000000000cfffec 00 00 00 00 00 00 00 00 - 5e c5 f5 77 00 00 00 00 ........^..w....
    0000000000cffffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d0009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d000ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d000bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d000cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

    *----> State Dump for Thread Id 0x274 <----*

    eax=007f5398 ebx=00000000 ecx=00270378 edx=00000000 esi=77fc51c0 edi=77fc51e0
    eip=7ffe0304 esp=00d3ff70 ebp=00d3ffb4 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    00d3ff6c 77f7ef9f 77f51d4f 00000218 00d3ffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00d3ffb4 77e802ed 00000000 00000020 00000020 ntdll!ZwRemoveIoCompletion+0xc
    00d3ffec 00000000 77f51d14 00000000 00000000 kernel32!OpenConsoleW+0xb8

    *----> Raw Stack Dump <----*
    0000000000d3ff70 9f ef f7 77 4f 1d f5 77 - 18 02 00 00 ac ff d3 00 ...wO..w........
    0000000000d3ff80 b0 ff d3 00 98 ff d3 00 - a0 ff d3 00 20 00 00 00 ............ ...
    0000000000d3ff90 20 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ...............
    0000000000d3ffa0 00 7c 28 e8 ff ff ff ff - a8 0c f2 f3 a5 c2 f5 77 .|(............w
    0000000000d3ffb0 e8 d1 16 01 ec ff d3 00 - ed 02 e8 77 00 00 00 00 ...........w....
    0000000000d3ffc0 20 00 00 00 20 00 00 00 - 00 00 00 00 00 00 00 00 ... ...........
    0000000000d3ffd0 00 60 fd 7f c0 ff d3 00 - 07 00 00 00 ff ff ff ff .`..............
    0000000000d3ffe0 86 bb e9 77 80 5b e9 77 - 00 00 00 00 00 00 00 00 ...w.[.w........
    0000000000d3fff0 00 00 00 00 14 1d f5 77 - 00 00 00 00 00 00 00 00 .......w........
    0000000000d40000 41 63 74 78 20 00 00 00 - 01 00 00 00 d8 08 00 00 Actx ...........
    0000000000d40010 94 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
    0000000000d40020 14 00 00 00 01 00 00 00 - 04 00 00 00 34 00 00 00 ............4...
    0000000000d40030 c4 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d40040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................
    0000000000d40050 00 00 00 00 00 00 00 00 - 00 00 00 00 98 01 00 00 ................
    0000000000d40060 9e 00 00 00 00 00 00 00 - 4e ef 26 1a 38 02 00 00 ........N.&.8...
    0000000000d40070 44 00 00 00 80 02 00 00 - de 02 00 00 00 00 00 00 D...............
    0000000000d40080 5b 49 59 2d 60 05 00 00 - 32 00 00 00 94 05 00 00 [IY-`...2.......
    0000000000d40090 a8 02 00 00 10 00 00 00 - 02 00 00 00 a4 00 00 00 ................
    0000000000d400a0 02 00 00 00 01 00 00 00 - c4 00 00 00 a4 07 00 00 ................

    *----> State Dump for Thread Id 0x278 <----*

    eax=017644d4 ebx=00007530 ecx=0809b3ca edx=00000000 esi=77e778c5 edi=00000000
    eip=7ffe0304 esp=00d8fec0 ebp=00d8feec iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    00d8febc 77f7ef9f 77e73b3f 0000021c 00d8ff14 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00d8feec 77cc1f75 0000021c 00d8ff24 00d8ff14 ntdll!ZwRemoveIoCompletion+0xc
    00d8ff28 77cc20b3 00007530 00d8ff78 00d8ff7c RPCRT4!I_RpcAllocate+0x1e2
    00d8ff90 77cc213e 77cc1505 00088ba0 00000000 RPCRT4!I_RpcAllocate+0x320
    000894a8 ffffffff 00000234 00000230 00000000 RPCRT4!I_RpcAllocate+0x3ab
    00000000 00000000 00000000 00000000 00000000 0xffffffff

    *----> Raw Stack Dump <----*
    0000000000d8fec0 9f ef f7 77 3f 3b e7 77 - 1c 02 00 00 14 ff d8 00 ...w?;.w........
    0000000000d8fed0 04 ff d8 00 e4 fe d8 00 - dc fe d8 00 00 5d 1e ee .............]..
    0000000000d8fee0 ff ff ff ff 00 00 00 00 - 93 99 00 00 28 ff d8 00 ............(...
    0000000000d8fef0 75 1f cc 77 1c 02 00 00 - 24 ff d8 00 14 ff d8 00 u..w....$.......
    0000000000d8ff00 1c ff d8 00 30 75 00 00 - 02 00 00 00 c5 78 e7 77 ....0u.......x.w
    0000000000d8ff10 00 00 00 00 11 00 00 00 - 1c 02 00 00 00 00 00 00 ................
    0000000000d8ff20 fd 1e cc 77 a8 94 08 00 - 90 ff d8 00 b3 20 cc 77 ...w......... .w
    0000000000d8ff30 30 75 00 00 78 ff d8 00 - 7c ff d8 00 84 ff d8 00 0u..x...|.......
    0000000000d8ff40 70 ff d8 00 74 ff d8 00 - 80 ff d8 00 40 74 08 00 [email protected]
    0000000000d8ff50 80 94 08 00 a8 94 08 00 - a8 94 08 00 1c 02 00 00 ................
    0000000000d8ff60 01 00 00 00 0e 02 00 00 - 00 00 00 00 30 75 00 00 ............0u..
    0000000000d8ff70 93 99 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000d8ff80 00 00 00 00 1c 02 00 00 - 00 00 00 00 a0 8b 08 00 ................
    0000000000d8ff90 a8 94 08 00 3e 21 cc 77 - 05 15 cc 77 a0 8b 08 00 ....>!.w...w....
    0000000000d8ffa0 00 00 00 00 00 00 00 00 - ec ff d8 00 a8 94 08 00 ................
    0000000000d8ffb0 70 16 cc 77 80 94 08 00 - ed 02 e8 77 a8 94 08 00 p..w.......w....
    0000000000d8ffc0 00 00 00 00 00 00 00 00 - a8 94 08 00 00 00 00 00 ................
    0000000000d8ffd0 00 50 fd 7f c0 ff d8 00 - 07 00 00 00 ff ff ff ff .P..............
    0000000000d8ffe0 86 bb e9 77 80 5b e9 77 - 00 00 00 00 00 00 00 00 ...w.[.w........
    0000000000d8fff0 00 00 00 00 5a 16 cc 77 - a8 94 08 00 00 00 00 00 ....Z..w........

    *----> State Dump for Thread Id 0x284 <----*

    eax=000000c0 ebx=00000000 ecx=00000005 edx=00000000 esi=00000000 edi=00000001
    eip=7ffe0304 esp=00dcfcec ebp=00dcffb4 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
     
  5. Harmon5

    Harmon5 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    58
    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    00dcfce8 77f7f49f 77f63e7c 0000000b 00dcfd30 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00dcffb4 77e802ed 00000000 01000000 00000000 ntdll!ZwWaitForMultipleObjects+0xc
    00dcffec 00000000 77f63d47 00000000 00000000 kernel32!OpenConsoleW+0xb8

    *----> Raw Stack Dump <----*
    0000000000dcfcec 9f f4 f7 77 7c 3e f6 77 - 0b 00 00 00 30 fd dc 00 ...w|>.w....0...
    0000000000dcfcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 01 ................
    0000000000dcfd0c 00 00 00 00 00 00 00 00 - 78 69 fc 77 78 69 fc 77 ........xi.wxi.w
    0000000000dcfd1c 3c 02 00 00 84 02 00 00 - 0b 00 00 00 0b 00 00 00 <...............
    0000000000dcfd2c 0a 00 00 00 40 02 00 00 - 44 02 00 00 5c 02 00 00 [email protected]\...
    0000000000dcfd3c ac 02 00 00 3c 06 00 00 - e0 07 00 00 d8 07 00 00 ....<...........
    0000000000dcfd4c fc 08 00 00 14 09 00 00 - cc 02 00 00 c4 02 00 00 ................
    0000000000dcfd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0000000000dcfe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

    *----> State Dump for Thread Id 0x2ac <----*

    eax=00000219 ebx=0007c008 ecx=00000043 edx=00000000 esi=00c2ff98 edi=77d440bf
    eip=7ffe0304 esp=00c2fe5c ebp=00c2fe78 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    00c2fe58 77d43c8b 77d440e8 00c2ff98 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00c2fe78 0101cadb 00c2ff98 00000000 00000000 USER32!CreateWindowExA+0x27b7
    00c2ffb4 77e802ed 0007c008 00000002 0006fc98 winlogon+0x1cadb
    00c2ffec 00000000 0101c9ba 0007c008 00000000 kernel32!OpenConsoleW+0xb8

    *----> Raw Stack Dump <----*
    0000000000c2fe5c 8b 3c d4 77 e8 40 d4 77 - 98 ff c2 00 00 00 00 00 .<[email protected]
    0000000000c2fe6c 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff c2 00 ................
    0000000000c2fe7c db ca 01 01 98 ff c2 00 - 00 00 00 00 00 00 00 00 ................
    0000000000c2fe8c 00 00 00 00 02 00 00 00 - 98 fc 06 00 00 a0 fd 7f ................
    0000000000c2fe9c 00 00 00 00 00 00 00 00 - b8 36 d8 81 60 16 63 81 .........6..`.c.
    0000000000c2feac 01 17 63 81 00 00 00 00 - 68 ff 1f c0 60 16 63 81 ..c.....h...`.c.
    0000000000c2febc 00 00 00 00 00 00 bf 00 - ff ff be 00 00 00 00 00 ................
    0000000000c2fecc 00 00 bf 00 00 cc c5 81 - 60 16 63 81 3c fb 07 f8 ........`.c.<...
    0000000000c2fedc 10 cc c5 81 ff ff ff ff - 94 db 50 80 58 d8 4f 80 ..........P.X.O.
    0000000000c2feec ff ff ff ff 00 a0 fd 7f - 91 4e 4d 80 ff ff ff ff .........NM.....
    0000000000c2fefc 88 fc 07 f8 8c fc 07 f8 - 00 80 00 00 70 ee dc 81 ............p...
    0000000000c2ff0c 78 ee dc 81 00 00 00 00 - 28 fc 07 f8 28 50 ff 81 x.......(...(P..
    0000000000c2ff1c 48 cd 40 e1 c4 26 63 81 - 6f a4 4e 80 77 a4 4e 80 [email protected]&c.o.N.w.N.
    0000000000c2ff2c 28 25 63 81 95 f2 57 80 - 60 16 63 81 28 25 63 81 (%c...W.`.c.(%c.
    0000000000c2ff3c 00 a0 fd 7f 00 00 00 00 - 4c fc 07 f8 00 00 00 00 ........L.......
    0000000000c2ff4c 90 fc 07 f8 ef 53 4f 80 - 00 00 00 00 05 00 00 00 .....SO.........
    0000000000c2ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 b1 53 4f 80 .............SO.
    0000000000c2ff6c 00 00 00 00 00 00 00 00 - 5b cf 4e 80 60 16 63 81 ........[.N.`.c.
    0000000000c2ff7c 28 25 63 81 40 fd 07 f8 - 14 fd 07 f8 80 bd 56 80 (%[email protected]
    0000000000c2ff8c 01 00 00 00 60 16 63 81 - d4 53 4f 80 26 00 01 00 ....`.c..SO.&...

    *----> State Dump for Thread Id 0x330 <----*

    eax=00000201 ebx=00000002 ecx=00000201 edx=00000000 esi=76c629c8 edi=00000000
    eip=7ffe0304 esp=00fdff64 ebp=00fdffb4 iopl=0 nv up ei pl nz na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

    function: <nosymbols>
    7ffe02f2 0000 add [eax],al
    7ffe02f4 0000 add [eax],al
    7ffe02f6 0000 add [eax],al
    *SharedUserSystemCall:
    7ffe02f8 0000 add [eax],al
    7ffe02fa 0000 add [eax],al
    7ffe02fc 0000 add [eax],al
    7ffe02fe 0000 add [eax],al
    7ffe0300 8bd4 mov edx,esp
    7ffe0302 0f34 sysenter
    7ffe0304 c3 ret
    7ffe0305 9c pushfd
    7ffe0306 810c2400010000 or dword ptr [esp],0x100
    7ffe030d 9d popfd
    7ffe030e c3 ret
    7ffe030f 8bd4 mov edx,esp
    7ffe0311 0f05 syscall
    7ffe0313 c3 ret
    7ffe0314 90 nop
    7ffe0315 9c pushfd
    7ffe0316 810c2400010000 or dword ptr [esp],0x100

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr Args to Child
    00fdff60 77f7f49f 76c6c75f 00000002 00113720 *SharedUserSystemCall+0xc (FPO: [0,0,0])
    00fdffb4 77e802ed 00000000 00000000 00000000 ntdll!ZwWaitForMultipleObjects+0xc
    00fdffec 00000000 76c6c393 00000000 00000000 kernel32!OpenConsoleW+0xb8
     
  6. Harmon5

    Harmon5 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    58
    Now, I'm getting a winlogon.exe error, which doesn't allow me to stay on for more than a few minutes!
    Please help!!!
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/675725

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice