Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32 Copyright (C) 1985-1999 Microsoft Corp. All rights reserved. Application exception occurred: App: explorer.exe (pid=1820) When: 7/1/2005 @ 17:36:00.674 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1424 cmd.exe 1272 iexplore.exe 1536 cmd.exe 900 MsiExec.exe 1532 MsiExec.exe 1736 taskmgr.exe 1788 drwtsn32.exe 1820 explorer.exe 1776 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (7C0F0000 - 7C151000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01B70000 - 01B7F000) State Dump for Thread Id 0x70c eax=000000c4 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd9 edi=77a55fd8 eip=0006f292 esp=0006f23c ebp=00000000 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: 0006f27f 0010 add [eax],dl ds:000000c4=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:000000c4=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:000000c4=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00a47c0c00d85f add [esp+edi*2+0x5fd8000c],ah ss:d77d5fe4=?? FAULT ->0006f292 a5 movsd ds:77a55fd9=00000000 es:77a55fd8=00000001 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:000000c4=?? 0006f297 0000 add [eax],al ds:000000c4=?? 0006f299 0000 add [eax],al ds:000000c4=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:000000c4=?? 0006f29f 0000 add [eax],al ds:000000c4=?? 0006f2a1 0000 add [eax],al ds:000000c4=?? 0006f2a3 0000 add [eax],al ds:000000c4=?? 0006f2a5 0000 add [eax],al ds:000000c4=?? 0006f2a7 00c4 add ah,al *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f23c c4 f2 06 00 01 00 00 00 - 54 e0 ab 77 54 f2 06 00 ........T..wT... 0006f24c d8 5f a5 77 c4 f2 06 00 - c0 4f a5 77 01 00 00 00 ._.w.....O.w.... 0006f25c 48 c5 08 00 88 7c 0c 00 - 00 00 00 00 54 f2 06 00 H....|......T... 0006f26c dc f2 06 00 7c f3 ab 77 - 8c f2 06 00 be fc ab 77 ....|..w.......w 0006f27c 8c f2 06 00 10 f8 06 00 - 10 f8 06 00 10 f8 06 00 ................ 0006f28c a4 7c 0c 00 d8 5f a5 77 - 00 00 00 00 00 00 00 00 .|..._.w........ 0006f29c 01 00 00 00 00 00 00 00 - 00 00 00 00 c4 f2 06 00 ................ 0006f2ac 88 7c 0c 00 00 00 00 00 - 05 40 00 80 50 fc 06 00 .|.......@..P... 0006f2bc 00 00 00 00 a4 7c 0c 00 - 00 00 00 00 01 00 00 00 .....|.......... 0006f2cc 00 05 08 00 00 00 00 00 - 00 00 00 00 60 f6 06 00 ............`... 0006f2dc f8 f2 06 00 4d fa b0 77 - 88 e6 b2 77 00 00 00 00 ....M..w...w.... 0006f2ec 10 f8 06 00 d0 fd 06 00 - c8 e6 b2 77 1c f3 06 00 ...........w.... 0006f2fc 1b 05 ac 77 10 f8 06 00 - 00 00 00 00 d0 fd 06 00 ...w............ 0006f30c cc e6 b2 77 00 00 00 00 - 00 00 00 00 01 00 00 00 ...w............ 0006f31c 3c f3 06 00 e2 00 ac 77 - c8 e6 b2 77 00 00 00 00 <......w...w.... 0006f32c 10 f8 06 00 d0 fd 06 00 - 05 40 00 80 c8 e6 b2 77 .........@.....w 0006f33c 5c f3 06 00 38 00 ac 77 - cc e6 b2 77 01 00 00 00 \...8..w...w.... 0006f34c 00 00 00 00 60 f6 06 00 - 10 f8 06 00 d0 fd 06 00 ....`........... 0006f35c a0 f3 06 00 47 ff ab 77 - cc e6 b2 77 60 f6 06 00 ....G..w...w`... 0006f36c 00 00 00 00 10 f8 06 00 - d0 fd 06 00 ec 08 ac 77 ...............w Application exception occurred: App: explorer.exe (pid=1796) When: 7/1/2005 @ 17:36:04.850 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1424 cmd.exe 1272 iexplore.exe 1536 cmd.exe 900 MsiExec.exe 1532 MsiExec.exe 1736 taskmgr.exe 1796 explorer.exe 1832 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (7C0F0000 - 7C151000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01BB0000 - 01BBF000) State Dump for Thread Id 0x6f0 eax=000000c4 ebx=0006f2c4 ecx=7ffae7d4 edx=00000000 esi=77a55fd9 edi=77a55fd8 eip=0006f292 esp=0006f23c ebp=00000000 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: 0006f27f 0010 add [eax],dl ds:000000c4=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:000000c4=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:000000c4=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00a40b0f00d85f add [ebx+ecx+0x5fd8000f],ah ds:dfd2e7e3=?? FAULT ->0006f292 a5 movsd ds:77a55fd9=00000000 es:77a55fd8=00000001 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:000000c4=?? 0006f297 0000 add [eax],al ds:000000c4=?? 0006f299 0000 add [eax],al ds:000000c4=?? 0006f29b 0001 add [ecx],al ds:7ffae7d4=?? 0006f29d 0000 add [eax],al ds:000000c4=?? 0006f29f 0000 add [eax],al ds:000000c4=?? 0006f2a1 0000 add [eax],al ds:000000c4=?? 0006f2a3 0000 add [eax],al ds:000000c4=?? 0006f2a5 0000 add [eax],al ds:000000c4=?? 0006f2a7 00c4 add ah,al *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f23c c4 f2 06 00 01 00 00 00 - 54 e0 ab 77 54 f2 06 00 ........T..wT... 0006f24c d8 5f a5 77 c4 f2 06 00 - c0 4f a5 77 01 00 00 00 ._.w.....O.w.... 0006f25c 48 c5 08 00 88 0b 0f 00 - 00 00 00 00 54 f2 06 00 H...........T... 0006f26c dc f2 06 00 7c f3 ab 77 - 8c f2 06 00 be fc ab 77 ....|..w.......w 0006f27c 8c f2 06 00 10 f8 06 00 - 10 f8 06 00 10 f8 06 00 ................ 0006f28c a4 0b 0f 00 d8 5f a5 77 - 00 00 00 00 00 00 00 00 ....._.w........ 0006f29c 01 00 00 00 00 00 00 00 - 00 00 00 00 c4 f2 06 00 ................ 0006f2ac 88 0b 0f 00 00 00 00 00 - 05 40 00 80 50 fc 06 00 .........@..P... 0006f2bc 00 00 00 00 a4 0b 0f 00 - 00 00 00 00 01 00 00 00 ................ 0006f2cc 00 05 08 00 00 00 00 00 - 00 00 00 00 60 f6 06 00 ............`... 0006f2dc f8 f2 06 00 4d fa b0 77 - 88 e6 b2 77 00 00 00 00 ....M..w...w.... 0006f2ec 10 f8 06 00 d0 fd 06 00 - c8 e6 b2 77 1c f3 06 00 ...........w.... 0006f2fc 1b 05 ac 77 10 f8 06 00 - 00 00 00 00 d0 fd 06 00 ...w............ 0006f30c cc e6 b2 77 00 00 00 00 - 00 00 00 00 01 00 00 00 ...w............ 0006f31c 3c f3 06 00 e2 00 ac 77 - c8 e6 b2 77 00 00 00 00 <......w...w.... 0006f32c 10 f8 06 00 d0 fd 06 00 - 05 40 00 80 c8 e6 b2 77 .........@.....w 0006f33c 5c f3 06 00 38 00 ac 77 - cc e6 b2 77 01 00 00 00 \...8..w...w.... 0006f34c 00 00 00 00 60 f6 06 00 - 10 f8 06 00 d0 fd 06 00 ....`........... 0006f35c a0 f3 06 00 47 ff ab 77 - cc e6 b2 77 60 f6 06 00 ....G..w...w`... 0006f36c 00 00 00 00 10 f8 06 00 - d0 fd 06 00 ec 08 ac 77 ...............w State Dump for Thread Id 0x364 eax=00000000 ebx=00000000 ecx=00000012 edx=00000000 esi=77f82865 edi=0000009c eip=77f82870 esp=0109fd48 ebp=0109fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:021a9c2f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 0000009C FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 9c 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 a0 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 9c 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x4c0 eax=77d358be ebx=00086d20 ecx=00000000 edx=00000000 esi=0007dc30 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC30 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863F0 0121FFEC 7C57438B 00086D20 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D20 00000000 00000000 00086D20 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x4e8 eax=77ab502c ebx=00000102 ecx=00074540 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x70c eax=0000001c ebx=00000000 ecx=0129ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e117e8 esp=0129ff2c ebp=0129ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e117dd b836120000 mov eax,0x1236 77e117e2 8d542404 lea edx,[esp+0x4] ss:023a9e13=???????? 77e117e6 cd2e int 2e 77e117e8 c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!WaitMessage 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6ec eax=000b3000 ebx=00000006 ecx=0179efcc edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=0179fd98 ebp=0179fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:028a9c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0179FDE4 77E119E6 0179FDBC 00000001 00000000 0179FDDC ntdll!NtWaitForMultipleObjects 0179FE40 77E11ACE 0179FE0C 0179FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0179FE5C 78319390 00000005 0179FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 00000240 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000002 00000002 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0179fd98 23 3c 57 7c 06 00 00 00 - bc fd 79 01 01 00 00 00 #H. 0179fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0179fe38 00 00 00 00 2c 02 00 00 - 5c fe 79 01 ce 1a e1 77 ....,...\.y....w 0179fe48 0c fe 79 01 b8 fe 79 01 - d0 07 00 00 ff 00 00 00 ..y...y......... 0179fe58 00 00 00 00 b8 02 41 78 - 90 93 31 78 05 00 00 00 ......Ax..1x.... 0179fe68 b8 fe 79 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..y............. 0179fe78 88 5e f8 77 ff ff ff ff - ec ff 79 01 00 00 00 00 .^.w......y..... 0179fe88 ec 06 00 00 44 af ea 86 - 00 00 00 00 34 02 00 00 ....D.......4... 0179fe98 ec 06 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 ................ 0179fea8 00 00 00 00 a3 31 0c 00 - f4 00 00 00 e8 01 00 00 .....1.......... 0179feb8 30 02 00 00 38 02 00 00 - 3c 02 00 00 44 02 00 00 0...8...<...D... 0179fec8 dc 02 00 00 47 7f 4b 80 - 01 00 00 00 20 60 7f ff ....G.K..... `.. State Dump for Thread Id 0x6f4 eax=778321fe ebx=00000003 ecx=0006b9fc edx=00000000 esi=77f82873 edi=00000003 eip=77f8287e esp=0193fd24 ebp=0193fd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a49c0b=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0193FD70 7C578F0D 0193FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0193FFB4 7C57438B 00000004 7FFDE000 7C325107 000B5160 kernel32!WaitForMultipleObjects 0193FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x714 eax=00000202 ebx=0199ff74 ecx=00000010 edx=00000000 esi=77f82865 edi=000002c0 eip=77f82870 esp=0199ff58 ebp=0199ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02aa9e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0199FF7C 7C573B50 000002C0 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0199ff58 28 3b 57 7c c0 02 00 00 - 00 00 00 00 74 ff 99 01 (;W|........t... 0199ff68 00 00 00 00 20 33 35 01 - 60 20 f8 77 00 44 5f 9a .... 35.` .w.D_. 0199ff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c c0 02 00 00 ..... .wP;W|.... 0199ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 c0 02 00 00 .'......U..p.... 0199ff98 c0 27 09 00 05 00 00 00 - 20 33 35 01 ec ff 99 01 .'...... 35..... 0199ffa8 20 33 35 01 95 d7 cf 70 - 08 a1 0c 00 6f d7 cf 70 35....p....o..p 0199ffb8 8b 43 57 7c 20 33 35 01 - 05 00 00 00 08 a1 0c 00 .CW| 35......... 0199ffc8 20 33 35 01 00 70 fd 7f - 08 8b 09 00 c0 ff 99 01 35..p.......... 0199ffd8 08 8b 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c ..........W|..W| 0199ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 0199fff8 20 33 35 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 35........o..?. 019a0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019a0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019a0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019a0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019a0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019a0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019a0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019a0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019a0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x25c eax=00000000 ebx=019fff74 ecx=7ffd6000 edx=00000000 esi=77f82865 edi=000002ec eip=77f82870 esp=019fff58 ebp=019fff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b09e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019FFF7C 7C573B50 000002EC 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x718 eax=01b7a018 ebx=00000002 ecx=01b70250 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01a9fe5c ebp=01a9fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02ba9d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A9FEA8 77E119E6 01A9FE80 00000001 00000000 01A9FEA0 ntdll!NtWaitForMultipleObjects 01A9FF04 77E11ACE 01A9FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01A9FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01A9FF74 70C1AB1B 01A9FFA0 01A9FFA4 01A9FFA8 01A9FF9C !Ordinal265 01A9FFAC 70C1ACDF 0006E81C 7C57438B 00000000 00000001 !Ordinal293 01A9FFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !Ordinal293 *----> Raw Stack Dump <----* 01a9fe5c 23 3c 57 7c 02 00 00 00 - 80 fe a9 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B1F544 7C2D3220 01B1F6EC 0000000A 01B1F7BC 02000000 ntdll!NtOpenKey 01B1F700 7C2D19CC 0000000A 01B1F7BC 00000000 02000000 advapi32!RegSetValueExA 01B1F794 7C2D1D82 0000000A 01B1F7BC 00000000 02000000 advapi32!RegCloseKey 01B1F7C8 7C2D1DD8 80000000 01B1FA08 00000000 02000000 advapi32!RegOpenKeyExW 01B1FC40 77B0A60B 01B1FC68 00000001 000C4238 00000000 advapi32!RegOpenKeyW 01B1FE88 7116E2AC 00000000 00000001 01B1FEA8 01B1FEC0 ole32!StgGetIFillLockBytesOnFile 01B1FEB8 7116E223 00000000 01B1FED8 00000002 000D7018 !DllGetClassObject 01B1FEDC 7116E3AB 000D7018 000C6E10 000C6E10 80004005 !DllGetClassObject 01B1FEF4 7116E375 00000002 000D7018 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01b1f500 d2 34 2d 7c 30 fc b1 01 - 00 00 00 02 1c f5 b1 01 .4-|0........... 01b1f510 bc f7 b1 01 00 00 00 00 - 0a 00 00 00 18 00 00 00 ................ 01b1f520 00 00 00 00 34 f5 b1 01 - 40 00 00 00 00 00 00 00 ....4...@....... 01b1f530 00 00 00 00 e2 00 62 01 - b8 73 0c 00 b8 73 0c 00 ......b..s...s.. 01b1f540 0a 00 88 00 00 f7 b1 01 - 20 32 2d 7c ec f6 b1 01 ........ 2-|.... 01b1f550 0a 00 00 00 bc f7 b1 01 - 00 00 00 02 03 00 00 00 ................ 01b1f560 30 fc b1 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 0...........\.R. 01b1f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01b1f580 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 01b1f590 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 01b1f5a0 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 01b1f5b0 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 01b1f5c0 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 01b1f5d0 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 01b1f5e0 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 01b1f5f0 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 01b1f600 5c 00 7b 00 44 00 34 00 - 32 00 46 00 45 00 41 00 \.{.D.4.2.F.E.A. 01b1f610 43 00 30 00 2d 00 38 00 - 32 00 41 00 31 00 2d 00 C.0.-.8.2.A.1.-. 01b1f620 31 00 31 00 44 00 30 00 - 2d 00 39 00 36 00 34 00 1.1.D.0.-.9.6.4. 01b1f630 33 00 2d 00 30 00 30 00 - 41 00 41 00 30 00 30 00 3.-.0.0.A.A.0.0. State Dump for Thread Id 0x6fc eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01bafe5c ebp=01bafea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02cb9d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01BAFEA8 77E119E6 01BAFE80 00000001 00000000 01BAFEA0 ntdll!NtWaitForMultipleObjects 01BAFF04 77E11ACE 01BAFED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01BAFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01BAFF74 70C1AB1B 01BAFFA0 01BAFFA4 01BAFFA8 01BAFF9C !Ordinal265 01BAFFAC 70C1ACDF 00000000 7C57438B 00000000 00000000 !Ordinal293 01BAFFEC 00000000 70C1ACAF 00000000 00000000 00505A4D !Ordinal293 *----> Raw Stack Dump <----* 01bafe5c 23 3c 57 7c 02 00 00 00 - 80 fe ba 01 01 00 00 00 # System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1424 cmd.exe 1272 iexplore.exe 1536 cmd.exe 900 MsiExec.exe 1532 MsiExec.exe 1736 taskmgr.exe 1784 explorer.exe 1788 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7C0F0000 - 7C151000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01B60000 - 01B6F000) State Dump for Thread Id 0x728 eax=00000001 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd9 edi=0008c56c eip=0006f28d esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27d f206 repne push es 0006f27f 0010 add [eax],dl ds:00000001=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000001=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000001=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00ac690c00d85f add [ecx+ebp*2+0x5fd8000c],ch ds:5fd8000c=?? 0006f292 a5 movsd ds:77a55fd9=00000000 es:0008c56c=6ac3806f 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:00000001=?? 0006f297 0000 add [eax],al ds:00000001=?? 0006f299 0000 add [eax],al ds:00000001=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:00000001=?? 0006f29f 0000 add [eax],al ds:00000001=?? 0006f2a1 0000 add [eax],al ds:00000001=?? 0006f2a3 0000 add [eax],al ds:00000001=?? 0006f2a5 0000 add [eax],al ds:00000001=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 d8 5f a5 77 c4 f2 06 00 - 01 00 00 00 54 e0 ab 77 ._.w........T..w 0006f248 54 f2 06 00 d8 5f a5 77 - c4 f2 06 00 c0 4f a5 77 T...._.w.....O.w 0006f258 01 00 00 00 48 c5 08 00 - 90 69 0c 00 00 00 00 00 ....H....i...... 0006f268 54 f2 06 00 dc f2 06 00 - 7c f3 ab 77 8c f2 06 00 T.......|..w.... 0006f278 be fc ab 77 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...w............ 0006f288 10 f8 06 00 ac 69 0c 00 - d8 5f a5 77 00 00 00 00 .....i..._.w.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 90 69 0c 00 - 00 00 00 00 05 40 00 80 .....i.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - ac 69 0c 00 00 00 00 00 P........i...... 0006f2c8 01 00 00 00 00 05 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 4d fa b0 77 88 e6 b2 77 `.......M..w...w 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 c8 e6 b2 77 ...............w 0006f2f8 1c f3 06 00 1b 05 ac 77 - 10 f8 06 00 00 00 00 00 .......w........ 0006f308 d0 fd 06 00 cc e6 b2 77 - 00 00 00 00 00 00 00 00 .......w........ 0006f318 01 00 00 00 3c f3 06 00 - e2 00 ac 77 c8 e6 b2 77 ....<......w...w 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 c8 e6 b2 77 5c f3 06 00 - 38 00 ac 77 cc e6 b2 77 ...w\...8..w...w 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 47 ff ab 77 cc e6 b2 77 ........G..w...w 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x6e4 eax=008451b0 ebx=00000000 ecx=7c5747f0 edx=00000000 esi=77f82865 edi=0000008c eip=77f82870 esp=0109fd48 ebp=0109fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:021a9c2f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 0000008C FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 8c 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 90 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 8c 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x708 eax=77d358be ebx=00086d20 ecx=00000000 edx=00000000 esi=0007dc30 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC30 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863F0 0121FFEC 7C57438B 00086D20 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D20 00000000 00000000 00086D20 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x72c eax=77ab502c ebx=00000102 ecx=00074540 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x6f0 eax=0000001c ebx=00000000 ecx=0129ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e117e8 esp=0129ff2c ebp=0129ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e117dd b836120000 mov eax,0x1236 77e117e2 8d542404 lea edx,[esp+0x4] ss:023a9e13=???????? 77e117e6 cd2e int 2e 77e117e8 c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!WaitMessage 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x718 eax=778321fe ebx=00000003 ecx=0006b9fc edx=00000000 esi=77f82873 edi=00000003 eip=77f8287e esp=018ffd24 ebp=018ffd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a09c0b=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 018FFD70 7C578F0D 018FFD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 018FFFB4 7C57438B 00000004 7FFDE000 7C325107 000B0990 kernel32!WaitForMultipleObjects 018FFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x25c eax=0193e318 ebx=00000006 ecx=0000010c edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=0193fd98 ebp=0193fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a49c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0193FDE4 77E119E6 0193FDBC 00000001 00000000 0193FDDC ntdll!NtWaitForMultipleObjects 0193FE40 77E11ACE 0193FE0C 0193FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0193FE5C 78319390 00000005 0193FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 000002D8 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x714 eax=00000202 ebx=0199ff74 ecx=00000010 edx=00000000 esi=77f82865 edi=000002bc eip=77f82870 esp=0199ff58 ebp=0199ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02aa9e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0199FF7C 7C573B50 000002BC 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0199ff58 28 3b 57 7c bc 02 00 00 - 00 00 00 00 74 ff 99 01 (;W|........t... 0199ff68 00 00 00 00 20 33 35 01 - 60 20 f8 77 00 44 5f 9a .... 35.` .w.D_. 0199ff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c bc 02 00 00 ..... .wP;W|.... 0199ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 bc 02 00 00 .'......U..p.... 0199ff98 c0 27 09 00 05 00 00 00 - 20 33 35 01 ec ff 99 01 .'...... 35..... 0199ffa8 20 33 35 01 95 d7 cf 70 - e8 a0 0c 00 6f d7 cf 70 35....p....o..p 0199ffb8 8b 43 57 7c 20 33 35 01 - 05 00 00 00 e8 a0 0c 00 .CW| 35......... 0199ffc8 20 33 35 01 00 70 fd 7f - c8 8a 09 00 c0 ff 99 01 35..p.......... 0199ffd8 c8 8a 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c ..........W|..W| 0199ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 0199fff8 20 33 35 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 35........o..?. 019a0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019a0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019a0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019a0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019a0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019a0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019a0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019a0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019a0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x6ec eax=00000000 ebx=019fff74 ecx=7ffd6000 edx=00000000 esi=77f82865 edi=000002f4 eip=77f82870 esp=019fff58 ebp=019fff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b09e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019FFF7C 7C573B50 000002F4 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x70c eax=01a8f544 ebx=01a8f6f8 ecx=0000005a edx=01a8f544 esi=01a8f568 edi=00000000 eip=77f85269 esp=01a8f528 ebp=01a8f554 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: RtlAppendUnicodeStringToString 77f85268 55 push ebp 77f85269 8bec mov ebp,esp 77f8526b 8b4d0c mov ecx,[ebp+0xc] ss:02b9943a=???????? 77f8526e 53 push ebx 77f8526f 56 push esi 77f85270 57 push edi 77f85271 668b11 mov dx,[ecx] ds:0000005a=???? 77f85274 6685d2 test dx,dx 77f85277 89550c mov [ebp+0xc],edx ss:02b9943a=???????? 77f8527a 7444 jz ZwFlushInstructionCache+0x89 (77f8ddc0) 77f8527c 8b7508 mov esi,[ebp+0x8] ss:02b9943a=???????? 77f8527f 0fb7fa movzx edi,dx 77f85282 0fb706 movzx eax,word ptr [esi] ds:01a8f568=008a *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A8F528 7C2D330D 01A8F544 01A8F7BC 01A8F7BC 00000000 ntdll!RtlAppendUnicodeStringToString 01A8F554 7C2D3204 0000000A 01A8F7BC 01A8F6EC 0000008A advapi32!RegSetValueExA 01A8F700 7C2D19CC 0000000A 01A8F7BC 00000000 02000000 advapi32!RegSetValueExA 01A8F794 7C2D1D82 0000000A 01A8F7BC 00000000 02000000 advapi32!RegCloseKey 01A8F7C8 7C2D1DD8 80000000 01A8FA08 00000000 02000000 advapi32!RegOpenKeyExW 01A8FC40 77B0A60B 01A8FC68 00000001 000C4248 00000000 advapi32!RegOpenKeyW 01A8FE88 7116E2AC 00000000 00000001 01A8FEA8 01A8FEC0 ole32!StgGetIFillLockBytesOnFile 01A8FEB8 7116E223 00000000 01A8FED8 00000002 000D6DC8 !DllGetClassObject 01A8FEDC 7116E3AB 000D6DC8 000D6A78 000D6A78 80004005 !DllGetClassObject 01A8FEF4 7116E375 00000002 000D6DC8 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01a8f528 54 f5 a8 01 0d 33 2d 7c - 44 f5 a8 01 bc f7 a8 01 T....3-|D....... 01a8f538 bc f7 a8 01 00 00 00 00 - 0a 00 00 00 8a 00 e6 00 ................ 01a8f548 6c f5 a8 01 80 01 00 00 - fc f6 a8 01 00 f7 a8 01 l............... 01a8f558 04 32 2d 7c 0a 00 00 00 - bc f7 a8 01 ec f6 a8 01 .2-|............ 01a8f568 8a 00 00 00 5c 00 52 00 - 45 00 47 00 49 00 53 00 ....\.R.E.G.I.S. 01a8f578 54 00 52 00 59 00 5c 00 - 55 00 73 00 65 00 72 00 T.R.Y.\.U.s.e.r. 01a8f588 5c 00 53 00 2d 00 31 00 - 2d 00 35 00 2d 00 32 00 \.S.-.1.-.5.-.2. 01a8f598 31 00 2d 00 37 00 39 00 - 30 00 35 00 32 00 35 00 1.-.7.9.0.5.2.5. 01a8f5a8 34 00 37 00 38 00 2d 00 - 31 00 36 00 30 00 36 00 4.7.8.-.1.6.0.6. 01a8f5b8 39 00 38 00 30 00 38 00 - 34 00 38 00 2d 00 31 00 9.8.0.8.4.8.-.1. 01a8f5c8 39 00 35 00 37 00 39 00 - 39 00 34 00 34 00 38 00 9.5.7.9.9.4.4.8. 01a8f5d8 38 00 2d 00 31 00 30 00 - 30 00 30 00 5f 00 43 00 8.-.1.0.0.0._.C. 01a8f5e8 6c 00 61 00 73 00 73 00 - 65 00 73 00 5c 00 00 00 l.a.s.s.e.s.\... 01a8f5f8 31 00 31 00 43 00 45 00 - 38 00 36 00 7d 00 5c 00 1.1.C.E.8.6.}.\. 01a8f608 49 00 6d 00 70 00 6c 00 - 65 00 6d 00 65 00 6e 00 I.m.p.l.e.m.e.n. 01a8f618 74 00 65 00 64 00 20 00 - 43 00 61 00 74 00 65 00 t.e.d. .C.a.t.e. 01a8f628 67 00 6f 00 72 00 69 00 - 65 00 73 00 5c 00 7b 00 g.o.r.i.e.s.\.{. 01a8f638 30 00 30 00 40 db 0f 00 - 78 01 07 00 40 db 0f 00 0.0.@...x...@... 01a8f648 78 01 07 00 38 db 0f 00 - 30 00 2d 00 30 00 30 00 x...8...0.-.0.0. 01a8f658 30 00 30 00 2d 00 43 00 - 30 00 30 00 30 00 2d 00 0.0.-.C.0.0.0.-. State Dump for Thread Id 0x4c0 eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01b5fe5c ebp=01b5fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02c69d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B5FEA8 77E119E6 01B5FE80 00000001 00000000 01B5FEA0 ntdll!NtWaitForMultipleObjects 01B5FF04 77E11ACE 01B5FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01B5FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01B5FF74 70C1AB1B 01B5FFA0 01B5FFA4 01B5FFA8 01B5FF9C !Ordinal265 01B5FFAC 70C1ACDF 00000000 7C57438B 00000000 00000000 !Ordinal293 01B5FFEC 00000000 70C1ACAF 00000000 00000000 00505A4D !Ordinal293 *----> Raw Stack Dump <----* 01b5fe5c 23 3c 57 7c 02 00 00 00 - 80 fe b5 01 01 00 00 00 # System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1424 cmd.exe 1272 iexplore.exe 1536 cmd.exe 900 MsiExec.exe 1532 MsiExec.exe 1808 taskmgr.exe 360 explorer.exe 1804 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (7C0F0000 - 7C151000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01BE0000 - 01BEF000) State Dump for Thread Id 0x6fc eax=00000000 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd8 edi=0008c56c eip=0006f29c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f28a 06 push es 0006f28b 00fc add ah,bh 0006f28d 730d jnb 0006f29c 0006f28f 00d8 add al,bl 0006f291 5f pop edi 0006f292 a5 movsd ds:77a55fd8=00000001 es:0008c56c=6ac3806f 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? 0006f2a3 0000 add [eax],al ds:00000000=?? 0006f2a5 0000 add [eax],al ds:00000000=?? 0006f2a7 00c4 add ah,al 0006f2a9 f206 repne push es 0006f2ab 00e0 add al,ah 0006f2ad 730d jnb 0006f2bc 0006f2af 0000 add [eax],al ds:00000000=?? 0006f2b1 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 d8 5f a5 77 c4 f2 06 00 - 01 00 00 00 54 e0 ab 77 ._.w........T..w 0006f248 54 f2 06 00 d8 5f a5 77 - c4 f2 06 00 c0 4f a5 77 T...._.w.....O.w 0006f258 01 00 00 00 48 c5 08 00 - e0 73 0d 00 00 00 00 00 ....H....s...... 0006f268 54 f2 06 00 dc f2 06 00 - 7c f3 ab 77 8c f2 06 00 T.......|..w.... 0006f278 be fc ab 77 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...w............ 0006f288 10 f8 06 00 fc 73 0d 00 - d8 5f a5 77 00 00 00 00 .....s..._.w.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 e0 73 0d 00 - 00 00 00 00 05 40 00 80 .....s.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - fc 73 0d 00 00 00 00 00 P........s...... 0006f2c8 01 00 00 00 00 05 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 4d fa b0 77 88 e6 b2 77 `.......M..w...w 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 c8 e6 b2 77 ...............w 0006f2f8 1c f3 06 00 1b 05 ac 77 - 10 f8 06 00 00 00 00 00 .......w........ 0006f308 d0 fd 06 00 cc e6 b2 77 - 00 00 00 00 00 00 00 00 .......w........ 0006f318 01 00 00 00 3c f3 06 00 - e2 00 ac 77 c8 e6 b2 77 ....<......w...w 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 c8 e6 b2 77 5c f3 06 00 - 38 00 ac 77 cc e6 b2 77 ...w\...8..w...w 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 47 ff ab 77 cc e6 b2 77 ........G..w...w 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x6c4 eax=008451b0 ebx=00000000 ecx=7c5747f0 edx=00000000 esi=77f82865 edi=00000090 eip=77f82870 esp=0109fd48 ebp=0109fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:021a9c2f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 00000090 FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 90 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 94 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 90 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x6dc eax=77d358be ebx=00086d20 ecx=00000000 edx=00000000 esi=0007dc30 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC30 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863F0 0121FFEC 7C57438B 00086D20 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D20 00000000 00000000 00086D20 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x364 eax=77ab502c ebx=00000102 ecx=00074540 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x698 eax=0000001c ebx=00000000 ecx=0129ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e117e8 esp=0129ff2c ebp=0129ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e117dd b836120000 mov eax,0x1236 77e117e2 8d542404 lea edx,[esp+0x4] ss:023a9e13=???????? 77e117e6 cd2e int 2e 77e117e8 c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!WaitMessage 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x670 eax=000b3000 ebx=00000006 ecx=017ae4e0 edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=017afd98 ebp=017afde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:028b9c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 017AFDE4 77E119E6 017AFDBC 00000001 00000000 017AFDDC ntdll!NtWaitForMultipleObjects 017AFE40 77E11ACE 017AFE0C 017AFEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 017AFE5C 78319390 00000005 017AFEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 00000228 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 017afd98 23 3c 57 7c 06 00 00 00 - bc fd 7a 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0194FD70 7C578F0D 0194FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0194FFB4 7C57438B 00000004 7FFDE000 7C325107 000B53C0 kernel32!WaitForMultipleObjects 0194FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6ac eax=00000202 ebx=019aff74 ecx=00000010 edx=00000000 esi=77f82865 edi=000002bc eip=77f82870 esp=019aff58 ebp=019aff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02ab9e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019AFF7C 7C573B50 000002BC 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 019aff58 28 3b 57 7c bc 02 00 00 - 00 00 00 00 74 ff 9a 01 (;W|........t... 019aff68 00 00 00 00 20 33 35 01 - 60 20 f8 77 00 44 5f 9a .... 35.` .w.D_. 019aff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c bc 02 00 00 ..... .wP;W|.... 019aff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 bc 02 00 00 .'......U..p.... 019aff98 c0 27 09 00 05 00 00 00 - 20 33 35 01 ec ff 9a 01 .'...... 35..... 019affa8 20 33 35 01 95 d7 cf 70 - 48 a6 0c 00 6f d7 cf 70 35....pH...o..p 019affb8 8b 43 57 7c 20 33 35 01 - 05 00 00 00 48 a6 0c 00 .CW| 35.....H... 019affc8 20 33 35 01 00 70 fd 7f - c8 8a 09 00 c0 ff 9a 01 35..p.......... 019affd8 c8 8a 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c ..........W|..W| 019affe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 019afff8 20 33 35 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 35........o..?. 019b0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019b0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019b0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019b0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019b0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019b0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019b0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019b0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019b0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x330 eax=00000000 ebx=01a0ff74 ecx=7ffd6000 edx=00000000 esi=77f82865 edi=000002f4 eip=77f82870 esp=01a0ff58 ebp=01a0ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b19e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A0FF7C 7C573B50 000002F4 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x6c0 eax=01bef9d8 ebx=00000002 ecx=01be01a0 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01a9fe5c ebp=01a9fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02ba9d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A9FEA8 77E119E6 01A9FE80 00000001 00000000 01A9FEA0 ntdll!NtWaitForMultipleObjects 01A9FF04 77E11ACE 01A9FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01A9FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01A9FF74 70C1AB1B 01A9FFA0 01A9FFA4 01A9FFA8 01A9FF9C !Ordinal265 01A9FFAC 70C1ACDF 0006E81C 7C57438B 00000000 00000001 !Ordinal293 01A9FFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !Ordinal293 *----> Raw Stack Dump <----* 01a9fe5c 23 3c 57 7c 02 00 00 00 - 80 fe a9 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B1F544 7C2D3220 01B1F6EC 0000000A 01B1F7BC 02000000 ntdll!NtOpenKey 01B1F700 7C2D19CC 0000000A 01B1F7BC 00000000 02000000 advapi32!RegSetValueExA 01B1F794 7C2D1D82 0000000A 01B1F7BC 00000000 02000000 advapi32!RegCloseKey 01B1F7C8 7C2D1DD8 80000000 01B1FA08 00000000 02000000 advapi32!RegOpenKeyExW 01B1FC40 77B0A60B 01B1FC68 00000001 000C46B0 00000000 advapi32!RegOpenKeyW 01B1FE88 7116E2AC 00000000 00000001 01B1FEA8 01B1FEC0 ole32!StgGetIFillLockBytesOnFile 01B1FEB8 7116E223 00000000 01B1FED8 00000002 000D5190 !DllGetClassObject 01B1FEDC 7116E3AB 000D5190 000C84F8 000C84F8 80004005 !DllGetClassObject 01B1FEF4 7116E375 00000002 000D5190 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01b1f500 29 35 2d 7c 30 fc b1 01 - 00 00 00 02 1c f5 b1 01 )5-|0........... 01b1f510 bc f7 b1 01 00 00 00 00 - 0a 00 00 00 18 00 00 00 ................ 01b1f520 00 00 00 00 34 f5 b1 01 - 40 00 00 00 00 00 00 00 ....4...@....... 01b1f530 00 00 00 00 9e 00 62 01 - 70 4d 08 00 70 4d 08 00 ......b.pM..pM.. 01b1f540 0a 00 44 00 00 f7 b1 01 - 20 32 2d 7c ec f6 b1 01 ..D..... 2-|.... 01b1f550 0a 00 00 00 bc f7 b1 01 - 00 00 00 02 03 00 00 00 ................ 01b1f560 30 fc b1 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 0...........\.R. 01b1f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01b1f580 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 01b1f590 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 01b1f5a0 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 01b1f5b0 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 01b1f5c0 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 01b1f5d0 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 01b1f5e0 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 01b1f5f0 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 01b1f600 5c 00 7b 00 36 00 35 00 - 33 00 30 00 33 00 34 00 \.{.6.5.3.0.3.4. 01b1f610 34 00 33 00 2d 00 41 00 - 44 00 36 00 36 00 2d 00 4.3.-.A.D.6.6.-. 01b1f620 31 00 31 00 44 00 31 00 - 2d 00 39 00 44 00 36 00 1.1.D.1.-.9.D.6. 01b1f630 35 00 2d 00 30 00 30 00 - 43 00 30 00 34 00 46 00 5.-.0.0.C.0.4.F. State Dump for Thread Id 0x6f4 eax=01bea018 ebx=00000002 ecx=01be0250 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01b5fe5c ebp=01b5fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02c69d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B5FEA8 77E119E6 01B5FE80 00000001 00000000 01B5FEA0 ntdll!NtWaitForMultipleObjects 01B5FF04 77E11ACE 01B5FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01B5FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01B5FF74 70C1AB1B 01B5FFA0 01B5FFA4 01B5FFA8 01B5FF9C !Ordinal265 01B5FFAC 70C1ACDF 00430020 7C57438B 00000000 006E006F !Ordinal293 01B5FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293 Application exception occurred: App: explorer.exe (pid=596) When: 7/1/2005 @ 17:52:48.003 Exception number: c0000096 (privileged instruction) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1272 iexplore.exe 900 MsiExec.exe 1532 MsiExec.exe 1364 navapsvc.exe 1808 NMain.exe 1452 Navw32.exe 1472 taskmgr.exe 596 explorer.exe 844 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (7C0F0000 - 7C151000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (01B90000 - 01B9F000) (76F20000 - 76F97000) State Dump for Thread Id 0x720 eax=00000000 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd8 edi=0008e5cc eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27d f206 repne push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00f4 add ah,dh 0006f28d 45 inc ebp 0006f28e 0c00 or al,0x0 0006f290 d85fa5 fcomp dword ptr [edi+0xa5] ds:011984b2=???????? 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 d8 5f a5 77 c4 f2 06 00 - 01 00 00 00 54 e0 ab 77 ._.w........T..w 0006f248 54 f2 06 00 d8 5f a5 77 - c4 f2 06 00 c0 4f a5 77 T...._.w.....O.w 0006f258 01 00 00 00 a8 e5 08 00 - d8 45 0c 00 00 00 00 00 .........E...... 0006f268 54 f2 06 00 dc f2 06 00 - 7c f3 ab 77 8c f2 06 00 T.......|..w.... 0006f278 be fc ab 77 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...w............ 0006f288 10 f8 06 00 f4 45 0c 00 - d8 5f a5 77 00 00 00 00 .....E..._.w.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 d8 45 0c 00 - 00 00 00 00 05 40 00 80 .....E.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - f4 45 0c 00 00 00 00 00 P........E...... 0006f2c8 01 00 00 00 f0 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 4d fa b0 77 88 e6 b2 77 `.......M..w...w 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 c8 e6 b2 77 ...............w 0006f2f8 1c f3 06 00 1b 05 ac 77 - 10 f8 06 00 00 00 00 00 .......w........ 0006f308 d0 fd 06 00 cc e6 b2 77 - 00 00 00 00 00 00 00 00 .......w........ 0006f318 01 00 00 00 3c f3 06 00 - e2 00 ac 77 c8 e6 b2 77 ....<......w...w 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 c8 e6 b2 77 5c f3 06 00 - 38 00 ac 77 cc e6 b2 77 ...w\...8..w...w 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 47 ff ab 77 cc e6 b2 77 ........G..w...w 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x4c8 eax=008451b0 ebx=00000000 ecx=7c5747f0 edx=00000000 esi=77f82865 edi=00000080 eip=77f82870 esp=0109fd48 ebp=0109fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:021a9c2f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 00000080 FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 80 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 84 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 80 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x4e8 eax=77d358be ebx=00086d10 ecx=00000000 edx=00000000 esi=0007dc20 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC20 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863E0 0121FFEC 7C57438B 00086D10 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D10 00000000 00000000 00086D10 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6fc eax=77ab502c ebx=00000102 ecx=00074548 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x734 eax=00000001 ebx=0048ef00 ecx=e3010101 edx=00000000 esi=00000411 edi=00000438 eip=77e12bef esp=0129fc34 ebp=0129fc68 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: CharUpperBuffA 77e12bd6 e177 loope ScrollWindowEx+0xf7 (77e2104f) 77e12bd8 e42b in al,2b 77e12bda e177 loope ScrollWindowEx+0xfb (77e21053) 77e12bdc e42b in al,2b 77e12bde e177 loope ScrollWindowEx+0xff (77e21057) 77e12be0 e42b in al,2b 77e12be2 e177 loope WINNLSGetIMEHotkey+0x1b82 (77e1e45b) 77e12be4 b8bc110000 mov eax,0x11bc 77e12be9 8d542404 lea edx,[esp+0x4] ss:023a9b1b=???????? 77e12bed cd2e int 2e 77e12bef c21c00 ret 0x1c 77e12bf2 64a118000000 mov eax,fs:[00000018] fs:00000018=???????? 77e12bf8 83784000 cmp dword ptr [eax+0x40],0x0 ds:01109ee7=???????? 77e12bfc 0f84b1dd0200 je GetMenuStringW+0x1ca3 (77e409b3) 77e12c02 64a118000000 mov eax,fs:[00000018] fs:00000018=???????? 77e12c08 8b4040 mov eax,[eax+0x40] ds:01109ee7=???????? 77e12c0b c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FC68 77E139E5 0048EF00 00000411 00000438 00000254 user32!CharUpperBuffA 0129FC88 7830A6EC 001102D0 00000411 00000438 00000254 user32!SendMessageW 0129FCCC 7832C9FB 000E02BC 00008003 0C02B7FF 0000C08B shell32!Ordinal2 0129FCEC 7118DF82 000E02BC 00008003 0C02B7FF 0000C08B shell32!Ordinal640 0129FD14 7118ECFB 000E02BC 0000C08B 0008F988 0C02B7FF !DllCanUnloadNow 0129FD68 0040AB03 0007D064 00403F38 00000005 00000000 !DllCanUnloadNow 0129FD98 0040AAB4 00403F38 00000005 00000000 00000000 explorer! 0129FDCC 0040335F 0129FF30 0129FF38 C0000000 0000000F explorer! 0129FE6C 77E11EF0 000A030A 00000559 00000000 00000000 explorer! 0129FE8C 77E1204C 00402C70 000A030A 00000559 00000000 user32!MsgWaitForMultipleObjects 0129FF18 77E121AF 0129FF30 00000000 0040A98C 0129FF30 user32!TranslateMessageEx 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!DispatchMessageW 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6f0 eax=0009c668 ebx=00000006 ecx=0009cd68 edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=0136fd98 ebp=0136fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02479c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0136FDE4 77E119E6 0136FDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0136FE40 77E11ACE 0136FE0C 0136FEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 0136FE5C 78319390 00000005 0136FEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 000002D4 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0136fd98 23 3c 57 7c 06 00 00 00 - bc fd 36 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0196FD70 7C578F0D 0196FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0196FFB4 7C57438B 00000004 7FFDE000 7C325107 000B4F38 kernel32!WaitForMultipleObjects 0196FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x340 eax=013a2f80 ebx=019cff74 ecx=00000004 edx=00000000 esi=77f82865 edi=000002b8 eip=77f82870 esp=019cff58 ebp=019cff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02ad9e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019CFF7C 7C573B50 000002B8 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 019cff58 28 3b 57 7c b8 02 00 00 - 00 00 00 00 74 ff 9c 01 (;W|........t... 019cff68 00 00 00 00 20 33 3a 01 - 60 20 f8 77 00 44 5f 9a .... 3:.` .w.D_. 019cff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c b8 02 00 00 ..... .wP;W|.... 019cff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 b8 02 00 00 .'......U..p.... 019cff98 c0 27 09 00 05 00 00 00 - 20 33 3a 01 ec ff 9c 01 .'...... 3:..... 019cffa8 20 33 3a 01 95 d7 cf 70 - e0 47 0d 00 6f d7 cf 70 3:....p.G..o..p 019cffb8 8b 43 57 7c 20 33 3a 01 - 05 00 00 00 e0 47 0d 00 .CW| 3:......G.. 019cffc8 20 33 3a 01 00 70 fd 7f - d0 ce 09 00 c0 ff 9c 01 3:..p.......... 019cffd8 d0 ce 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c ..........W|..W| 019cffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 019cfff8 20 33 3a 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 3:........o..?. 019d0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019d0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019d0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019d0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019d0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019d0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019d0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019d0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019d0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x6f4 eax=00000000 ebx=01a2ff74 ecx=7ffd6000 edx=00000000 esi=77f82865 edi=000002e4 eip=77f82870 esp=01a2ff58 ebp=01a2ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b39e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A2FF7C 7C573B50 000002E4 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x6cc eax=01e8a1c8 ebx=00000000 ecx=01db0278 edx=00000000 esi=00000000 edi=00000374 eip=77f82926 esp=01abea30 ebp=01abeaa0 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtReadFile 77f8291b b8a1000000 mov eax,0xa1 77f82920 8d542404 lea edx,[esp+0x4] ss:02bc8917=???????? 77f82924 cd2e int 2e 77f82926 c22400 ret 0x24 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01ABEAA0 70C185FA 00000374 000F9024 00001000 01ABEAD8 ntdll!NtReadFile 01ABEAD0 7832D4AE 00000000 01ABED00 00000004 01ABED04 !Ordinal485 01ABED08 7832D91B 0008DF78 000F9008 782F4D48 00000050 shell32!SHPathPrepareForWriteW 01ABEF30 7832D8D0 01ABEF58 782FB86B 0008DF7C 01ABEF58 shell32!Ordinal26 01ABF3C4 78304268 0008FB30 000D7048 0008DF7C 782F3448 shell32!Ordinal26 01ABFA04 782FB16A 00000000 000D7048 78305550 01ABFA70 shell32!SHGetFileInfoA 01ABFA34 78303EE3 0008FB34 00000000 00000001 01ABFA74 shell32!SHChangeNotify 01ABFA64 7830B62E 0008FB34 00000000 000D7048 00000000 shell32!Ordinal77 01ABFEB0 7831AC35 0008FB38 11021000 00000000 000D7030 shell32!Ordinal654 01ABFECC 78303F1C 0008FB38 000D7048 00000000 000D7030 shell32!Ordinal243 01ABFEF0 78333491 0008DC10 0008F460 000D7048 00000000 shell32!Ordinal77 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal709 *----> Raw Stack Dump <----* 01abea30 d1 85 57 7c 74 03 00 00 - 00 00 00 00 00 00 00 00 ..W|t........... 01abea40 00 00 00 00 78 ea ab 01 - 24 90 0f 00 00 10 00 00 ....x...$....... 01abea50 00 00 00 00 00 00 00 00 - 00 10 00 00 04 00 00 00 ................ 01abea60 08 90 0f 00 02 00 00 00 - 01 01 0c 00 20 03 fd 77 ............ ..w 01abea70 d0 c1 fc 77 00 00 00 00 - 01 00 00 00 84 00 1a 02 ...w............ 01abea80 a0 6a 09 00 ff ff ff ff - 58 ea ab 01 00 ed ab 01 .j......X....... 01abea90 dc ff ab 01 97 e5 57 7c - 00 86 57 7c ff ff ff ff ......W|..W|.... 01abeaa0 d0 ea ab 01 fa 85 c1 70 - 74 03 00 00 24 90 0f 00 .......pt...$... 01abeab0 00 10 00 00 d8 ea ab 01 - 00 00 00 00 08 90 0f 00 ................ 01abeac0 70 df 08 00 78 df 08 00 - 04 00 00 00 00 00 00 00 p...x........... 01abead0 08 ed ab 01 ae d4 32 78 - 00 00 00 00 00 ed ab 01 ......2x........ 01abeae0 04 00 00 00 04 ed ab 01 - 00 00 00 00 70 df 08 00 ............p... 01abeaf0 71 88 c1 70 18 25 f8 77 - ff ff ff ff 00 00 00 00 q..p.%.w........ 01abeb00 d5 43 57 7c 44 eb ab 01 - 03 00 1f 00 48 eb ab 01 .CW|D.......H... 01abeb10 f9 43 57 7c 00 00 00 00 - 00 00 00 00 28 17 0c 00 .CW|........(... 01abeb20 38 df 0f 00 08 00 00 00 - ff ff ff ff 40 eb ab 01 8...........@... 01abeb30 10 eb ab 01 dc ff ab 01 - dc ff ab 01 97 e5 57 7c ..............W| 01abeb40 98 39 57 7c 30 04 00 00 - 94 eb ab 01 e1 7a 30 78 .9W|0........z0x 01abeb50 00 00 00 00 00 00 00 00 - 00 00 00 00 c0 5f 08 00 ............._.. 01abeb60 f1 bf 2f 78 70 df 08 00 - a5 79 30 78 b0 df 08 00 ../xp....y0x.... State Dump for Thread Id 0x6ac eax=00000001 ebx=00000002 ecx=00000000 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01b3fe5c ebp=01b3fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02c49d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B3FEA8 77E119E6 01B3FE80 00000001 00000000 01B3FEA0 ntdll!NtWaitForMultipleObjects 01B3FF04 77E11ACE 01B3FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01B3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01B3FF74 70C1AB1B 01B3FFA0 01B3FFA4 01B3FFA8 01B3FF9C !Ordinal265 01B3FFAC 70C1ACDF 0006E7D0 7C57438B 00000000 7C573998 !Ordinal293 01B3FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293 State Dump for Thread Id 0x6c4 eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01b7fe5c ebp=01b7fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02c89d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B7FEA8 77E119E6 01B7FE80 00000001 00000000 01B7FEA0 ntdll!NtWaitForMultipleObjects 01B7FF04 77E11ACE 01B7FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01B7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01B7FF74 70C1AB1B 01B7FFA0 01B7FFA4 01B7FFA8 01B7FF9C !Ordinal265 01B7FFAC 70C1ACDF 00000000 7C57438B 00000000 00000000 !Ordinal293 01B7FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293 Application exception occurred: App: explorer.exe (pid=1520) When: 7/1/2005 @ 17:53:22.583 Exception number: c0000096 (privileged instruction) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1272 iexplore.exe 900 MsiExec.exe 1532 MsiExec.exe 1364 navapsvc.exe 1808 NMain.exe 1452 Navw32.exe 1472 taskmgr.exe 1520 explorer.exe 1640 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (7C0F0000 - 7C151000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (01B90000 - 01B9F000) (76F20000 - 76F97000) State Dump for Thread Id 0x774 eax=00000000 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd8 edi=0008c538 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27d f206 repne push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 006c2007 add [eax+0x7],ch ds:01109ee7=?? 0006f28f 00d8 add al,bl 0006f291 5f pop edi 0006f292 a5 movsd ds:77a55fd8=00000001 es:0008c538=6ac3806f 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 d8 5f a5 77 c4 f2 06 00 - 01 00 00 00 54 e0 ab 77 ._.w........T..w 0006f248 54 f2 06 00 d8 5f a5 77 - c4 f2 06 00 c0 4f a5 77 T...._.w.....O.w 0006f258 01 00 00 00 14 c5 08 00 - 50 20 07 00 00 00 00 00 ........P ...... 0006f268 54 f2 06 00 dc f2 06 00 - 7c f3 ab 77 8c f2 06 00 T.......|..w.... 0006f278 be fc ab 77 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...w............ 0006f288 10 f8 06 00 6c 20 07 00 - d8 5f a5 77 00 00 00 00 ....l ..._.w.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 50 20 07 00 - 00 00 00 00 05 40 00 80 ....P .......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 6c 20 07 00 00 00 00 00 P.......l ...... 0006f2c8 01 00 00 00 00 05 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 4d fa b0 77 88 e6 b2 77 `.......M..w...w 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 c8 e6 b2 77 ...............w 0006f2f8 1c f3 06 00 1b 05 ac 77 - 10 f8 06 00 00 00 00 00 .......w........ 0006f308 d0 fd 06 00 cc e6 b2 77 - 00 00 00 00 00 00 00 00 .......w........ 0006f318 01 00 00 00 3c f3 06 00 - e2 00 ac 77 c8 e6 b2 77 ....<......w...w 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 c8 e6 b2 77 5c f3 06 00 - 38 00 ac 77 cc e6 b2 77 ...w\...8..w...w 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 47 ff ab 77 cc e6 b2 77 ........G..w...w 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x77c eax=008451b0 ebx=00000000 ecx=7c5747f0 edx=00000000 esi=77f82865 edi=00000080 eip=77f82870 esp=0109fd48 ebp=0109fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:021a9c2f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 00000080 FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 80 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 84 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 80 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x778 eax=77d358be ebx=00086d20 ecx=00000000 edx=00000000 esi=0007dc30 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC30 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863F0 0121FFEC 7C57438B 00086D20 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D20 00000000 00000000 00086D20 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x720 eax=77ab502c ebx=00000102 ecx=00074540 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x6cc eax=0009d000 ebx=00000000 ecx=0129fb50 edx=00000000 esi=00000000 edi=00000000 eip=77e117e8 esp=0129ff2c ebp=0129ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e117dd b836120000 mov eax,0x1236 77e117e2 8d542404 lea edx,[esp+0x4] ss:023a9e13=???????? 77e117e6 cd2e int 2e 77e117e8 c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!WaitMessage 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6f4 eax=0009bd38 ebx=00000006 ecx=0009b9c0 edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=0136fd98 ebp=0136fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02479c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0136FDE4 77E119E6 0136FDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0136FE40 77E11ACE 0136FE0C 0136FEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 0136FE5C 78319390 00000005 0136FEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 000001D4 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000004 00000004 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0136fd98 23 3c 57 7c 06 00 00 00 - bc fd 36 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0196FD70 7C578F0D 0196FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0196FFB4 7C57438B 00000004 7FFDE000 7C325107 000B4F30 kernel32!WaitForMultipleObjects 0196FFEC 00000000 778321FE 000B4F30 00000000 00000000 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0196fd24 23 3c 57 7c 03 00 00 00 - 48 fd 96 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019DFF7C 7C573B50 000002C4 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 019dff58 28 3b 57 7c c4 02 00 00 - 00 00 00 00 74 ff 9d 01 (;W|........t... 019dff68 00 00 00 00 20 33 39 01 - 60 20 f8 77 00 44 5f 9a .... 39.` .w.D_. 019dff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c c4 02 00 00 ..... .wP;W|.... 019dff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 c4 02 00 00 .'......U..p.... 019dff98 c0 27 09 00 05 00 00 00 - 20 33 39 01 ec ff 9d 01 .'...... 39..... 019dffa8 20 33 39 01 95 d7 cf 70 - e0 47 0d 00 6f d7 cf 70 39....p.G..o..p 019dffb8 8b 43 57 7c 20 33 39 01 - 05 00 00 00 e0 47 0d 00 .CW| 39......G.. 019dffc8 20 33 39 01 00 70 fd 7f - 78 d9 09 00 c0 ff 9d 01 39..p..x....... 019dffd8 78 d9 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c x.........W|..W| 019dffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 019dfff8 20 33 39 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 39........o..?. 019e0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019e0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019e0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019e0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019e0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019e0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019e0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019e0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019e0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x734 eax=70eb8078 ebx=01a3ff74 ecx=000c7788 edx=00000000 esi=77f82865 edi=0000020c eip=77f82870 esp=01a3ff58 ebp=01a3ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b49e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A3FF7C 7C573B50 0000020C 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x4e8 eax=006c0035 ebx=00000000 ecx=01acf10c edx=01acf174 esi=00000065 edi=00000000 eip=77f87ce4 esp=01acecb8 ebp=01aceccc iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: RtlIsDosDeviceName_U 77f87ccb 85c0 test eax,eax 77f87ccd 0f8c96260100 jl ZwSetContextChannel+0x168 (77f9a369) 77f87cd3 8d45f8 lea eax,[ebp+0xf8] ss:02bd8bb2=???????? 77f87cd6 50 push eax 77f87cd7 e8d1fbffff call RtlGetUserInfoHeap+0x384 (77f878ad) 77f87cdc c9 leave 77f87cdd c20400 ret 0x4 77f87ce0 4a dec edx 77f87ce1 4a dec edx 77f87ce2 3bd1 cmp edx,ecx 77f87ce4 0f825e170000 jb LdrUnloadAlternateResourceModule+0x27a (77f89448) 77f87cea 668b32 mov si,[edx] ds:01acf174=0065 77f87ced 6683fe5c cmp si,0x5c 77f87cf1 0f844bfcffff je RtlGetUserInfoHeap+0x419 (77f87942) 77f87cf7 6683fe2f cmp si,0x2f 77f87cfb 0f8441fcffff je RtlGetUserInfoHeap+0x419 (77f87942) 77f87d01 6683fe3a cmp si,0x3a 77f87d05 75d9 jnz RtlLookupAtomInAtomTable+0xf8 (77f966e0) 77f87d07 e926f9ffff jmp RtlGetUserInfoHeap+0x109 (77f87632) 77f87d0c 8b55a0 mov edx,[ebp+0xa0] ss:02bd8bb2=???????? 77f87d0f 83c202 add edx,0x2 77f87d12 668b32 mov si,[edx] ds:01acf174=0065 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01ACECCC 77F8775B 01ACED3C 00000208 0000021A 000721D8 ntdll!RtlIsDosDeviceName_U 01ACED80 77F87B78 01ACF004 00000208 01ACEDC0 00000000 ntdll!RtlGetUserInfoHeap 01ACF034 77F85191 01ACF10C 01ACF09C 00000000 01ACF090 ntdll!RtlDosPathNameToNtPathName_U 01ACF0A4 77F8520B 01ACF10C 00000001 7C576CEC 01ACF10C ntdll!RtlQueryEnvironmentVariable_U 01ACF0E0 77E3319A 00000000 01ACF10C 00000000 00000208 ntdll!RtlDoesFileExists_U 01ACF53C 7830012F 01ACF824 00000000 00100020 00100020 user32!PrivateExtractIconsW 01ACF564 78300571 01ACF824 00000000 00100020 00100020 shell32!SHAppBarMessage 01ACF59C 78303514 01ACF824 00000000 0000000A 01ACFA30 shell32!Ordinal6 01ACF5C8 783360B5 000B35A0 01ACF824 00000000 01ACFA30 shell32!Ordinal71 01ACF6F4 7830402F 0008EA30 01ACF824 00000000 01ACFA30 shell32!Ordinal74 01ACFA3C 78303EFB 00000000 00000000 00080038 000C4C30 shell32!Ordinal77 01ACFA64 7830B62E 0008FCF4 0008EA30 00080038 00000000 shell32!Ordinal77 01ACFEB0 7831AC35 0008FCF8 11021000 00000000 000C4C30 shell32!Ordinal654 01ACFECC 78303F1C 0008FCF8 00080038 00000000 000C4C30 shell32!Ordinal243 01ACFEF0 78333491 0008E840 0008ECC8 00080038 00000000 shell32!Ordinal77 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal709 *----> Raw Stack Dump <----* 01acecb8 6a 00 00 00 00 00 00 00 - 0c f1 ac 01 6a 00 6c 00 j...........j.l. 01acecc8 0c f1 ac 01 80 ed ac 01 - 5b 77 f8 77 3c ed ac 01 ........[w.w<... 01acecd8 08 02 00 00 1a 02 00 00 - d8 21 07 00 97 e5 57 7c .........!....W| 01acece8 40 5d 57 7c ff ff ff ff - 18 ef ac 01 01 52 2f 78 @]W|.........R/x 01acecf8 35 00 00 00 0c ed ac 01 - a0 f3 ac 01 ed 8b 0f 00 5............... 01aced08 f0 58 0d 00 6c 00 78 00 - 62 00 63 00 70 00 73 00 .X..l.x.b.c.p.s. 01aced18 77 00 78 00 2e 00 65 00 - 78 00 65 00 00 00 f8 77 w.x...e.x.e....w 01aced28 40 2a f8 77 ff ff ff ff - 00 00 07 00 1e c7 fc 77 @*.w...........w 01aced38 d8 0a 07 00 6a 00 6c 00 - 0c f1 ac 01 00 f3 ac 01 ....j.l......... 01aced48 45 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 E............... 01aced58 6a 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 j............... 01aced68 00 50 fd 7f 00 50 fd 7f - 24 f0 ac 01 55 1f f8 77 .P...P..$...U..w 01aced78 a0 7a f8 77 ff ff ff ff - 34 f0 ac 01 78 7b f8 77 .z.w....4...x{.w 01aced88 04 f0 ac 01 08 02 00 00 - c0 ed ac 01 00 00 00 00 ................ 01aced98 f8 ef ac 01 bc ed ac 01 - 08 02 00 00 0c f1 ac 01 ................ 01aceda8 00 00 00 00 00 00 00 00 - 6a 63 84 00 98 00 00 00 ........jc...... 01acedb8 d4 ee ac 01 00 00 00 00 - 04 ee ac 01 90 00 00 00 ................ 01acedc8 9c ee ac 01 90 00 00 00 - c3 33 f8 77 05 00 00 80 .........3.w.... 01acedd8 04 ee ac 01 ec ed ac 01 - d4 ee ac 01 a3 43 f8 77 .............C.w 01acede8 00 00 00 00 a8 ee ac 01 - b3 1b 2d 7c 00 00 00 00 ..........-|.... State Dump for Thread Id 0x4c8 eax=01b4f622 ebx=01b4f6e8 ecx=00000002 edx=01b4f5ac esi=01b40043 edi=00000022 eip=77f852e0 esp=01b4f50c ebp=01b4f550 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: wcsrchr 77f852c9 8b442404 mov eax,[esp+0x4] ss:02c593f3=???????? 77f852cd 56 push esi 77f852ce 6a02 push 0x2 77f852d0 8bd0 mov edx,eax 77f852d2 668b30 mov si,[eax] ds:01b4f622=0061 77f852d5 59 pop ecx 77f852d6 eb03 jmp RtlSetEnvironmentVariable+0xbe (77f8b8db) 77f852d8 668b30 mov si,[eax] ds:01b4f622=0061 77f852db 03c1 add eax,ecx 77f852dd 6685f6 test si,si 77f852e0 75f6 jnz RtlSetEnvironmentVariable+0x1bb (77f8b9d8) 77f852e2 668b74240c mov si,[esp+0xc] ss:02c593f4=???? 77f852e7 2bc1 sub eax,ecx 77f852e9 3bc2 cmp eax,edx 77f852eb 740b jz RtlSetEnvironmentVariable+0xdb (77f8b8f8) 77f852ed 663930 cmp [eax],si ds:01b4f622=0061 77f852f0 7406 jz ZwQueryAttributesFile+0x50 (77f87df8) 77f852f2 2bc1 sub eax,ecx 77f852f4 3bc2 cmp eax,edx 77f852f6 75f5 jnz RtlSetEnvironmentVariable+0x1d0 (77f8b9ed) 77f852f8 668b08 mov cx,[eax] ds:01b4f622=0061 77f852fb 662bce sub cx,si *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B4F550 7C2D3204 00000376 01B4F7B8 01B4F6E8 0000011A ntdll!wcsrchr 01B4F6FC 7C2D19CC 00000376 01B4F7B8 00000000 02000000 advapi32!RegSetValueExA 01B4F790 7C2D1D82 00000376 01B4F7B8 00000000 02000000 advapi32!RegCloseKey 01B4F7C4 7C2D1DD8 00000376 01B4FA08 00000000 02000000 advapi32!RegOpenKeyExW 01B4FC40 77B0A60B 01B4FC68 00000000 000C40A0 00000000 advapi32!RegOpenKeyW 01B4FE88 7116E2AC 00000000 00000001 01B4FEA8 01B4FEC0 ole32!StgGetIFillLockBytesOnFile 01B4FEB8 7116E223 00000000 01B4FED8 00000002 000C4F68 !DllGetClassObject 01B4FEDC 7116E3AB 000C4F68 000C50E0 000C50E0 80004005 !DllGetClassObject 01B4FEF4 7116E375 00000002 000C4F68 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01b4f50c 40 f5 b4 01 10 34 2d 7c - ac f5 b4 01 5c 00 00 00 @....4-|....\... 01b4f51c 1a 01 00 00 64 f5 b4 01 - 9f 33 2d 7c 40 f5 b4 01 ....d....3-|@... 01b4f52c 22 00 00 00 e8 f6 b4 01 - b8 f7 b4 01 00 00 00 00 "............... 01b4f53c 76 03 00 00 1a 01 1e 01 - 68 f5 b4 01 80 01 00 00 v.......h....... 01b4f54c f8 f6 b4 01 fc f6 b4 01 - 04 32 2d 7c 76 03 00 00 .........2-|v... 01b4f55c b8 f7 b4 01 e8 f6 b4 01 - 1a 01 00 00 5c 00 52 00 ............\.R. 01b4f56c 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01b4f57c 4d 00 41 00 43 00 48 00 - 49 00 4e 00 45 00 5c 00 M.A.C.H.I.N.E.\. 01b4f58c 53 00 4f 00 46 00 54 00 - 57 00 41 00 52 00 45 00 S.O.F.T.W.A.R.E. 01b4f59c 5c 00 43 00 6c 00 61 00 - 73 00 73 00 65 00 73 00 \.C.l.a.s.s.e.s. 01b4f5ac 5c 00 43 00 4c 00 53 00 - 49 00 44 00 5c 00 7b 00 \.C.L.S.I.D.\.{. 01b4f5bc 35 00 32 00 63 00 61 00 - 33 00 62 00 63 00 66 00 5.2.c.a.3.b.c.f. 01b4f5cc 2d 00 33 00 62 00 39 00 - 62 00 2d 00 34 00 31 00 -.3.b.9.b.-.4.1. 01b4f5dc 39 00 65 00 2d 00 61 00 - 33 00 64 00 36 00 2d 00 9.e.-.a.3.d.6.-. 01b4f5ec 35 00 64 00 32 00 38 00 - 63 00 30 00 62 00 30 00 5.d.2.8.c.0.b.0. 01b4f5fc 62 00 35 00 30 00 63 00 - 7d 00 5c 00 49 00 6d 00 b.5.0.c.}.\.I.m. 01b4f60c 70 00 6c 00 65 00 6d 00 - 65 00 6e 00 74 00 65 00 p.l.e.m.e.n.t.e. 01b4f61c 64 00 20 00 43 00 61 00 - 74 00 65 00 67 00 6f 00 d. .C.a.t.e.g.o. 01b4f62c 72 00 69 00 65 00 73 00 - 5c 00 7b 00 30 00 30 00 r.i.e.s.\.{.0.0. 01b4f63c 30 00 32 00 31 00 34 00 - 39 00 33 00 2d 00 30 00 0.2.1.4.9.3.-.0. State Dump for Thread Id 0x6c4 eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01b8fe5c ebp=01b8fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02c99d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B8FEA8 77E119E6 01B8FE80 00000001 00000000 01B8FEA0 ntdll!NtWaitForMultipleObjects 01B8FF04 77E11ACE 01B8FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01B8FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01B8FF74 70C1AB1B 01B8FFA0 01B8FFA4 01B8FFA8 01B8FF9C !Ordinal265 01B8FFAC 70C1ACDF 00000000 7C57438B 00000000 00000000 !Ordinal293 01B8FFEC 00000000 70C1ACAF 00000000 00000000 00505A4D !Ordinal293 *----> Raw Stack Dump <----* 01b8fe5c 23 3c 57 7c 02 00 00 00 - 80 fe b8 01 01 00 00 00 # System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1272 iexplore.exe 900 MsiExec.exe 1532 MsiExec.exe 1364 navapsvc.exe 1808 NMain.exe 1452 Navw32.exe 1472 taskmgr.exe 1844 explorer.exe 1828 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7C0F0000 - 7C151000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01C70000 - 01C7F000) State Dump for Thread Id 0x340 eax=00000000 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd8 edi=0008c56c eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27d f206 repne push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 006cf10b add [ecx+esi*8+0xb],ch ds:78b5febf=?? 0006f28f 00d8 add al,bl 0006f291 5f pop edi 0006f292 a5 movsd ds:77a55fd8=00000001 es:0008c56c=6ac3806f 0006f293 7700 ja 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 d8 5f a5 77 c4 f2 06 00 - 01 00 00 00 54 e0 ab 77 ._.w........T..w 0006f248 54 f2 06 00 d8 5f a5 77 - c4 f2 06 00 c0 4f a5 77 T...._.w.....O.w 0006f258 01 00 00 00 48 c5 08 00 - 50 f1 0b 00 00 00 00 00 ....H...P....... 0006f268 54 f2 06 00 dc f2 06 00 - 7c f3 ab 77 8c f2 06 00 T.......|..w.... 0006f278 be fc ab 77 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...w............ 0006f288 10 f8 06 00 6c f1 0b 00 - d8 5f a5 77 00 00 00 00 ....l...._.w.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 50 f1 0b 00 - 00 00 00 00 05 40 00 80 ....P........@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 6c f1 0b 00 00 00 00 00 P.......l....... 0006f2c8 01 00 00 00 00 05 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 4d fa b0 77 88 e6 b2 77 `.......M..w...w 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 c8 e6 b2 77 ...............w 0006f2f8 1c f3 06 00 1b 05 ac 77 - 10 f8 06 00 00 00 00 00 .......w........ 0006f308 d0 fd 06 00 cc e6 b2 77 - 00 00 00 00 00 00 00 00 .......w........ 0006f318 01 00 00 00 3c f3 06 00 - e2 00 ac 77 c8 e6 b2 77 ....<......w...w 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 c8 e6 b2 77 5c f3 06 00 - 38 00 ac 77 cc e6 b2 77 ...w\...8..w...w 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 47 ff ab 77 cc e6 b2 77 ........G..w...w 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x6c4 eax=008451b0 ebx=00000000 ecx=7c5747f0 edx=00000000 esi=77f82865 edi=00000090 eip=77f82870 esp=0109fd48 ebp=0109fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:021a9c2f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 00000090 FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 90 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 94 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 90 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x6cc eax=77d358be ebx=00086d20 ecx=00000000 edx=00000000 esi=0007dc30 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC30 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863F0 0121FFEC 7C57438B 00086D20 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D20 00000000 00000000 00086D20 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x77c eax=77ab502c ebx=00000102 ecx=00074540 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x778 eax=00000001 ebx=00000000 ecx=00010101 edx=00000000 esi=00000000 edi=00000000 eip=77e117e8 esp=0129ff2c ebp=0129ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e117dd b836120000 mov eax,0x1236 77e117e2 8d542404 lea edx,[esp+0x4] ss:023a9e13=???????? 77e117e6 cd2e int 2e 77e117e8 c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!WaitMessage 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x720 eax=778321fe ebx=00000003 ecx=0006b9fc edx=00000000 esi=77f82873 edi=00000003 eip=77f8287e esp=0192fd24 ebp=0192fd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a39c0b=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0192FD70 7C578F0D 0192FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0192FFB4 7C57438B 00000004 7FFDE000 7C325107 000B0920 kernel32!WaitForMultipleObjects 0192FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6f4 eax=000bc000 ebx=00000006 ecx=0196efcc edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=0196fd98 ebp=0196fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a79c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0196FDE4 77E119E6 0196FDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0196FE40 77E11ACE 0196FE0C 0196FEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 0196FE5C 78319390 00000005 0196FEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 000002D8 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x668 eax=00000202 ebx=019cff74 ecx=00000010 edx=00000000 esi=77f82865 edi=000002bc eip=77f82870 esp=019cff58 ebp=019cff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02ad9e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019CFF7C 7C573B50 000002BC 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 019cff58 28 3b 57 7c bc 02 00 00 - 00 00 00 00 74 ff 9c 01 (;W|........t... 019cff68 00 00 00 00 20 33 35 01 - 60 20 f8 77 00 44 5f 9a .... 35.` .w.D_. 019cff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c bc 02 00 00 ..... .wP;W|.... 019cff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 bc 02 00 00 .'......U..p.... 019cff98 c0 27 09 00 05 00 00 00 - 20 33 35 01 ec ff 9c 01 .'...... 35..... 019cffa8 20 33 35 01 95 d7 cf 70 - e0 48 0d 00 6f d7 cf 70 35....p.H..o..p 019cffb8 8b 43 57 7c 20 33 35 01 - 05 00 00 00 e0 48 0d 00 .CW| 35......H.. 019cffc8 20 33 35 01 00 70 fd 7f - 60 8a 09 00 c0 ff 9c 01 35..p..`....... 019cffd8 60 8a 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c `.........W|..W| 019cffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 019cfff8 20 33 35 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 35........o..?. 019d0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019d0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019d0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019d0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019d0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019d0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019d0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019d0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019d0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x6ac eax=00000000 ebx=01a2ff74 ecx=7ffd6000 edx=00000000 esi=77f82865 edi=000002e8 eip=77f82870 esp=01a2ff58 ebp=01a2ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b39e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A2FF7C 7C573B50 000002E8 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x4e8 eax=000d5b5d ebx=00000080 ecx=000fa7c8 edx=00000000 esi=77fcc644 edi=00000000 eip=77f87cb7 esp=01abf044 ebp=01abf0dc iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: ZwCreateFile 77f87cac b820000000 mov eax,0x20 77f87cb1 8d542404 lea edx,[esp+0x4] ss:02bc8f2b=???????? 77f87cb5 cd2e int 2e 77f87cb7 c22c00 ret 0x2c *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01ABF0DC 77E331C2 00000000 80000100 00000003 00000000 ntdll!ZwCreateFile 01ABF53C 7830012F 01ABF824 00000000 00100020 00100020 user32!PrivateExtractIconsW 01ABF564 78300571 01ABF824 00000000 00100020 00100020 shell32!SHAppBarMessage 01ABF59C 78303514 01ABF824 00000000 00000002 01ABFA30 shell32!Ordinal6 01ABF5C8 783360B5 000C7318 01ABF824 00000000 01ABFA30 shell32!Ordinal71 01ABF6F4 7830402F 0008EA30 01ABF824 00000000 01ABFA30 shell32!Ordinal74 01ABFA3C 78303EFB 00000000 00000000 000C52D0 000C52B8 shell32!Ordinal77 01ABFA64 7830B62E 0007C974 0008EA30 000C52D0 00000000 shell32!Ordinal77 01ABFEB0 7831AC35 0007C978 11021000 00000000 000C52B8 shell32!Ordinal654 01ABFECC 78303F1C 0007C978 000C52D0 00000000 000C52B8 shell32!Ordinal243 01ABFEF0 78333491 0008E840 0008ECC8 000C52D0 00000000 shell32!Ordinal77 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal709 *----> Raw Stack Dump <----* 01abf044 28 83 57 7c e4 f0 ab 01 - 80 01 10 80 80 f0 ab 01 (.W|............ 01abf054 b8 f0 ab 01 00 00 00 00 - 80 00 00 00 03 00 00 00 ................ 01abf064 01 00 00 00 60 08 00 00 - 00 00 00 00 00 00 00 00 ....`........... 01abf074 80 00 00 10 73 81 57 7c - 00 00 00 00 18 00 00 00 ....s.W|........ 01abf084 00 00 00 00 c0 f0 ab 01 - 40 00 00 00 00 00 00 00 ........@....... 01abf094 a4 f0 ab 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01abf0a4 0c 00 00 00 02 00 00 00 - 01 01 00 00 08 02 00 00 ................ 01abf0b4 14 f3 ab 01 00 00 00 00 - 94 f5 ab 01 f0 00 1a 02 ................ 01abf0c4 d8 21 07 00 7f ff ff ef - 00 00 00 00 d8 21 07 00 .!...........!.. 01abf0d4 01 00 00 00 04 01 00 00 - 3c f5 ab 01 c2 31 e3 77 ........<....1.w 01abf0e4 00 00 00 00 00 01 00 80 - 03 00 00 00 00 00 00 00 ................ 01abf0f4 03 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01abf104 30 ea 08 00 00 00 00 00 - 43 00 3a 00 5c 00 44 00 0.......C.:.\.D. 01abf114 6f 00 63 00 75 00 6d 00 - 65 00 6e 00 74 00 73 00 o.c.u.m.e.n.t.s. 01abf124 20 00 61 00 6e 00 64 00 - 20 00 53 00 65 00 74 00 .a.n.d. .S.e.t. 01abf134 74 00 69 00 6e 00 67 00 - 73 00 5c 00 44 00 61 00 t.i.n.g.s.\.D.a. 01abf144 72 00 69 00 75 00 73 00 - 5c 00 41 00 70 00 70 00 r.i.u.s.\.A.p.p. 01abf154 6c 00 69 00 63 00 61 00 - 74 00 69 00 6f 00 6e 00 l.i.c.a.t.i.o.n. 01abf164 20 00 44 00 61 00 74 00 - 61 00 5c 00 4d 00 69 00 .D.a.t.a.\.M.i. 01abf174 63 00 72 00 6f 00 73 00 - 6f 00 66 00 74 00 5c 00 c.r.o.s.o.f.t.\. State Dump for Thread Id 0x6f0 eax=c0000034 ebx=00000000 ecx=00010101 edx=00000000 esi=77f833b5 edi=02000000 eip=77f833c0 esp=01b3f4fc ebp=01b3f540 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f833b5 b867000000 mov eax,0x67 77f833ba 8d542404 lea edx,[esp+0x4] ss:02c493e3=???????? 77f833be cd2e int 2e 77f833c0 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B3F540 7C2D3220 01B3F6E8 00000436 01B3F7B8 02000000 ntdll!NtOpenKey 01B3F6FC 7C2D19CC 00000436 01B3F7B8 00000000 02000000 advapi32!RegSetValueExA 01B3F790 7C2D1D82 00000436 01B3F7B8 00000000 02000000 advapi32!RegCloseKey 01B3F7C4 7C2D1DD8 00000436 01B3FA08 00000000 02000000 advapi32!RegOpenKeyExW 01B3FC40 77B0A60B 01B3FC68 00000000 000C41B8 00000000 advapi32!RegOpenKeyW 01B3FE88 7116E2AC 00000000 00000001 01B3FEA8 01B3FEC0 ole32!StgGetIFillLockBytesOnFile 01B3FEB8 7116E223 00000000 01B3FED8 00000002 000C7C40 !DllGetClassObject 01B3FEDC 7116E3AB 000C7C40 000C7D88 000C7D88 80004005 !DllGetClassObject 01B3FEF4 7116E375 00000002 000C7C40 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01b3f4fc 29 35 2d 7c 34 fc b3 01 - 00 00 00 02 18 f5 b3 01 )5-|4........... 01b3f50c b8 f7 b3 01 00 00 00 00 - 36 04 00 00 18 00 00 00 ........6....... 01b3f51c 00 00 00 00 30 f5 b3 01 - 40 00 00 00 00 00 00 00 ....0...@....... 01b3f52c 00 00 00 00 1a 01 9a 01 - 18 3b 0d 00 18 3b 0d 00 .........;...;.. 01b3f53c 36 04 44 00 fc f6 b3 01 - 20 32 2d 7c e8 f6 b3 01 6.D..... 2-|.... 01b3f54c 36 04 00 00 b8 f7 b3 01 - 00 00 00 02 03 00 00 00 6............... 01b3f55c 34 fc b3 01 00 00 00 00 - 1a 01 00 00 5c 00 52 00 4...........\.R. 01b3f56c 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01b3f57c 4d 00 41 00 43 00 48 00 - 49 00 4e 00 45 00 5c 00 M.A.C.H.I.N.E.\. 01b3f58c 53 00 4f 00 46 00 54 00 - 57 00 41 00 52 00 45 00 S.O.F.T.W.A.R.E. 01b3f59c 5c 00 43 00 6c 00 61 00 - 73 00 73 00 65 00 73 00 \.C.l.a.s.s.e.s. 01b3f5ac 5c 00 43 00 4c 00 53 00 - 49 00 44 00 5c 00 7b 00 \.C.L.S.I.D.\.{. 01b3f5bc 66 00 32 00 65 00 36 00 - 30 00 36 00 66 00 37 00 f.2.e.6.0.6.f.7. 01b3f5cc 2d 00 32 00 36 00 33 00 - 31 00 2d 00 31 00 31 00 -.2.6.3.1.-.1.1. 01b3f5dc 64 00 31 00 2d 00 38 00 - 39 00 66 00 31 00 2d 00 d.1.-.8.9.f.1.-. 01b3f5ec 30 00 30 00 61 00 30 00 - 63 00 39 00 30 00 64 00 0.0.a.0.c.9.0.d. 01b3f5fc 30 00 36 00 31 00 65 00 - 7d 00 5c 00 49 00 6d 00 0.6.1.e.}.\.I.m. 01b3f60c 70 00 6c 00 65 00 6d 00 - 65 00 6e 00 74 00 65 00 p.l.e.m.e.n.t.e. 01b3f61c 64 00 20 00 43 00 61 00 - 74 00 65 00 67 00 6f 00 d. .C.a.t.e.g.o. 01b3f62c 72 00 69 00 65 00 73 00 - 5c 00 7b 00 30 00 30 00 r.i.e.s.\.{.0.0. State Dump for Thread Id 0x774 eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01bcfe5c ebp=01bcfea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02cd9d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01BCFEA8 77E119E6 01BCFE80 00000001 00000000 01BCFEA0 ntdll!NtWaitForMultipleObjects 01BCFF04 77E11ACE 01BCFED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01BCFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01BCFF74 70C1AB1B 01BCFFA0 01BCFFA4 01BCFFA8 01BCFF9C !Ordinal265 01BCFFAC 70C1ACDF 00000000 7C57438B 00000000 00000000 !Ordinal293 01BCFFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293 Application exception occurred: App: explorer.exe (pid=1224) When: 7/1/2005 @ 17:53:41.229 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 180 smss.exe 208 csrss.exe 204 winlogon.exe 256 services.exe 268 lsass.exe 400 ibmpmsvc.exe 464 svchost.exe 508 svchost.exe 548 ccSetMgr.exe 576 ccEvtMgr.exe 704 LEXBCES.exe 728 spoolsv.exe 760 LEXPPS.exe 824 navapsvc.exe 916 SAVScan.exe 944 MSTask.exe 976 tcpsvcs.exe 1028 stisvc.exe 1060 symlcsvc.exe 1076 wanmpsvc.exe 1148 WinMgmt.exe 1180 mspmspsv.exe 1192 svchost.exe 1372 tphkmgr.exe 1436 wuauclt.exe 1272 iexplore.exe 900 MsiExec.exe 1532 MsiExec.exe 1364 navapsvc.exe 1808 NMain.exe 1452 Navw32.exe 1472 taskmgr.exe 1224 explorer.exe 1908 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFD000) (7C2D0000 - 7C332000) (7C570000 - 7C628000) (77D30000 - 77DA1000) (77F40000 - 77F7E000) (77E10000 - 77E75000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (782F0000 - 78538000) (70200000 - 70295000) (7C740000 - 7C7C7000) (77430000 - 77440000) (779B0000 - 77A4B000) (77A50000 - 77B3F000) (690A0000 - 690AB000) (775A0000 - 77630000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76630000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77513000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7C0F0000 - 7C151000) (75170000 - 751BF000) (7C340000 - 7C34F000) (751C0000 - 751C6000) (75150000 - 7515F000) (77950000 - 7797A000) (77980000 - 779A4000) (75050000 - 75058000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01C30000 - 01C3F000) State Dump for Thread Id 0x724 eax=00000000 ebx=0006f2c4 ecx=77b2e5d4 edx=00000000 esi=77a55fd8 edi=0008c56c eip=0006f295 esp=0006f238 ebp=00000000 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 003c53 add [ebx+edx*2],bh ds:00000000=?? 0006f28e 0c00 or al,0x0 0006f290 d85fa5 fcomp dword ptr [edi+0xa5] ds:01196452=???????? 0006f293 7700 ja 0006f295 FAULT ->0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:77b2e5d4=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? 0006f2a3 0000 add [eax],al ds:00000000=?? 0006f2a5 0000 add [eax],al ds:00000000=?? 0006f2a7 00c4 add ah,al 0006f2a9 f206 repne push es 0006f2ab 0020 add [eax],ah ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 d8 5f a5 77 c4 f2 06 00 - 01 00 00 00 54 e0 ab 77 ._.w........T..w 0006f248 54 f2 06 00 d8 5f a5 77 - c4 f2 06 00 c0 4f a5 77 T...._.w.....O.w 0006f258 01 00 00 00 48 c5 08 00 - 20 53 0c 00 00 00 00 00 ....H... S...... 0006f268 54 f2 06 00 dc f2 06 00 - 7c f3 ab 77 8c f2 06 00 T.......|..w.... 0006f278 be fc ab 77 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...w............ 0006f288 10 f8 06 00 3c 53 0c 00 - d8 5f a5 77 00 00 00 00 .... Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0109FD6C 008452BB 0000009C FFFFFFFF 00000000 0006ED1C ntdll!NtWaitForSingleObject 0109FFB4 7C57438B 00000000 0006ED1C 0006ED68 00000000 0109FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!TlsSetValue *----> Raw Stack Dump <----* 0109fd48 28 3b 57 7c 9c 00 00 00 - 00 00 00 00 00 00 00 00 (;W|............ 0109fd58 a0 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0109fd68 01 01 00 00 b4 ff 09 01 - bb 52 84 00 9c 00 00 00 .........R...... 0109fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0109fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0109fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0109fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0109fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x788 eax=77d358be ebx=00086d20 ecx=00000000 edx=00000000 esi=0007dc30 edi=00000100 eip=77f83310 esp=0121fe28 ebp=0121ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f83305 b8ac000000 mov eax,0xac 77f8330a 8d542404 lea edx,[esp+0x4] ss:02329d0f=???????? 77f8330e cd2e int 2e 77f83310 c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0121FF74 77D37B4C 77D35924 0007DC30 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 0121FFA8 77D358D6 000863F0 0121FFEC 7C57438B 00086D20 rpcrt4!NdrCorrelationInitialize 0121FFB4 7C57438B 00086D20 00000000 00000000 00086D20 rpcrt4!RpcBindingFree 0121FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x780 eax=77ab502c ebx=00000102 ecx=00074540 edx=00000000 esi=77f82826 edi=0125ff74 eip=77f82831 esp=0125ff60 ebp=0125ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f82826 b832000000 mov eax,0x32 77f8282b 8d542404 lea edx,[esp+0x4] ss:02369e47=???????? 77f8282f cd2e int 2e 77f82831 c20800 ret 0x8 77f82834 53 push ebx 77f82835 51 push ecx 77f82836 6a00 push 0x0 77f82838 c70701000000 mov dword ptr [edi],0x1 ds:0125ff74=dc3cba00 77f8283e ff750c push dword ptr [ebp+0xc] ss:02369e62=???????? 77f82841 50 push eax 77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0) 77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333 (77f82474) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0125FF7C 7C573A22 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x340 eax=0000001c ebx=00000000 ecx=0129ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e117e8 esp=0129ff2c ebp=0129ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e117dd b836120000 mov eax,0x1236 77e117e2 8d542404 lea edx,[esp+0x4] ss:023a9e13=???????? 77e117e6 cd2e int 2e 77e117e8 c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0129FF4C 0040A389 70C0C464 00400000 0031002D 0035002D user32!WaitMessage 0129FFB4 7C57438B 00000000 0031002D 0035002D 0006FEE0 explorer! 0129FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x4e8 eax=778321fe ebx=00000003 ecx=0006b9fc edx=00000000 esi=77f82873 edi=00000003 eip=77f8287e esp=0192fd24 ebp=0192fd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a39c0b=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0192FD70 7C578F0D 0192FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0192FFB4 7C57438B 00000004 7FFDE000 7C325107 000B0920 kernel32!WaitForMultipleObjects 0192FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!TlsSetValue State Dump for Thread Id 0x6ac eax=000bc000 ebx=00000006 ecx=0196efcc edx=00000000 esi=77f82873 edi=00000006 eip=77f8287e esp=0196fd98 ebp=0196fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02a79c7f=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0196FDE4 77E119E6 0196FDBC 00000001 00000000 0196FDDC ntdll!NtWaitForMultipleObjects 0196FE40 77E11ACE 0196FE0C 0196FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0196FE5C 78319390 00000005 0196FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 784102B8 FFFFFFFF 00000000 00000000 000002D8 00000000 shell32!Ordinal200 77FD0CA0 784102B8 77FD0CC8 77FD0C88 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x668 eax=00000000 ebx=019cff74 ecx=00000000 edx=00000000 esi=77f82865 edi=000002bc eip=77f82870 esp=019cff58 ebp=019cff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02ad9e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019CFF7C 7C573B50 000002BC 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 019cff58 28 3b 57 7c bc 02 00 00 - 00 00 00 00 74 ff 9c 01 (;W|........t... 019cff68 00 00 00 00 20 33 35 01 - 60 20 f8 77 00 44 5f 9a .... 35.` .w.D_. 019cff78 fe ff ff ff 91 20 f8 77 - 50 3b 57 7c bc 02 00 00 ..... .wP;W|.... 019cff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 bc 02 00 00 .'......U..p.... 019cff98 c0 27 09 00 05 00 00 00 - 20 33 35 01 ec ff 9c 01 .'...... 35..... 019cffa8 20 33 35 01 95 d7 cf 70 - e0 48 0d 00 6f d7 cf 70 35....p.H..o..p 019cffb8 8b 43 57 7c 20 33 35 01 - 05 00 00 00 e0 48 0d 00 .CW| 35......H.. 019cffc8 20 33 35 01 00 70 fd 7f - 60 8a 09 00 c0 ff 9c 01 35..p..`....... 019cffd8 60 8a 09 00 ff ff ff ff - 97 e5 57 7c a8 a0 57 7c `.........W|..W| 019cffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 019cfff8 20 33 35 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 35........o..?. 019d0008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 019d0018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 019d0028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 019d0038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 019d0048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 019d0058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 019d0068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 019d0078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 019d0088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x6f4 eax=00000000 ebx=01a2ff74 ecx=7ffd6000 edx=00000000 esi=77f82865 edi=000002e8 eip=77f82870 esp=01a2ff58 ebp=01a2ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: NtWaitForSingleObject 77f82865 b8ea000000 mov eax,0xea 77f8286a 8d542404 lea edx,[esp+0x4] ss:02b39e3f=???????? 77f8286e cd2e int 2e 77f82870 c20c00 ret 0xc *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A2FF7C 7C573B50 000002E8 000927C0 00000000 70CFD855 ntdll!NtWaitForSingleObject 77F82091 4AFFC033 21850F08 89000008 FF900C42 8D0F044A kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x778 eax=01abfbbc ebx=00000002 ecx=00000002 edx=00000000 esi=77f82873 edi=00000002 eip=77f8287e esp=01abfe5c ebp=01abfea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f82873 b8e9000000 mov eax,0xe9 77f82878 8d542404 lea edx,[esp+0x4] ss:02bc9d43=???????? 77f8287c cd2e int 2e 77f8287e c21400 ret 0x14 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01ABFEA8 77E119E6 01ABFE80 00000001 00000000 01ABFEA0 ntdll!NtWaitForMultipleObjects 01ABFF04 77E11ACE 01ABFED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01ABFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01ABFF74 70C1AB1B 01ABFFA0 01ABFFA4 01ABFFA8 01ABFF9C !Ordinal265 01ABFFAC 70C1ACDF 0006E81C 7C57438B 00000000 00000001 !Ordinal293 01ABFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !Ordinal293 *----> Raw Stack Dump <----* 01abfe5c 23 3c 57 7c 02 00 00 00 - 80 fe ab 01 01 00 00 00 # Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01B3F544 7C2D3220 01B3F6EC 0000000A 01B3F7BC 02000000 ntdll!NtOpenKey 01B3F700 7C2D19CC 0000000A 01B3F7BC 00000000 02000000 advapi32!RegSetValueExA 01B3F794 7C2D1D82 0000000A 01B3F7BC 00000000 02000000 advapi32!RegCloseKey 01B3F7C8 7C2D1DD8 80000000 01B3FA08 00000000 02000000 advapi32!RegOpenKeyExW 01B3FC40 77B0A60B 01B3FC68 00000001 000C41B8 00000000 advapi32!RegOpenKeyW 01B3FE88 7116E2AC 00000000 00000001 01B3FEA8 01B3FEC0 ole32!StgGetIFillLockBytesOnFile 01B3FEB8 7116E223 00000000 01B3FED8 00000002 000D65C8 !DllGetClassObject 01B3FEDC 7116E3AB 000D65C8 000B4998 000B4998 80004005 !DllGetClassObject 01B3FEF4 7116E375 00000002 000D65C8 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01b3f500 29 35 2d 7c 30 fc b3 01 - 00 00 00 02 1c f5 b3 01 )5-|0........... 01b3f510 bc f7 b3 01 00 00 00 00 - 0a 00 00 00 18 00 00 00 ................ 01b3f520 00 00 00 00 34 f5 b3 01 - 40 00 00 00 00 00 00 00 ....4...@....... 01b3f530 00 00 00 00 9e 00 62 01 - 70 4d 08 00 70 4d 08 00 ......b.pM..pM.. 01b3f540 0a 00 44 00 00 f7 b3 01 - 20 32 2d 7c ec f6 b3 01 ..D..... 2-|.... 01b3f550 0a 00 00 00 bc f7 b3 01 - 00 00 00 02 03 00 00 00 ................ 01b3f560 30 fc b3 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 0...........\.R. 01b3f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01b3f580 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 01b3f590 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 01b3f5a0 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 01b3f5b0 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 01b3f5c0 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 01b3f5d0 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 01b3f5e0 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 01b3f5f0 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 01b3f600 5c 00 7b 00 33 00 42 00 - 32 00 42 00 36 00 37 00 \.{.3.B.2.B.6.7. 01b3f610 37 00 35 00 2d 00 37 00 - 30 00 42 00 36 00 2d 00 7.5.-.7.0.B.6.-. 01b3f620 34 00 35 00 41 00 46 00 - 2d 00 38 00 44 00 45 00 4.5.A.F.-.8.D.E. 01b3f630 41 00 2d 00 41 00 32 00 - 30 00 39 00 43 00 36 00 A.-.A.2.0.9.C.6. Application exception occurred: App: explorer.exe (pid=760) When: 7/3/2005 @ 20:56:11.113 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 612 ccSetMgr.exe 692 navapsvc.exe 768 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 888 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1032 mspmspsv.exe 1044 svchost.exe 1072 ccEvtMgr.exe 1328 wuauclt.exe 304 taskmgr.exe 760 explorer.exe 1084 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76631000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (7C0F0000 - 7C154000) (774E0000 - 77514000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01DD0000 - 01DDF000) State Dump for Thread Id 0x5d4 eax=00000000 ebx=0006f2c4 ecx=438662a4 edx=00000000 esi=7ce6f761 edi=0008e539 eip=0006f28f esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00a41b0f0060f7 add [ebx+ebx+0xf760000f],ah ds:f766f2d3=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? 0006f2a6 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 14 e5 08 00 - 88 1b 0f 00 00 00 00 00 ................ 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 a4 1b 0f 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 88 1b 0f 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - a4 1b 0f 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 90 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x5a8 eax=008451b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000098 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000098 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 98 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 0103fd58 9c 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 98 00 00 00 .........R...... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0103fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x5cc eax=77d4aefc ebx=00086e80 ecx=00000000 edx=00000000 esi=0007dbf8 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DBF8 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862E0 011BFFEC 7C57B388 00086E80 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E80 00000000 00000000 00086E80 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5bc eax=7ce57f6f ebx=00000102 ecx=00074548 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x534 eax=0000001c ebx=00000000 ecx=0123ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=0123ff2c ebp=0123ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02599e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 0123FFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x2d8 eax=019fe318 ebx=00000006 ecx=0000010c edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=019ffd98 ebp=019ffde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02d59c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019FFDE4 77E4169F 019FFDBC 00000001 00000000 019FFDDC ntdll!NtWaitForMultipleObjects 019FFE40 77E41706 019FFE0C 019FFEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 019FFE5C 7CF8BD66 00000005 019FFEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 0000021C 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 019ffd98 fb a1 59 7c 06 00 00 00 - bc fd 9f 01 01 00 00 00 ..Y|............ 019ffda8 00 00 00 00 dc fd 9f 01 - 00 00 00 00 00 00 00 00 ................ 019ffdb8 06 00 00 00 38 02 00 00 - 40 02 00 00 44 02 00 00 ....8...@...D... 019ffdc8 48 02 00 00 d8 02 00 00 - 30 02 00 00 67 63 f7 7c H.......0...gc.| 019ffdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 9f 01 ............@... 019ffde8 9f 16 e4 77 bc fd 9f 01 - 01 00 00 00 00 00 00 00 ...w............ 019ffdf8 dc fd 9f 01 00 00 00 00 - 00 00 00 00 d8 02 00 00 ................ 019ffe08 05 00 00 00 38 02 00 00 - 40 02 00 00 44 02 00 00 ....8...@...D... 019ffe18 48 02 00 00 d8 02 00 00 - 30 02 00 00 30 e4 45 00 H.......0...0.E. 019ffe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 019ffe38 00 00 00 00 30 02 00 00 - 5c fe 9f 01 06 17 e4 77 ....0...\......w 019ffe48 0c fe 9f 01 b8 fe 9f 01 - d0 07 00 00 ff 00 00 00 ................ 019ffe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 019ffe68 b8 fe 9f 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ................ 019ffe78 e8 12 f8 77 ff ff ff ff - ec ff 9f 01 00 00 00 00 ...w............ 019ffe88 d8 02 00 00 ff 7f ff 7f - 00 00 00 00 3c 02 00 00 ............<... 019ffe98 d8 02 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 ................ 019ffea8 00 00 00 00 c7 e7 0b 00 - 88 00 00 00 9e 00 00 00 ................ 019ffeb8 38 02 00 00 40 02 00 00 - 44 02 00 00 48 02 00 00 8...@...D...H... 019ffec8 d8 02 00 00 ff 7f 73 4e - 10 42 10 42 10 42 10 42 ......sN.B.B.B.B State Dump for Thread Id 0x108 eax=000bc000 ebx=00000003 ecx=01baf9c0 edx=00000000 esi=77f88ef8 edi=00000003 eip=77f88f03 esp=01bafd24 ebp=01bafd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02f09c0b=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01BAFD70 7C59A10E 01BAFD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 01BAFFB4 7C57B388 00000004 7FFDE000 0006BA3C 000B4C88 kernel32!WaitForMultipleObjects 01BAFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x550 eax=012f1c20 ebx=01c0ff74 ecx=00000002 edx=00000000 esi=77f88f08 edi=000002bc eip=77f88f13 esp=01c0ff58 ebp=01c0ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02f69e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C0FF7C 7C57B3DB 000002BC 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 01c0ff58 30 a0 59 7c bc 02 00 00 - 00 00 00 00 74 ff c0 01 0.Y|........t... 01c0ff68 00 00 00 00 30 25 2f 01 - e0 7e f8 77 00 44 5f 9a ....0%/..~.w.D_. 01c0ff78 fe ff ff ff c0 7f f8 77 - db b3 57 7c bc 02 00 00 .......w..W|.... 01c0ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 bc 02 00 00 .'......U..p.... 01c0ff98 c0 27 09 00 05 00 00 00 - 30 25 2f 01 ec ff c0 01 .'......0%/..... 01c0ffa8 30 25 2f 01 95 d7 cf 70 - f0 42 0c 00 6f d7 cf 70 0%/....p.B..o..p 01c0ffb8 88 b3 57 7c 30 25 2f 01 - 05 00 00 00 f0 42 0c 00 ..W|0%/......B.. 01c0ffc8 30 25 2f 01 00 70 fd 7f - 30 96 09 00 c0 ff c0 01 0%/..p..0....... 01c0ffd8 30 96 09 00 ff ff ff ff - 54 1f 5c 7c 08 2b 57 7c 0.......T.\|.+W| 01c0ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 01c0fff8 30 25 2f 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 0%/........o..?. 01c10008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 01c10018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 01c10028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 01c10038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 01c10048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 01c10058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 01c10068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 01c10078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 01c10088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0xf4 eax=00000000 ebx=01c6ff74 ecx=7ffd6000 edx=00000000 esi=77f88f08 edi=000002e8 eip=77f88f13 esp=01c6ff58 ebp=01c6ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02fc9e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C6FF7C 7C57B3DB 000002E8 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x5c0 eax=01d96188 ebx=00000002 ecx=01d90220 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=01cffe5c ebp=01cffea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:03059d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01CFFEA8 77E4169F 01CFFE80 00000001 00000000 01CFFEA0 ntdll!NtWaitForMultipleObjects 01CFFF04 77E41706 01CFFED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01CFFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01CFFF74 70C1AB1B 01CFFFA0 01CFFFA4 01CFFFA8 01CFFF9C !Ordinal265 01CFFFAC 70C1ACDF 0006E81C 7C57B388 00000000 00000001 !Ordinal293 01CFFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !Ordinal293 *----> Raw Stack Dump <----* 01cffe5c fb a1 59 7c 02 00 00 00 - 80 fe cf 01 01 00 00 00 ..Y|............ 01cffe6c 00 00 00 00 a0 fe cf 01 - 00 00 00 00 00 00 00 00 ................ 01cffe7c 02 00 00 00 fc 02 00 00 - 10 03 00 00 58 02 07 00 ............X... 01cffe8c 64 7e fb 77 00 00 07 00 - 00 00 00 00 a0 fe cf 01 d~.w............ 01cffe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff cf 01 ......<......... 01cffeac 9f 16 e4 77 80 fe cf 01 - 01 00 00 00 00 00 00 00 ...w............ 01cffebc a0 fe cf 01 00 00 00 00 - 60 ea 00 00 18 bb c2 70 ........`......p 01cffecc 00 00 00 00 fc 02 00 00 - 10 03 00 00 84 ff cf 01 ................ 01cffedc 4f 7a 2e 73 00 00 16 71 - 74 ff cf 01 01 00 00 00 Oz.s...qt....... 01cffeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 56 fd 7f ...p.........V.. 01cffefc 00 00 00 00 10 03 00 00 - 20 ff cf 01 06 17 e4 77 ........ ......w 01cfff0c d0 fe cf 01 38 bb c2 70 - 60 ea 00 00 41 00 00 00 ....8..p`...A... 01cfff1c 00 00 00 00 74 ff cf 01 - 93 a7 c1 70 01 00 00 00 ....t......p.... 01cfff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00 00 8..p....`...A... 01cfff3c 01 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00 00 .......p........ 01cfff4c 00 00 00 00 00 00 00 00 - f0 fe cf 01 00 5c fd 7f .............\.. 01cfff5c dc ff cf 01 54 1f 5c 7c - 80 e9 0b 00 18 bb c2 70 ....T.\|.......p 01cfff6c 60 ea 00 00 00 00 00 00 - ac ff cf 01 1b ab c1 70 `..............p 01cfff7c a0 ff cf 01 a4 ff cf 01 - a8 ff cf 01 9c ff cf 01 ................ 01cfff8c 60 ea 00 00 01 00 00 00 - 00 00 bd 70 00 00 00 00 `..........p.... State Dump for Thread Id 0x4e4 eax=00070748 ebx=000c4c68 ecx=00070688 edx=00000002 esi=000c4c60 edi=00070000 eip=77fb2c41 esp=01dcf6a8 ebp=01dcf74c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: RtlpNtEnumerateSubKey 77fb2c2c 33c0 xor eax,eax 77fb2c2e 8b4df0 mov ecx,[ebp+0xf0] ss:03129632=???????? 77fb2c31 64890d00000000 mov fs:[00000000],ecx fs:00000000=???????? 77fb2c38 5f pop edi 77fb2c39 5e pop esi 77fb2c3a 5b pop ebx 77fb2c3b c9 leave 77fb2c3c c20400 ret 0x4 77fb2c3f cc int 3 77fb2c40 55 push ebp 77fb2c41 8bec mov ebp,esp 77fb2c43 6aff push 0xff 77fb2c45 685831f877 push 0x77f83158 77fb2c4a 68647efb77 push 0x77fb7e64 77fb2c4f 64a100000000 mov eax,fs:[00000000] fs:00000000=???????? 77fb2c55 50 push eax 77fb2c56 64892500000000 mov fs:[00000000],esp fs:00000000=???????? 77fb2c5d 51 push ecx 77fb2c5e 51 push ecx 77fb2c5f 53 push ebx 77fb2c60 56 push esi 77fb2c61 57 push edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01DCF6A8 77FCB7C2 00070748 000C4C68 01DCF780 00000015 ntdll!RtlpNtEnumerateSubKey 01DCF74C 77F96D25 00070000 00000000 000C4C68 01DCF790 ntdll!RtlFreeHeap 01DCF760 77F879C3 000C4C68 00000016 7C590B08 01DCF780 ntdll!RtlFirstFreeAce 01DCF790 00845D57 00400000 01DCF7A8 00000200 00000000 ntdll!RtlFreeAnsiString 01DCF9A8 00846029 00000003 00094E3C 00094E38 77F88438 01DCF9CC 7C2EE07C 00000356 000008D8 00000001 00094E48 01DCF9F8 7C2EDFEC 00000356 00094E48 000008F6 00094CE0 advapi32!RegOpenKeyA 01DCFA1C 7C2EDE3A 00000000 000008F6 00000001 000008F7 advapi32!RegOpenKeyA 01DCFA4C 7C2EDDCC 000008F7 00000001 00000000 01DCFAB4 advapi32!RegOpenKeyA 01DCFA84 7C2EFD08 00094CE0 0000034A 000008F6 00000000 advapi32!RegOpenKeyA 01DCFBE0 7C2EFE65 0000034A 000008F6 01DCFC08 01DCFC10 advapi32!RegQueryInfoKeyW 01DCFC1C 7C2EE7C0 0000034A 000008F6 01DCFC68 01DCFC58 advapi32!RegEnumKeyExW 01DCFC44 7CE28B06 0000034A 000008F6 01DCFC68 00000105 advapi32!RegEnumKeyW 01DCFE88 7116E2AC 00000000 00000001 01DCFEA8 01DCFEC0 ole32!CreateOleAdviseHolder 01DCFEB8 7116E223 00000000 01DCFED8 00000002 000D5970 !DllGetClassObject 01DCFEDC 7116E3AB 000D5970 000B4F18 000B4F18 80004005 !DllGetClassObject 01DCFEF4 7116E375 00000002 000D5970 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01dcf6a8 4c f7 dc 01 c2 b7 fc 77 - 48 07 07 00 68 4c 0c 00 L......wH...hL.. 01dcf6b8 80 f7 dc 01 15 00 00 00 - 00 00 08 01 7d 00 00 00 ............}... 01dcf6c8 7d 00 00 00 c6 d6 ef 00 - d6 e7 e7 00 90 a9 ad 00 }............... 01dcf6d8 00 00 07 00 00 00 07 00 - 00 00 99 00 00 00 00 00 ................ 01dcf6e8 0e 00 00 00 00 00 44 00 - 04 00 00 00 00 00 40 00 ......D.......@. 01dcf6f8 64 f7 dc 01 df 09 59 7c - 5b 0a 59 7c 48 e7 fc 77 d.....Y|[.Y|H..w 01dcf708 fc 09 59 7c 00 02 00 00 - 68 4c 0c 00 00 00 07 00 ..Y|....hL...... 01dcf718 04 00 00 00 00 00 00 00 - 15 00 00 00 dc ff dc 01 ................ 01dcf728 10 00 00 00 01 f7 dc 01 - 80 f7 dc 01 b8 f6 dc 01 ................ 01dcf738 05 00 00 00 dc ff dc 01 - 64 7e fb 77 78 16 f8 77 ........d~.wx..w 01dcf748 ff ff ff ff 60 f7 dc 01 - 25 6d f9 77 00 00 07 00 ....`...%m.w.... 01dcf758 00 00 00 00 68 4c 0c 00 - 90 f7 dc 01 c3 79 f8 77 ....hL.......y.w 01dcf768 68 4c 0c 00 16 00 00 00 - 08 0b 59 7c 80 f7 dc 01 hL........Y|.... 01dcf778 a8 f9 dc 01 48 4e 09 00 - 15 00 16 00 68 4c 0c 00 ....HN......hL.. 01dcf788 2a 00 2c 00 18 c3 0d 00 - a8 f9 dc 01 57 5d 84 00 *.,.........W].. 01dcf798 00 00 40 00 a8 f7 dc 01 - 00 02 00 00 00 00 00 00 ..@............. 01dcf7a8 43 3a 5c 57 49 4e 4e 54 - 5c 65 78 70 6c 6f 72 65 C:\WINNT\explore 01dcf7b8 72 2e 65 78 65 00 00 00 - 00 00 00 00 00 00 00 00 r.exe........... 01dcf7c8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01dcf7d8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Application exception occurred: App: explorer.exe (pid=1448) When: 7/3/2005 @ 20:56:33.896 Exception number: c0000096 (privileged instruction) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 612 ccSetMgr.exe 692 navapsvc.exe 768 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 888 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1032 mspmspsv.exe 1044 svchost.exe 1072 ccEvtMgr.exe 1328 wuauclt.exe 304 taskmgr.exe 1084 drwtsn32.exe 1124 iexplore.exe 1448 explorer.exe 332 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76631000) (7C0F0000 - 7C154000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77514000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01E70000 - 01E7F000) State Dump for Thread Id 0x5cc eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008c674 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00f4 add ah,dh 0006f28d dd0f ??? 0006f28f 0060f7 add [eax+0xf7],ah ds:01359ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 50 c6 08 00 - d8 dd 0f 00 00 00 00 00 ....P........... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 f4 dd 0f 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 d8 dd 0f 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - f4 dd 0f 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 98 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x4e4 eax=008451b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000098 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000098 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 98 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 0103fd58 9c 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 98 00 00 00 .........R...... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0103fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x108 eax=77d4aefc ebx=00086e88 ecx=00000000 edx=00000000 esi=0007dc00 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DC00 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862E8 011BFFEC 7C57B388 00086E88 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E88 00000000 00000000 00086E88 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5bc eax=7ce57f6f ebx=00000102 ecx=00074540 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x548 eax=0000001c ebx=00000000 ecx=0123ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=0123ff2c ebp=0123ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02599e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 0123FFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x354 eax=0130e318 ebx=00000006 ecx=0000010c edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02669c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001E0 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000004 00000004 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 dc fd 30 01 - 00 00 00 00 00 00 00 00 ......0......... 0130fdb8 06 00 00 00 c4 01 00 00 - ec 01 00 00 f0 01 00 00 ................ 0130fdc8 f4 01 00 00 e0 02 00 00 - e8 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 dc fd 30 01 00 00 00 00 - 00 00 00 00 54 03 00 00 ..0.........T... 0130fe08 05 00 00 00 c4 01 00 00 - ec 01 00 00 f0 01 00 00 ................ 0130fe18 f4 01 00 00 e0 02 00 00 - e8 01 00 00 50 ec 45 00 ............P.E. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 e8 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - d0 07 00 00 ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..0............. 0130fe78 e8 12 f8 77 ff ff ff ff - ec ff 30 01 00 00 00 00 ...w......0..... 0130fe88 54 03 00 00 74 ff 1f c0 - 00 00 00 00 e4 01 00 00 T...t........... 0130fe98 54 03 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 T............... 0130fea8 00 00 00 00 0b 43 0c 00 - 01 01 00 00 57 00 00 00 .....C......W... 0130feb8 c4 01 00 00 ec 01 00 00 - f0 01 00 00 f4 01 00 00 ................ 0130fec8 e0 02 00 00 4c 9c fc bc - cf 5c 52 80 01 00 00 00 ....L....\R..... State Dump for Thread Id 0x568 eax=000bb000 ebx=00000003 ecx=01baf9c0 edx=00000000 esi=77f88ef8 edi=00000003 eip=77f88f03 esp=01bafd24 ebp=01bafd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02f09c0b=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01BAFD70 7C59A10E 01BAFD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 01BAFFB4 7C57B388 00000004 7FFDE000 0006BA3C 000B4A80 kernel32!WaitForMultipleObjects 01BAFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x420 eax=000dcb40 ebx=01c0ff74 ecx=000000be edx=00000000 esi=77f88f08 edi=000002c4 eip=77f88f13 esp=01c0ff58 ebp=01c0ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02f69e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C0FF7C 7C57B3DB 000002C4 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 01c0ff58 30 a0 59 7c c4 02 00 00 - 00 00 00 00 74 ff c0 01 0.Y|........t... 01c0ff68 00 00 00 00 30 25 34 01 - e0 7e f8 77 00 44 5f 9a ....0%4..~.w.D_. 01c0ff78 fe ff ff ff c0 7f f8 77 - db b3 57 7c c4 02 00 00 .......w..W|.... 01c0ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 c4 02 00 00 .'......U..p.... 01c0ff98 c0 27 09 00 05 00 00 00 - 30 25 34 01 ec ff c0 01 .'......0%4..... 01c0ffa8 30 25 34 01 95 d7 cf 70 - f8 43 0c 00 6f d7 cf 70 0%4....p.C..o..p 01c0ffb8 88 b3 57 7c 30 25 34 01 - 05 00 00 00 f8 43 0c 00 ..W|0%4......C.. 01c0ffc8 30 25 34 01 00 70 fd 7f - a0 af 09 00 c0 ff c0 01 0%4..p.......... 01c0ffd8 a0 af 09 00 ff ff ff ff - 54 1f 5c 7c 08 2b 57 7c ........T.\|.+W| 01c0ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 01c0fff8 30 25 34 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 0%4........o..?. 01c10008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 01c10018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 01c10028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 01c10038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 01c10048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 01c10058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 01c10068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 01c10078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 01c10088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x24c eax=00000000 ebx=01c6ff74 ecx=7ffd6000 edx=00000000 esi=77f88f08 edi=000002e8 eip=77f88f13 esp=01c6ff58 ebp=01c6ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02fc9e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C6FF7C 7C57B3DB 000002E8 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x560 eax=01e76188 ebx=00000002 ecx=01e70220 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=01cffe5c ebp=01cffea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:03059d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01CFFEA8 77E4169F 01CFFE80 00000001 00000000 01CFFEA0 ntdll!NtWaitForMultipleObjects 01CFFF04 77E41706 01CFFED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01CFFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01CFFF74 70C1AB1B 01CFFFA0 01CFFFA4 01CFFFA8 01CFFF9C !Ordinal265 01CFFFAC 70C1ACDF 0006E81C 7C57B388 00000000 00000001 !Ordinal293 01CFFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !Ordinal293 *----> Raw Stack Dump <----* 01cffe5c fb a1 59 7c 02 00 00 00 - 80 fe cf 01 01 00 00 00 ..Y|............ 01cffe6c 00 00 00 00 a0 fe cf 01 - 00 00 00 00 00 00 00 00 ................ 01cffe7c 02 00 00 00 04 03 00 00 - 18 03 00 00 88 1a e7 7c ...............| 01cffe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe cf 01 ................ 01cffe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff cf 01 ......<......... 01cffeac 9f 16 e4 77 80 fe cf 01 - 01 00 00 00 00 00 00 00 ...w............ 01cffebc a0 fe cf 01 00 00 00 00 - 60 ea 00 00 18 bb c2 70 ........`......p 01cffecc 00 00 00 00 04 03 00 00 - 18 03 00 00 84 ff cf 01 ................ 01cffedc 4f 7a 2e 73 00 00 16 71 - 74 ff cf 01 01 00 00 00 Oz.s...qt....... 01cffeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 56 fd 7f ...p.........V.. 01cffefc 00 00 00 00 18 03 00 00 - 20 ff cf 01 06 17 e4 77 ........ ......w 01cfff0c d0 fe cf 01 38 bb c2 70 - 60 ea 00 00 41 00 00 00 ....8..p`...A... 01cfff1c 00 00 00 00 74 ff cf 01 - 93 a7 c1 70 01 00 00 00 ....t......p.... 01cfff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00 00 8..p....`...A... 01cfff3c 01 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00 00 .......p........ 01cfff4c 00 00 00 00 00 00 00 00 - f0 fe cf 01 00 5c fd 7f .............\.. 01cfff5c dc ff cf 01 54 1f 5c 7c - e7 43 0c 00 18 bb c2 70 ....T.\|.C.....p 01cfff6c 60 ea 00 00 01 00 00 00 - ac ff cf 01 1b ab c1 70 `..............p 01cfff7c a0 ff cf 01 a4 ff cf 01 - a8 ff cf 01 9c ff cf 01 ................ 01cfff8c 60 ea 00 00 01 00 00 00 - 00 00 bd 70 00 00 00 00 `..........p.... State Dump for Thread Id 0x510 eax=00000356 ebx=00000000 ecx=01d7fab8 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=01d7f504 ebp=01d7f548 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:030d93eb=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01D7F548 7C2EEEF1 01D7F6F0 0000006A 01D7F7C0 02000000 ntdll!NtOpenKey 01D7F704 7C2EEEA1 0000006A 01D7F7C0 00000000 02000000 advapi32!RegSetValueExA 01D7F798 7C2F4A83 0000006A 01D7F7C0 00000000 02000000 advapi32!RegSetValueExA 01D7F7CC 7C2F4C36 80000000 01D7FA0C 00000000 02000000 advapi32!RegOpenKeyExW 01D7FC44 7CE28B31 01D7FC6C 00000001 000C3950 00000000 advapi32!RegOpenKeyW 01D7FE8C 7116E278 00000000 00000001 01D7FEA8 01D7FEC0 ole32!CreateOleAdviseHolder 01D7FEB8 7116E223 00000000 01D7FED8 00000002 000D5F80 !DllGetClassObject 01D7FEDC 7116E3AB 000D5F80 000C21B8 000C21B8 80004005 !DllGetClassObject 01D7FEF4 7116E375 00000002 000D5F80 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01d7f504 a2 ef 2e 7c 34 fc d7 01 - 00 00 00 02 20 f5 d7 01 ...|4....... ... 01d7f514 c0 f7 d7 01 00 00 00 00 - 6a 00 00 00 18 00 00 00 ........j....... 01d7f524 00 00 00 00 38 f5 d7 01 - 40 00 00 00 00 00 00 00 ....8...@....... 01d7f534 00 00 00 00 e2 00 62 01 - 10 4d 08 00 10 4d 08 00 ......b..M...M.. 01d7f544 6a 00 88 00 04 f7 d7 01 - f1 ee 2e 7c f0 f6 d7 01 j..........|.... 01d7f554 6a 00 00 00 c0 f7 d7 01 - 00 00 00 02 03 00 00 00 j............... 01d7f564 34 fc d7 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 4...........\.R. 01d7f574 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01d7f584 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 01d7f594 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 01d7f5a4 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 01d7f5b4 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 01d7f5c4 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 01d7f5d4 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 01d7f5e4 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 01d7f5f4 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 01d7f604 5c 00 7b 00 33 00 30 00 - 35 00 30 00 66 00 33 00 \.{.3.0.5.0.f.3. 01d7f614 44 00 41 00 2d 00 39 00 - 38 00 42 00 35 00 2d 00 D.A.-.9.8.B.5.-. 01d7f624 31 00 31 00 43 00 46 00 - 2d 00 42 00 42 00 38 00 1.1.C.F.-.B.B.8. 01d7f634 32 00 2d 00 30 00 30 00 - 41 00 41 00 30 00 30 00 2.-.0.0.A.A.0.0. Application exception occurred: App: (pid=1280) When: 7/3/2005 @ 20:58:46.597 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 612 ccSetMgr.exe 692 navapsvc.exe 768 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 888 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1032 mspmspsv.exe 1044 svchost.exe 1072 ccEvtMgr.exe 1328 wuauclt.exe 304 taskmgr.exe 1084 drwtsn32.exe 1124 iexplore.exe 1280 PCBugDoctor.exe 1116 drwtsn32.exe 0 _Total.exe (00400000 - 0042A000) (77F80000 - 77FFC000) (6C370000 - 6C46B000) (78000000 - 78045000) (7C570000 - 7C623000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (7C2D0000 - 7C335000) (77D30000 - 77DA8000) (7CF30000 - 7D186000) (71710000 - 71794000) (70BD0000 - 70C35000) (7CE20000 - 7CF21000) (695E0000 - 69609000) (779B0000 - 77A4B000) (75E60000 - 75E7A000) State Dump for Thread Id 0x5d0 eax=00000000 ebx=007b000c ecx=0012f6d8 edx=0012f638 esi=0000005c edi=0000651a eip=00403817 esp=0012f61c ebp=0012fe30 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: 004037fc 51 push ecx 004037fd ff153ce54100 call dword ptr [0041e53c] ds:0041e53c=695f2810 00403803 8b442438 mov eax,[esp+0x38] ss:00c29503=???????? 00403807 50 push eax 00403808 8b10 mov edx,[eax] ds:00000000=???????? 0040380a ff5208 call dword ptr [edx+0x8] ds:00c2951e=???????? 0040380d 8b442410 mov eax,[esp+0x10] ss:00c29503=???????? 00403811 8d542414 lea edx,[esp+0x14] ss:00c29503=???????? 00403815 52 push edx 00403816 50 push eax FAULT ->00403817 8b08 mov ecx,[eax] ds:00000000=???????? 00403819 ff510c call dword ptr [ecx+0xc] ds:00c295be=???????? 0040381c 8b74243c mov esi,[esp+0x3c] ss:00c29503=???????? 00403820 8bce mov ecx,esi 00403822 e8196c0100 call 0041a440 00403827 8b442414 mov eax,[esp+0x14] ss:00c29503=???????? 0040382b 8bce mov ecx,esi 0040382d 50 push eax 0040382e e8436c0100 call 0041a476 00403833 8b5604 mov edx,[esi+0x4] ds:00af9f42=???????? 00403836 8d4c2418 lea ecx,[esp+0x18] ss:00c29503=???????? 0040383a 51 push ecx *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012FE30 0041EFF4 00000000 00000000 00000000 00000000 ! 0041F870 00404240 0041A35C 00417250 00401560 00401550 ! 00417C40 FFFFF608 CCCCCCCC CCCCCCCC E8F18B56 00000018 ! E960E983 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0012f61c 00 00 00 00 38 f6 12 00 - 54 50 2f 00 d0 fd 12 00 ....8...TP/..... 0012f62c 11 00 00 00 1a 65 00 00 - 00 00 00 00 01 00 00 00 .....e.......... 0012f63c 48 39 2f 00 d8 f6 12 00 - 3b 46 40 6c 00 00 00 00 H9/.....;F@l.... 0012f64c 30 fe 12 00 d2 45 40 00 - eb 45 40 00 5a 00 01 01 0....E@..E@.Z... 0012f65c e0 41 13 00 70 fe 12 00 - a8 f6 12 00 d0 fd 12 00 .A..p........... 0012f66c 98 39 2f 00 4c f9 12 00 - 40 72 4b 00 98 39 2f 00 .9/.L...@rK..9/. 0012f67c a8 38 2f 00 98 39 2f 00 - 00 08 21 13 aa 86 c3 01 .8/..9/...!..... 0012f68c d8 3a 2f 00 88 3a 2f 00 - 38 3a 2f 00 e8 39 2f 00 .:/..:/.8:/..9/. 0012f69c 48 39 2f 00 f8 38 2f 00 - 58 f6 12 00 40 00 00 00 H9/..8/.X...@... 0012f6ac 00 00 00 00 3c e8 41 00 - 00 00 00 00 00 00 00 00 ....<.A......... 0012f6bc 00 00 00 00 5c 00 1a 02 - d8 21 13 00 4c f9 12 00 ....\....!..L... 0012f6cc 19 74 58 7c 00 ec fd 7f - 25 5e 01 78 fc f6 12 00 .tX|....%^.x.... 0012f6dc 48 b1 41 00 13 00 00 00 - 00 59 40 00 10 01 00 00 H.A......Y@..... 0012f6ec d0 fd 12 00 98 39 2f 00 - f8 38 2f 00 48 39 2f 00 .....9/..8/.H9/. 0012f6fc 20 f9 12 00 68 b3 41 00 - ff ff ff ff df 72 41 00 ...h.A......rA. 0012f70c 10 01 00 00 00 00 00 00 - 40 72 4b 00 00 00 00 00 ........@rK..... 0012f71c 50 f7 12 00 53 6b 69 6e - 2e 69 6e 69 00 00 2f 00 P...Skin.ini../. 0012f72c 18 13 2f 00 43 00 00 00 - 00 00 00 00 28 f7 12 00 ../.C.......(... 0012f73c 00 02 00 00 00 00 2f 00 - 50 4f 2f 00 78 01 2f 00 ....../.PO/.x./. 0012f74c 16 02 00 00 01 b3 fc 77 - be b4 fc 77 18 b6 fc 77 .......w...w...w Application exception occurred: App: (pid=1516) When: 7/3/2005 @ 21:01:25.896 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 612 ccSetMgr.exe 692 navapsvc.exe 768 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 888 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1032 mspmspsv.exe 1044 svchost.exe 1072 ccEvtMgr.exe 1328 wuauclt.exe 304 taskmgr.exe 1516 PCBugDoctor.exe 1492 drwtsn32.exe 0 _Total.exe (00400000 - 0042A000) (77F80000 - 77FFC000) (6C370000 - 6C46B000) (78000000 - 78045000) (7C570000 - 7C623000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (7C2D0000 - 7C335000) (77D30000 - 77DA8000) (7CF30000 - 7D186000) (71710000 - 71794000) (70BD0000 - 70C35000) (7CE20000 - 7CF21000) (695E0000 - 69609000) (779B0000 - 77A4B000) (75E60000 - 75E7A000) State Dump for Thread Id 0x5f8 eax=00000000 ebx=007b000c ecx=0012f6d8 edx=0012f638 esi=0000005c edi=0000651a eip=00403817 esp=0012f61c ebp=0012fe30 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: 004037fc 51 push ecx 004037fd ff153ce54100 call dword ptr [0041e53c] ds:0041e53c=695f2810 00403803 8b442438 mov eax,[esp+0x38] ss:00c29503=???????? 00403807 50 push eax 00403808 8b10 mov edx,[eax] ds:00000000=???????? 0040380a ff5208 call dword ptr [edx+0x8] ds:00c2951e=???????? 0040380d 8b442410 mov eax,[esp+0x10] ss:00c29503=???????? 00403811 8d542414 lea edx,[esp+0x14] ss:00c29503=???????? 00403815 52 push edx 00403816 50 push eax FAULT ->00403817 8b08 mov ecx,[eax] ds:00000000=???????? 00403819 ff510c call dword ptr [ecx+0xc] ds:00c295be=???????? 0040381c 8b74243c mov esi,[esp+0x3c] ss:00c29503=???????? 00403820 8bce mov ecx,esi 00403822 e8196c0100 call 0041a440 00403827 8b442414 mov eax,[esp+0x14] ss:00c29503=???????? 0040382b 8bce mov ecx,esi 0040382d 50 push eax 0040382e e8436c0100 call 0041a476 00403833 8b5604 mov edx,[esi+0x4] ds:00af9f42=???????? 00403836 8d4c2418 lea ecx,[esp+0x18] ss:00c29503=???????? 0040383a 51 push ecx *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012FE30 0041EFF4 00000000 00000000 00000000 00000000 ! 0041F870 00404240 0041A35C 00417250 00401560 00401550 ! 00417C40 FFFFF608 CCCCCCCC CCCCCCCC E8F18B56 00000018 ! E960E983 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0012f61c 00 00 00 00 38 f6 12 00 - 54 50 2f 00 d0 fd 12 00 ....8...TP/..... 0012f62c 11 00 00 00 1a 65 00 00 - 00 00 00 00 01 00 00 00 .....e.......... 0012f63c 48 39 2f 00 d8 f6 12 00 - 3b 46 40 6c 00 00 00 00 H9/.....;F@l.... 0012f64c 30 fe 12 00 d2 45 40 00 - eb 45 40 00 5b 00 01 01 0....E@..E@.[... 0012f65c e0 41 13 00 70 fe 12 00 - a8 f6 12 00 d0 fd 12 00 .A..p........... 0012f66c 98 39 2f 00 4c f9 12 00 - 48 a0 49 00 98 39 2f 00 .9/.L...H.I..9/. 0012f67c a8 38 2f 00 98 39 2f 00 - 00 08 21 13 aa 86 c3 01 .8/..9/...!..... 0012f68c d8 3a 2f 00 88 3a 2f 00 - 38 3a 2f 00 e8 39 2f 00 .:/..:/.8:/..9/. 0012f69c 48 39 2f 00 f8 38 2f 00 - 58 f6 12 00 40 00 00 00 H9/..8/.X...@... 0012f6ac 00 00 00 00 3c e8 41 00 - 00 00 00 00 00 00 00 00 ....<.A......... 0012f6bc 00 00 00 00 5c 00 1a 02 - d8 21 13 00 4c f9 12 00 ....\....!..L... 0012f6cc 19 74 58 7c 00 ec fd 7f - 25 5e 01 78 fc f6 12 00 .tX|....%^.x.... 0012f6dc 48 b1 41 00 13 00 00 00 - 00 59 40 00 10 01 00 00 H.A......Y@..... 0012f6ec d0 fd 12 00 98 39 2f 00 - f8 38 2f 00 48 39 2f 00 .....9/..8/.H9/. 0012f6fc 20 f9 12 00 68 b3 41 00 - ff ff ff ff df 72 41 00 ...h.A......rA. 0012f70c 10 01 00 00 00 00 00 00 - 48 a0 49 00 00 00 00 00 ........H.I..... 0012f71c 50 f7 12 00 53 6b 69 6e - 2e 69 6e 69 00 00 2f 00 P...Skin.ini../. 0012f72c 18 13 2f 00 43 00 00 00 - 00 00 00 00 28 f7 12 00 ../.C.......(... 0012f73c 00 02 00 00 00 00 2f 00 - 50 4f 2f 00 78 01 2f 00 ....../.PO/.x./. 0012f74c 16 02 00 00 01 b3 fc 77 - be b4 fc 77 18 b6 fc 77 .......w...w...w Application exception occurred: App: (pid=1500) When: 7/3/2005 @ 21:04:01.169 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 612 ccSetMgr.exe 692 navapsvc.exe 768 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 888 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1032 mspmspsv.exe 1044 svchost.exe 1072 ccEvtMgr.exe 1328 wuauclt.exe 304 taskmgr.exe 244 iexplore.exe 1500 PCBugDoctor.exe 1112 drwtsn32.exe 0 _Total.exe (00400000 - 0042A000) (77F80000 - 77FFC000) (6C370000 - 6C46B000) (78000000 - 78045000) (7C570000 - 7C623000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (7C2D0000 - 7C335000) (77D30000 - 77DA8000) (7CF30000 - 7D186000) (71710000 - 71794000) (70BD0000 - 70C35000) (7CE20000 - 7CF21000) (695E0000 - 69609000) (779B0000 - 77A4B000) (75E60000 - 75E7A000) State Dump for Thread Id 0x360 eax=00000000 ebx=007b000c ecx=0012f6d8 edx=0012f638 esi=0000005c edi=0000651a eip=00403817 esp=0012f61c ebp=0012fe30 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: 004037fc 51 push ecx 004037fd ff153ce54100 call dword ptr [0041e53c] ds:0041e53c=695f2810 00403803 8b442438 mov eax,[esp+0x38] ss:00c29503=???????? 00403807 50 push eax 00403808 8b10 mov edx,[eax] ds:00000000=???????? 0040380a ff5208 call dword ptr [edx+0x8] ds:00c2951e=???????? 0040380d 8b442410 mov eax,[esp+0x10] ss:00c29503=???????? 00403811 8d542414 lea edx,[esp+0x14] ss:00c29503=???????? 00403815 52 push edx 00403816 50 push eax FAULT ->00403817 8b08 mov ecx,[eax] ds:00000000=???????? 00403819 ff510c call dword ptr [ecx+0xc] ds:00c295be=???????? 0040381c 8b74243c mov esi,[esp+0x3c] ss:00c29503=???????? 00403820 8bce mov ecx,esi 00403822 e8196c0100 call 0041a440 00403827 8b442414 mov eax,[esp+0x14] ss:00c29503=???????? 0040382b 8bce mov ecx,esi 0040382d 50 push eax 0040382e e8436c0100 call 0041a476 00403833 8b5604 mov edx,[esi+0x4] ds:00af9f42=???????? 00403836 8d4c2418 lea ecx,[esp+0x18] ss:00c29503=???????? 0040383a 51 push ecx *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012FE30 0041EFF4 00000000 00000000 00000000 00000000 ! 0041F870 00404240 0041A35C 00417250 00401560 00401550 ! 00417C40 FFFFF608 CCCCCCCC CCCCCCCC E8F18B56 00000018 ! E960E983 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0012f61c 00 00 00 00 38 f6 12 00 - 54 50 2f 00 d0 fd 12 00 ....8...TP/..... 0012f62c 11 00 00 00 1a 65 00 00 - 00 00 00 00 01 00 00 00 .....e.......... 0012f63c 48 39 2f 00 d8 f6 12 00 - 3b 46 40 6c 00 00 00 00 H9/.....;F@l.... 0012f64c 30 fe 12 00 d2 45 40 00 - eb 45 40 00 58 00 01 01 0....E@..E@.X... 0012f65c e0 41 13 00 70 fe 12 00 - a8 f6 12 00 d0 fd 12 00 .A..p........... 0012f66c 98 39 2f 00 4c f9 12 00 - 60 96 4a 00 98 39 2f 00 .9/.L...`.J..9/. 0012f67c a8 38 2f 00 98 39 2f 00 - 00 08 21 13 aa 86 c3 01 .8/..9/...!..... 0012f68c d8 3a 2f 00 88 3a 2f 00 - 38 3a 2f 00 e8 39 2f 00 .:/..:/.8:/..9/. 0012f69c 48 39 2f 00 f8 38 2f 00 - 58 f6 12 00 40 00 00 00 H9/..8/.X...@... 0012f6ac 00 00 00 00 3c e8 41 00 - 00 00 00 00 00 00 00 00 ....<.A......... 0012f6bc 00 00 00 00 5c 00 1a 02 - d8 21 13 00 4c f9 12 00 ....\....!..L... 0012f6cc 19 74 58 7c 00 ec fd 7f - 25 5e 01 78 fc f6 12 00 .tX|....%^.x.... 0012f6dc 48 b1 41 00 13 00 00 00 - 00 59 40 00 10 01 00 00 H.A......Y@..... 0012f6ec d0 fd 12 00 98 39 2f 00 - f8 38 2f 00 48 39 2f 00 .....9/..8/.H9/. 0012f6fc 20 f9 12 00 68 b3 41 00 - ff ff ff ff df 72 41 00 ...h.A......rA. 0012f70c 10 01 00 00 00 00 00 00 - 60 96 4a 00 00 00 00 00 ........`.J..... 0012f71c 50 f7 12 00 53 6b 69 6e - 2e 69 6e 69 00 00 2f 00 P...Skin.ini../. 0012f72c 18 13 2f 00 43 00 00 00 - 00 00 00 00 28 f7 12 00 ../.C.......(... 0012f73c 00 02 00 00 00 00 2f 00 - 50 4f 2f 00 78 01 2f 00 ....../.PO/.x./. 0012f74c 16 02 00 00 01 b3 fc 77 - be b4 fc 77 18 b6 fc 77 .......w...w...w Application exception occurred: App: explorer.exe (pid=1564) When: 7/3/2005 @ 22:00:09.232 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 612 ccSetMgr.exe 692 navapsvc.exe 768 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 888 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1032 mspmspsv.exe 1044 svchost.exe 1072 ccEvtMgr.exe 1328 wuauclt.exe 880 iexplore.exe 1500 wmplayer.exe 1464 mirc32.exe 1564 Explorer.exe 852 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76631000) (7C0F0000 - 7C154000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (774E0000 - 77514000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (76F20000 - 76F97000) (01AA0000 - 01AAF000) State Dump for Thread Id 0x5a0 eax=ca38a180 ebx=0006f2c4 ecx=7cf12624 edx=00000030 esi=7ce6f760 edi=00086c88 eip=0006f295 esp=0006f218 ebp=00000000 iopl=0 ov up ei pl nz na pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000a03 function: 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:ca38a180=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 000464 add [esp],al ss:0006f218=88 0006f28e 0c00 or al,0x0 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 FAULT ->0006f295 0000 add [eax],al ds:ca38a180=?? 0006f297 0000 add [eax],al ds:ca38a180=?? 0006f299 0000 add [eax],al ds:ca38a180=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:ca38a180=?? 0006f29f 0000 add [eax],al ds:ca38a180=?? 0006f2a1 0000 add [eax],al ds:ca38a180=?? 0006f2a3 0000 add [eax],al ds:ca38a180=?? 0006f2a5 0000 add [eax],al ds:ca38a180=?? 0006f2a7 00c4 add ah,al 0006f2a9 f206 repne push es 0006f2ab 00e8 add al,ch *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f218 88 6c 08 00 60 f7 e6 7c - 00 00 00 00 38 f2 06 00 .l..`..|....8... 0006f228 c4 f2 06 00 00 00 00 00 - 24 26 f1 7c 64 00 00 00 ........$&.|d... 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 64 6c 08 00 - e8 63 0c 00 00 00 00 00 ....dl...c...... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 04 64 0c 00 - 60 f7 e6 7c 00 00 00 00 .....d..`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 e8 63 0c 00 - 00 00 00 00 05 40 00 80 .....c.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 04 64 0c 00 00 00 00 00 P........d...... 0006f2c8 01 00 00 00 28 95 07 00 - 00 00 00 00 00 00 00 00 ....(........... 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... State Dump for Thread Id 0x4e8 eax=77d4aefc ebx=00080968 ecx=0006df38 edx=00000000 esi=00080808 edi=00000100 eip=77f88b37 esp=00d4fe28 ebp=00d4ff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:01849d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00D4FF74 77D4E0C0 77D4E003 00080808 77D4F701 00070000 ntdll!ZwReplyWaitReceivePortEx 00D4FFA8 77D4AF16 0007FFB8 00D4FFEC 7C57B388 00080968 rpcrt4!UuidCreate 00D4FFB4 7C57B388 00080968 77D4F701 00070000 00080968 rpcrt4!RpcMgmtSetCancelTimeout 00D4FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x528 eax=7ce57f6f ebx=00000102 ecx=00074590 edx=00000000 esi=77f88398 edi=00d8ff74 eip=77f883a3 esp=00d8ff60 ebp=00d8ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:01889e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00D8FF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x668 eax=00000008 ebx=00000000 ecx=00dcff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=00dcff2c ebp=00dcff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:018c9e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00DCFF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 00DCFFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 00DCFFEC 00000000 70C0C3D2 0006FEE0 00000000 00000000 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00dcff2c a8 a9 40 00 de 00 27 00 - 0f 00 00 00 00 00 00 00 ..@...'......... 00dcff3c 00 00 00 00 06 7e 46 00 - 3a 02 00 00 ce 02 00 00 .....~F.:....... 00dcff4c b4 ff dc 00 89 a3 40 00 - 64 c4 c0 70 00 00 40 00 ......@.d..p..@. 00dcff5c 34 00 37 00 38 00 2d 00 - e0 fe 06 00 72 a3 40 00 4.7.8.-.....r.@. 00dcff6c 72 90 40 00 40 01 00 00 - 00 00 40 00 00 00 00 00 r.@.@.....@..... 00dcff7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dcff8c 97 02 00 00 fc f6 42 80 - 00 93 c7 fe 20 f0 63 ff ......B..... .c. 00dcff9c ff ff ff ff 00 00 00 00 - f0 07 43 80 00 00 00 00 ..........C..... 00dcffac 00 00 00 00 00 00 00 00 - ec ff dc 00 88 b3 57 7c ..............W| 00dcffbc 00 00 00 00 34 00 37 00 - 38 00 2d 00 e0 fe 06 00 ....4.7.8.-..... 00dcffcc 00 b0 fd 7f 39 00 38 00 - c0 ff dc 00 39 00 38 00 ....9.8.....9.8. 00dcffdc ff ff ff ff 54 1f 5c 7c - 08 2b 57 7c 00 00 00 00 ....T.\|.+W|.... 00dcffec 00 00 00 00 00 00 00 00 - d2 c3 c0 70 e0 fe 06 00 ...........p.... 00dcfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dd000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dd001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dd002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dd003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dd004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00dd005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x5f4 eax=0008fd38 ebx=00000006 ecx=00000008 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:01999c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00E9FDE4 77E4169F 00E9FDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 00E9FE40 77E41706 00E9FE0C 00E9FEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 00E9FE5C 7CF8BD66 00000005 00E9FEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000002CC 00000000 shell32!Ordinal68 77FCF9A0 7D05EBF8 77FCF9C8 77FCF988 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 00e9fd98 fb a1 59 7c 06 00 00 00 - bc fd e9 00 01 00 00 00 ..Y|............ 00e9fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00e9fdb8 06 00 00 00 d0 01 00 00 - d8 01 00 00 dc 01 00 00 ................ 00e9fdc8 e0 01 00 00 f0 01 00 00 - cc 01 00 00 67 63 f7 7c ............gc.| 00e9fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe e9 00 ............@... 00e9fde8 9f 16 e4 77 bc fd e9 00 - 01 00 00 00 00 00 00 00 ...w............ 00e9fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 f4 05 00 00 ................ 00e9fe08 05 00 00 00 d0 01 00 00 - d8 01 00 00 dc 01 00 00 ................ 00e9fe18 e0 01 00 00 f0 01 00 00 - cc 01 00 00 ea c6 f8 7c ...............| 00e9fe28 f8 eb 05 7d 00 00 00 00 - 00 00 00 00 cc a6 fd 7f ...}............ 00e9fe38 00 00 00 00 cc 01 00 00 - 5c fe e9 00 06 17 e4 77 ........\......w 00e9fe48 0c fe e9 00 b8 fe e9 00 - ff ff ff ff ff 00 00 00 ................ 00e9fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 00e9fe68 b8 fe e9 00 00 00 00 00 - ff ff ff ff ff 00 00 00 ................ 00e9fe78 e8 12 f8 77 ff ff ff ff - ec ff e9 00 00 00 00 00 ...w............ 00e9fe88 f4 05 00 00 00 00 00 00 - 00 00 00 00 d4 01 00 00 ................ 00e9fe98 f4 05 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 ................ 00e9fea8 00 00 00 00 33 6f 46 00 - 6c 01 00 00 23 01 00 00 ....3oF.l...#... 00e9feb8 d0 01 00 00 d8 01 00 00 - dc 01 00 00 e0 01 00 00 ................ 00e9fec8 f0 01 00 00 e0 82 8a 81 - 53 22 43 80 10 0f 48 80 ........S"C...H. State Dump for Thread Id 0x63c eax=778321fe ebx=00000003 ecx=0006ba01 edx=00000000 esi=77f88ef8 edi=00000003 eip=77f88f03 esp=017afd24 ebp=017afd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:022a9c0b=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 017AFD70 7C59A10E 017AFD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 017AFFB4 7C57B388 00000004 7FFDE000 0006BA3C 000B40E8 kernel32!WaitForMultipleObjects 017AFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x66c eax=00000202 ebx=0180ff74 ecx=00000010 edx=00000000 esi=77f88f08 edi=000002b0 eip=77f88f13 esp=0180ff58 ebp=0180ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02309e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0180FF7C 7C57B3DB 000002B0 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0180ff58 30 a0 59 7c b0 02 00 00 - 00 00 00 00 74 ff 80 01 0.Y|........t... 0180ff68 00 00 00 00 30 25 ec 00 - e0 7e f8 77 00 44 5f 9a ....0%...~.w.D_. 0180ff78 fe ff ff ff c0 7f f8 77 - db b3 57 7c b0 02 00 00 .......w..W|.... 0180ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 b0 02 00 00 .'......U..p.... 0180ff98 c0 27 09 00 05 00 00 00 - 30 25 ec 00 ec ff 80 01 .'......0%...... 0180ffa8 30 25 ec 00 95 d7 cf 70 - b8 33 0c 00 6f d7 cf 70 0%.....p.3..o..p 0180ffb8 88 b3 57 7c 30 25 ec 00 - 05 00 00 00 b8 33 0c 00 ..W|0%.......3.. 0180ffc8 30 25 ec 00 00 80 fd 7f - b0 76 09 00 c0 ff 80 01 0%.......v...... 0180ffd8 b0 76 09 00 ff ff ff ff - 54 1f 5c 7c 08 2b 57 7c .v......T.\|.+W| 0180ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 0180fff8 30 25 ec 00 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 0%.........o..?. 01810008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 01810018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 01810028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 01810038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 01810048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 01810058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 01810068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 01810078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 01810088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x2d8 eax=70eb9ecc ebx=0186ff74 ecx=00ec3100 edx=00000000 esi=77f88f08 edi=000002dc eip=77f88f13 esp=0186ff58 ebp=0186ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02369e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0186FF7C 7C57B3DB 000002DC 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x5b4 eax=01bb6188 ebx=00000002 ecx=01bb0220 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=018ffe5c ebp=018ffea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:023f9d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 018FFEA8 77E4169F 018FFE80 00000001 00000000 018FFEA0 ntdll!NtWaitForMultipleObjects 018FFF04 77E41706 018FFED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 018FFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 018FFF74 70C1AB1B 018FFFA0 018FFFA4 018FFFA8 018FFF9C !Ordinal265 018FFFAC 70C1ACDF 0006E81C 7C57B388 00000000 00000001 !Ordinal293 018FFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !Ordinal293 *----> Raw Stack Dump <----* 018ffe5c fb a1 59 7c 02 00 00 00 - 80 fe 8f 01 01 00 00 00 ..Y|............ 018ffe6c 00 00 00 00 a0 fe 8f 01 - 00 00 00 00 00 00 00 00 ................ 018ffe7c 02 00 00 00 f4 02 00 00 - 08 03 00 00 88 1a e7 7c ...............| 018ffe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe 8f 01 ................ 018ffe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff 8f 01 ......<......... 018ffeac 9f 16 e4 77 80 fe 8f 01 - 01 00 00 00 00 00 00 00 ...w............ 018ffebc a0 fe 8f 01 00 00 00 00 - 60 ea 00 00 18 bb c2 70 ........`......p 018ffecc 00 00 00 00 f4 02 00 00 - 08 03 00 00 84 ff 8f 01 ................ 018ffedc 4f 7a 2e 73 00 00 16 71 - 74 ff 8f 01 01 00 00 00 Oz.s...qt....... 018ffeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 66 fd 7f ...p.........f.. 018ffefc 00 00 00 00 08 03 00 00 - 20 ff 8f 01 06 17 e4 77 ........ ......w 018fff0c d0 fe 8f 01 38 bb c2 70 - 60 ea 00 00 41 00 00 00 ....8..p`...A... 018fff1c 00 00 00 00 74 ff 8f 01 - 93 a7 c1 70 01 00 00 00 ....t......p.... 018fff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00 00 8..p....`...A... 018fff3c 01 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00 00 .......p........ 018fff4c 00 00 00 00 00 00 00 00 - f0 fe 8f 01 00 6c fd 7f .............l.. 018fff5c dc ff 8f 01 54 1f 5c 7c - 22 72 46 00 18 bb c2 70 ....T.\|"rF....p 018fff6c 60 ea 00 00 01 00 00 00 - ac ff 8f 01 1b ab c1 70 `..............p 018fff7c a0 ff 8f 01 a4 ff 8f 01 - a8 ff 8f 01 9c ff 8f 01 ................ 018fff8c 60 ea 00 00 01 00 00 00 - 00 00 bd 70 00 00 00 00 `..........p.... State Dump for Thread Id 0x624 eax=00000000 ebx=00000000 ecx=47010101 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=019cf500 ebp=019cf544 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:024c93e7=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 019CF544 7C2EEEF1 019CF6EC 00000076 019CF7BC 02000000 ntdll!NtOpenKey 019CF700 7C2EEEA1 00000076 019CF7BC 00000000 02000000 advapi32!RegSetValueExA 019CF794 7C2F4A83 00000076 019CF7BC 00000000 02000000 advapi32!RegSetValueExA 019CF7C8 7C2F4C36 80000000 019CFA08 00000000 02000000 advapi32!RegOpenKeyExW 019CFC40 7CE28B31 019CFC68 00000001 000C4BF0 00000000 advapi32!RegOpenKeyW 019CFE88 7116E2AC 00000000 00000001 019CFEA8 019CFEC0 ole32!CreateOleAdviseHolder 019CFEB8 7116E223 00000000 019CFED8 00000001 000D56F8 !DllGetClassObject 019CFEDC 7116E3AB 000D56F8 00091920 00091920 80004005 !DllGetClassObject 019CFEF4 7116E375 00000002 000D56E8 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 019cf500 f9 ef 2e 7c 30 fc 9c 01 - 00 00 00 02 1c f5 9c 01 ...|0........... 019cf510 bc f7 9c 01 00 00 00 00 - 76 00 00 00 18 00 00 00 ........v....... 019cf520 00 00 00 00 34 f5 9c 01 - 40 00 00 00 00 00 00 00 ....4...@....... 019cf530 00 00 00 00 9e 00 62 01 - c0 e2 07 00 c0 e2 07 00 ......b......... 019cf540 76 00 44 00 00 f7 9c 01 - f1 ee 2e 7c ec f6 9c 01 v.D........|.... 019cf550 76 00 00 00 bc f7 9c 01 - 00 00 00 02 03 00 00 00 v............... 019cf560 30 fc 9c 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 0...........\.R. 019cf570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 019cf580 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 019cf590 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 019cf5a0 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 019cf5b0 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 019cf5c0 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 019cf5d0 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 019cf5e0 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 019cf5f0 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 019cf600 5c 00 7b 00 37 00 43 00 - 32 00 33 00 32 00 32 00 \.{.7.C.2.3.2.2. 019cf610 30 00 45 00 2d 00 35 00 - 35 00 42 00 42 00 2d 00 0.E.-.5.5.B.B.-. 019cf620 31 00 31 00 44 00 33 00 - 2d 00 38 00 42 00 31 00 1.1.D.3.-.8.B.1. 019cf630 36 00 2d 00 30 00 30 00 - 43 00 30 00 34 00 46 00 6.-.0.0.C.0.4.F. State Dump for Thread Id 0x458 eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=01a0fe5c ebp=01a0fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02509d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01A0FEA8 77E4169F 01A0FE80 00000001 00000000 01A0FEA0 ntdll!NtWaitForMultipleObjects 01A0FF04 77E41706 01A0FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01A0FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01A0FF74 70C1AB1B 01A0FFA0 01A0FFA4 01A0FFA8 01A0FF9C !Ordinal265 01A0FFAC 70C1ACDF 00000000 7C57B388 00000000 00000000 !Ordinal293 01A0FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293 Application exception occurred: App: explorer.exe (pid=316) When: 7/4/2005 @ 09:46:54.876 Exception number: c0000096 (privileged instruction) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 516 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 632 ccSetMgr.exe 692 navapsvc.exe 784 SAVScan.exe 812 MSTask.exe 840 tcpsvcs.exe 900 stisvc.exe 932 symlcsvc.exe 964 wanmpsvc.exe 1016 WinMgmt.exe 1044 mspmspsv.exe 1064 svchost.exe 1080 ccEvtMgr.exe 680 userinit.exe 316 explorer.exe 1252 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76631000) (7C0F0000 - 7C154000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77514000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (7CA00000 - 7CA23000) (76DF0000 - 76E01000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (021F0000 - 021FF000) (76F20000 - 76F97000) State Dump for Thread Id 0x468 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008e84c eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00ec add ah,ch 0006f28d ec in al,dx 0006f28e 0d0060f7e6 or eax,0xe6f76000 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? 0006f2a3 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 28 e8 08 00 - d0 ec 0d 00 00 00 00 00 ....(........... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 ec ec 0d 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 d0 ec 0d 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - ec ec 0d 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 98 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x56c eax=00000000 ebx=00000000 ecx=00000101 edx=00000000 esi=77f88f08 edi=00000078 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000078 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 78 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|x........... 0103fd58 7c 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 |............... 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 78 00 00 00 .........R..x... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 45 78 70 ....C:\WINNT\Exp 0103fd98 6c 6f 72 65 72 2e 45 58 - 45 00 00 00 00 00 00 00 lorer.EXE....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x2bc eax=77d4aefc ebx=00086e88 ecx=00000000 edx=00000000 esi=0007dc00 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=00000000 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DC00 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862E8 011BFFEC 7C57B388 00086E88 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E88 00000000 00000000 00086E88 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x55c eax=0008c000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=1f0000f8 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep *----> Raw Stack Dump <----* 011fff60 8f a2 59 7c 00 00 00 00 - 74 ff 1f 01 bf 9f 59 7c ..Y|....t.....Y| 011fff70 f8 5e 08 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 .^....<.....0u.. 011fff80 5a a2 59 7c 60 ea 00 00 - 00 00 00 00 45 5d e7 7c Z.Y|`.......E].| 011fff90 60 ea 00 00 2c 7f e5 7c - 00 00 00 00 00 00 e2 7c `...,..|.......| 011fffa0 f8 5e 08 00 ec ff 1f 01 - f8 5e 08 00 8b 7f e5 7c .^.......^.....| 011fffb0 26 37 e5 7c 89 b4 e6 7c - 88 b3 57 7c f8 5e 08 00 &7.|...|..W|.^.. 011fffc0 26 37 e5 7c 89 b4 e6 7c - f8 5e 08 00 00 b0 fd 7f &7.|...|.^...... 011fffd0 40 45 07 00 c0 ff 1f 01 - 40 45 07 00 ff ff ff ff @E......@E...... 011fffe0 54 1f 5c 7c 08 2b 57 7c - 00 00 00 00 00 00 00 00 T.\|.+W|........ 011ffff0 00 00 00 00 6f 7f e5 7c - f8 5e 08 00 00 00 00 00 ....o..|.^...... 01200000 03 00 00 00 80 b9 08 00 - 03 00 00 00 30 3d 08 00 ............0=.. 01200010 03 00 00 00 f0 ba 08 00 - 03 00 00 00 78 52 08 00 ............xR.. 01200020 03 00 00 00 70 55 08 00 - 03 00 00 00 a8 5d 08 00 ....pU.......].. 01200030 03 00 00 00 38 46 09 00 - 03 00 00 00 a8 47 09 00 ....8F.......G.. 01200040 03 00 00 00 20 48 09 00 - 03 00 00 00 c0 48 09 00 .... H.......H.. 01200050 03 00 00 00 f0 48 09 00 - 03 00 00 00 08 49 09 00 .....H.......I.. 01200060 68 00 20 01 00 00 00 00 - 70 00 20 01 00 00 00 00 h. .....p. ..... 01200070 78 00 20 01 00 00 00 00 - 80 00 20 01 00 00 00 00 x. ....... ..... 01200080 88 00 20 01 00 00 00 00 - 90 00 20 01 00 00 00 00 .. ....... ..... 01200090 98 00 20 01 00 00 00 00 - a0 00 20 01 00 00 00 00 .. ....... ..... State Dump for Thread Id 0x4f4 eax=0000001c ebx=00000000 ecx=012bff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=012bff2c ebp=012bff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02619e13=00000000 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 012BFF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 012BFFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 012BFFEC 00000000 70C0C3D2 0006FEE0 00000000 00000000 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 012bff2c a8 a9 40 00 56 00 02 00 - 0f 00 00 00 00 00 00 00 ..@.V........... 012bff3c 00 00 00 00 42 67 02 00 - 04 01 00 00 7b 01 00 00 ....Bg......{... 012bff4c b4 ff 2b 01 89 a3 40 00 - 64 c4 c0 70 00 00 40 00 ..+...@.d..p..@. 012bff5c 34 00 37 00 38 00 2d 00 - e0 fe 06 00 72 a3 40 00 4.7.8.-.....r.@. 012bff6c 72 90 40 00 50 01 00 00 - 00 00 40 00 00 00 00 00 r.@.P.....@..... 012bff7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012bff8c 97 02 00 00 fc f6 42 80 - 20 60 63 ff e0 a3 62 ff ......B. `c...b. 012bff9c ff ff ff ff 00 00 00 00 - f0 07 43 80 00 00 00 00 ..........C..... 012bffac 00 00 00 00 00 00 00 00 - ec ff 2b 01 88 b3 57 7c ..........+...W| 012bffbc 00 00 00 00 34 00 37 00 - 38 00 2d 00 e0 fe 06 00 ....4.7.8.-..... 012bffcc 00 a0 fd 7f 39 00 38 00 - c0 ff 2b 01 39 00 38 00 ....9.8...+.9.8. 012bffdc ff ff ff ff 54 1f 5c 7c - 08 2b 57 7c 00 00 00 00 ....T.\|.+W|.... 012bffec 00 00 00 00 00 00 00 00 - d2 c3 c0 70 e0 fe 06 00 ...........p.... 012bfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x540 eax=0130e318 ebx=00000006 ecx=0000010c edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02669c7f=68088bff 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000002D8 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0130fdb8 06 00 00 00 d8 01 00 00 - e0 01 00 00 e4 01 00 00 ................ 0130fdc8 e8 01 00 00 04 02 00 00 - d4 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 40 05 00 00 ............@... 0130fe08 05 00 00 00 d8 01 00 00 - e0 01 00 00 e4 01 00 00 ................ 0130fe18 e8 01 00 00 04 02 00 00 - d4 01 00 00 80 a6 44 00 ..............D. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 d4 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - ff ff ff ff ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - ff ff ff ff ff 00 00 00 ..0............. 0130fe78 e8 12 f8 77 ff ff ff ff - ec ff 30 01 00 00 00 00 ...w......0..... 0130fe88 40 05 00 00 00 00 00 00 - 00 00 00 00 dc 01 00 00 @............... 0130fe98 40 05 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 @............... 0130fea8 00 00 00 00 58 5c 02 00 - 56 00 00 00 ff 02 00 00 ....X\..V....... 0130feb8 d8 01 00 00 e0 01 00 00 - e4 01 00 00 e8 01 00 00 ................ 0130fec8 04 02 00 00 00 00 00 00 - 00 00 2e 01 10 00 30 c0 ..............0. State Dump for Thread Id 0x2dc eax=778321fe ebx=00000003 ecx=0006ba01 edx=00000000 esi=77f88ef8 edi=00000003 eip=77f88f03 esp=01c1fd24 ebp=01c1fd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02f79c0b=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C1FD70 7C59A10E 01C1FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 01C1FFB4 7C57B388 00000004 7FFDE000 0006BA3C 000B4680 kernel32!WaitForMultipleObjects 01C1FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x4f8 eax=00000202 ebx=01c7ff74 ecx=00000010 edx=00000000 esi=77f88f08 edi=000002bc eip=77f88f13 esp=01c7ff58 ebp=01c7ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02fd9e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C7FF7C 7C57B3DB 000002BC 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 01c7ff58 30 a0 59 7c bc 02 00 00 - 00 00 00 00 74 ff c7 01 0.Y|........t... 01c7ff68 00 00 00 00 30 25 33 01 - e0 7e f8 77 00 44 5f 9a ....0%3..~.w.D_. 01c7ff78 fe ff ff ff c0 7f f8 77 - db b3 57 7c bc 02 00 00 .......w..W|.... 01c7ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 bc 02 00 00 .'......U..p.... 01c7ff98 c0 27 09 00 05 00 00 00 - 30 25 33 01 ec ff c7 01 .'......0%3..... 01c7ffa8 30 25 33 01 95 d7 cf 70 - a0 40 0c 00 6f d7 cf 70 0%3....p.@..o..p 01c7ffb8 88 b3 57 7c 30 25 33 01 - 05 00 00 00 a0 40 0c 00 ..W|0%3......@.. 01c7ffc8 30 25 33 01 00 70 fd 7f - 10 c2 09 00 c0 ff c7 01 0%3..p.......... 01c7ffd8 10 c2 09 00 ff ff ff ff - 54 1f 5c 7c 08 2b 57 7c ........T.\|.+W| 01c7ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 01c7fff8 30 25 33 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 0%3........o..?. 01c80008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 01c80018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 01c80028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 01c80038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 01c80048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 01c80058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 01c80068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 01c80078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 01c80088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x500 eax=00000000 ebx=01cdff74 ecx=7ffd6000 edx=00000000 esi=77f88f08 edi=00000300 eip=77f88f13 esp=01cdff58 ebp=01cdff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:03039e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01CDFF7C 7C57B3DB 00000300 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x4f0 eax=0281dcea ebx=00007535 ecx=023d0200 edx=023d01b0 esi=00000020 edi=00000020 eip=77e30ed2 esp=01d5f078 ebp=01d5f0d8 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202 function: PrivateExtractIconsW 77e30eb7 6a03 push 0x3 77e30eb9 8bc3 mov eax,ebx 77e30ebb f7d8 neg eax 77e30ebd 50 push eax 77e30ebe ff75d0 push dword ptr [ebp+0xd0] ss:030b8fbe=???????? 77e30ec1 ff75d4 push dword ptr [ebp+0xd4] ss:030b8fbe=???????? 77e30ec4 ff55c0 call dword ptr [ebp+0xc0] ss:030b8fbe=???????? 77e30ec7 8945b4 mov [ebp+0xb4],eax ss:030b8fbe=???????? 77e30eca 85c0 test eax,eax 77e30ecc 0f8423010000 je CreateIconFromResourceEx+0x80 (77e30ff5) 77e30ed2 8b08 mov ecx,[eax] ds:0281dcea=00000028 77e30ed4 83f928 cmp ecx,0x28 77e30ed7 0f8551770100 jne CharUpperBuffA+0x5028 (77e4862e) 77e30edd 8b4d1c mov ecx,[ebp+0x1c] ss:030b8fbe=???????? 77e30ee0 85c9 test ecx,ecx 77e30ee2 0f8554770100 jne CharUpperBuffA+0x5036 (77e4863c) 77e30ee8 ff7524 push dword ptr [ebp+0x24] ss:030b8fbe=???????? 77e30eeb 56 push esi 77e30eec 57 push edi 77e30eed 6800000300 push 0x30000 77e30ef2 6a01 push 0x1 77e30ef4 ff75c8 push dword ptr [ebp+0xc8] ss:030b8fbe=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01D5F0D8 77E30AAB 0000043C 00000000 00100020 00100020 user32!PrivateExtractIconsW 01D5F53C 7CF732DB 01D5F824 00000000 00100020 00100020 user32!PrivateExtractIconsW 01D5F564 7CF73349 01D5F824 00000000 00100020 00100020 shell32!Ordinal702 01D5F59C 7CF737B0 01D5F824 00000000 0000000A 01D5FA30 shell32!Ordinal6 01D5F5C8 7CF743ED 000C41A0 01D5F824 00000000 01D5FA30 shell32!Ordinal239 01D5F6F4 7CF736BA 0008E208 01D5F824 07A9F350 01D5FA30 shell32!Ordinal654 01D5FA3C 7CF7CBC0 07A9F350 00000000 000D6820 000D6808 shell32!Ordinal239 01D5FA64 7CF73B54 00090324 0008E208 000D6820 00000000 shell32!Ordinal72 01D5FEB0 7CF7175A 00090328 11021000 00000000 000D6808 shell32!Ordinal239 01D5FECC 7CF71268 00090328 000D6820 00000000 000D6808 shell32!Ordinal256 01D5FEF0 7CF738CD 0008DE90 0008FC78 000D6820 00000000 shell32!Ordinal256 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal239 *----> Raw Stack Dump <----* 01d5f078 80 00 00 10 29 c2 58 7c - 00 00 00 00 7c 97 81 02 ....).X|....|... 01d5f088 35 75 00 00 ea dc 81 02 - 0c 00 00 00 20 00 10 00 5u.......... ... 01d5f098 19 0c e3 77 80 00 00 10 - a8 08 00 00 b8 00 3d 02 ...w..........=. 01d5f0a8 00 90 81 02 00 00 3d 02 - 20 00 10 00 80 00 00 10 ......=. ....... 01d5f0b8 40 04 00 00 00 00 00 00 - 78 f0 d5 01 00 00 00 00 @.......x....... 01d5f0c8 dc ff d5 01 bd 37 e4 77 - 28 0f e3 77 00 00 00 00 .....7.w(..w.... 01d5f0d8 3c f5 d5 01 ab 0a e3 77 - 3c 04 00 00 00 00 00 00 <......w<....... 01d5f0e8 20 00 10 00 20 00 10 00 - 94 f5 d5 01 00 00 00 00 ... ........... 01d5f0f8 02 00 00 00 00 00 00 00 - 00 00 00 00 08 e2 08 00 ................ 01d5f108 00 00 00 00 43 00 3a 00 - 5c 00 50 00 72 00 6f 00 ....C.:.\.P.r.o. 01d5f118 67 00 72 00 61 00 6d 00 - 20 00 46 00 69 00 6c 00 g.r.a.m. .F.i.l. 01d5f128 65 00 73 00 5c 00 4d 00 - 69 00 63 00 72 00 6f 00 e.s.\.M.i.c.r.o. 01d5f138 73 00 6f 00 66 00 74 00 - 20 00 41 00 6e 00 74 00 s.o.f.t. .A.n.t. 01d5f148 69 00 53 00 70 00 79 00 - 77 00 61 00 72 00 65 00 i.S.p.y.w.a.r.e. 01d5f158 5c 00 47 00 49 00 41 00 - 4e 00 54 00 41 00 6e 00 \.G.I.A.N.T.A.n. 01d5f168 74 00 69 00 53 00 70 00 - 79 00 77 00 61 00 72 00 t.i.S.p.y.w.a.r. 01d5f178 65 00 4d 00 61 00 69 00 - 6e 00 2e 00 65 00 78 00 e.M.a.i.n...e.x. 01d5f188 65 00 00 00 1a 02 00 00 - d8 21 07 00 a4 f1 d5 01 e........!...... 01d5f198 04 01 00 00 01 00 00 00 - 08 e2 08 00 01 9a f7 7c ...............| 01d5f1a8 3f 00 00 00 02 00 00 00 - e0 e1 08 00 08 68 0d 00 ?............h.. State Dump for Thread Id 0x4ec eax=00000000 ebx=01def6f8 ecx=ffffffc3 edx=01def544 esi=01def568 edi=01def5e4 eip=77fabeb7 esp=01def528 ebp=01def554 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010246 function: RtlInitUnicodeString 77fabe9c 57 push edi 77fabe9d 8b7c240c mov edi,[esp+0xc] ss:0314940f=???????? 77fabea1 8b542408 mov edx,[esp+0x8] ss:0314940f=???????? 77fabea5 c70200000000 mov dword ptr [edx],0x0 ds:01def544=00000000 77fabeab 897a04 mov [edx+0x4],edi ds:0314942a=???????? 77fabeae 0bff or edi,edi 77fabeb0 7422 jz RtlpNtEnumerateSubKey+0x7272 (77fb41d4) 77fabeb2 83c9ff or ecx,0xff 77fabeb5 33c0 xor eax,eax 77fabeb7 f266af repne scasw es:01def5e4=002d 77fabeba f7d1 not ecx 77fabebc d1e1 shl ecx,1 77fabebe 81f9feff0000 cmp ecx,0xfffe 77fabec4 7605 jbe tan+0x83 (77fb77cb) 77fabec6 b9feff0000 mov ecx,0xfffe 77fabecb 66894a02 mov [edx+0x2],cx ds:0314942b=???? 77fabecf 49 dec ecx 77fabed0 49 dec ecx 77fabed1 66890a mov [edx],cx ds:01def544=0000 77fabed4 5f pop edi 77fabed5 c20800 ret 0x8 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01DEF554 7C2EEED5 00000382 01DEF7BC 01DEF6EC 0000009E ntdll!RtlInitUnicodeString 01DEF700 7C2EEEA1 00000382 01DEF7BC 00000000 02000000 advapi32!RegSetValueExA 01DEF794 7C2F4A83 00000382 01DEF7BC 00000000 02000000 advapi32!RegSetValueExA 01DEF7C8 7C2F4C36 00000382 01DEFA0C 00000000 02000000 advapi32!RegOpenKeyExW 01DEFC44 7CE28B31 01DEFC6C 00000000 000C3628 00000000 advapi32!RegOpenKeyW 01DEFE8C 7116E278 00000000 00000001 01DEFEA8 01DEFEC0 ole32!CreateOleAdviseHolder 01DEFEB8 7116E223 00000000 01DEFED8 00000001 000C3FC0 !DllGetClassObject 01DEFEDC 7116E3AB 000C3FC0 000C67A8 000C67A8 80004005 !DllGetClassObject 01DEFEF4 7116E375 00000002 000C3FB0 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01def528 00 00 00 00 d4 ec 2e 7c - 44 f5 de 01 6c f5 de 01 .......|D...l... 01def538 bc f7 de 01 00 00 00 00 - 82 03 00 00 00 00 00 00 ................ 01def548 6c f5 de 01 80 01 00 00 - fc f6 de 01 00 f7 de 01 l............... 01def558 d5 ee 2e 7c 82 03 00 00 - bc f7 de 01 ec f6 de 01 ...|............ 01def568 9e 00 00 00 5c 00 52 00 - 45 00 47 00 49 00 53 00 ....\.R.E.G.I.S. 01def578 54 00 52 00 59 00 5c 00 - 4d 00 41 00 43 00 48 00 T.R.Y.\.M.A.C.H. 01def588 49 00 4e 00 45 00 5c 00 - 53 00 4f 00 46 00 54 00 I.N.E.\.S.O.F.T. 01def598 57 00 41 00 52 00 45 00 - 5c 00 43 00 6c 00 61 00 W.A.R.E.\.C.l.a. 01def5a8 73 00 73 00 65 00 73 00 - 5c 00 63 00 6c 00 73 00 s.s.e.s.\.c.l.s. 01def5b8 69 00 64 00 5c 00 7b 00 - 30 00 30 00 30 00 43 00 i.d.\.{.0.0.0.C. 01def5c8 31 00 30 00 33 00 45 00 - 2d 00 30 00 30 00 30 00 1.0.3.E.-.0.0.0. 01def5d8 30 00 2d 00 30 00 30 00 - 30 00 30 00 2d 00 43 00 0.-.0.0.0.0.-.C. 01def5e8 30 00 30 00 30 00 2d 00 - 30 00 30 00 30 00 30 00 0.0.0.-.0.0.0.0. 01def5f8 30 00 30 00 30 00 30 00 - 30 00 30 00 34 00 36 00 0.0.0.0.0.0.4.6. 01def608 7d 00 5c 00 00 00 43 00 - 31 00 30 00 33 00 45 00 }.\...C.1.0.3.E. 01def618 2d 00 30 00 30 00 30 00 - 30 00 2d 00 30 00 30 00 -.0.0.0.0.-.0.0. 01def628 30 00 30 00 2d 00 43 00 - 30 00 30 00 30 00 2d 00 0.0.-.C.0.0.0.-. 01def638 30 00 30 00 30 00 30 00 - 30 00 30 00 30 00 30 00 0.0.0.0.0.0.0.0. 01def648 30 00 30 00 34 00 36 00 - 7d 00 00 00 00 00 00 00 0.0.4.6.}....... 01def658 c0 03 07 00 09 00 00 00 - 02 00 00 00 c0 03 07 00 ................ State Dump for Thread Id 0x4e8 eax=70c1acaf ebx=00000002 ecx=00000001 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=01e2fe5c ebp=01e2fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:03189d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01E2FEA8 77E4169F 01E2FE80 00000001 00000000 01E2FEA0 ntdll!NtWaitForMultipleObjects 01E2FF04 77E41706 01E2FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 01E2FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 01E2FF74 70C1AB1B 01E2FFA0 01E2FFA4 01E2FFA8 01E2FF9C !Ordinal265 01E2FFAC 70C1ACDF 00000000 7C57B388 00000000 00000000 !Ordinal293 01E2FFEC 00000000 00000000 00000000 00000000 00000000 !Ordinal293 Application exception occurred: App: explorer.exe (pid=1252) When: 7/4/2005 @ 09:46:59.553 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 516 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 632 ccSetMgr.exe 692 navapsvc.exe 784 SAVScan.exe 812 MSTask.exe 840 tcpsvcs.exe 900 stisvc.exe 932 symlcsvc.exe 964 wanmpsvc.exe 1016 WinMgmt.exe 1044 mspmspsv.exe 1064 svchost.exe 1080 ccEvtMgr.exe 680 userinit.exe 1252 explorer.exe 732 drwtsn32.exe 720 taskmgr.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (7C0F0000 - 7C154000) (702B0000 - 7032A000) (77820000 - 77827000) (759B0000 - 759B6000) (70440000 - 704CF000) (70C50000 - 70EFD000) (774E0000 - 77514000) (774C0000 - 774D1000) (75030000 - 75044000) (75020000 - 75028000) (77530000 - 77552000) (77830000 - 7783E000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (7CA00000 - 7CA23000) (01D70000 - 01D7F000) (76620000 - 76631000) State Dump for Thread Id 0x468 eax=e6f76000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008c5a0 eip=0006f295 esp=0006f238 ebp=00000000 iopl=0 nv up ei ng nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286 function: 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:e6f76000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:e6f76000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00843b0d0060f7 add [ebx+edi+0xf760000d],al ds:f768c5ad=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:e6f76000=?? 0006f296 0000 add [eax],al ds:e6f76000=?? 0006f298 0000 add [eax],al ds:e6f76000=?? 0006f29a 0000 add [eax],al ds:e6f76000=?? 0006f29c 0100 add [eax],eax ds:e6f76000=???????? 0006f29e 0000 add [eax],al ds:e6f76000=?? 0006f2a0 0000 add [eax],al ds:e6f76000=?? 0006f2a2 0000 add [eax],al ds:e6f76000=?? 0006f2a4 0000 add [eax],al ds:e6f76000=?? 0006f2a6 0000 add [eax],al ds:e6f76000=?? 0006f2a8 c4f2 les esi,edx 0006f2aa 06 push es *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 7c c5 08 00 - 68 3b 0d 00 00 00 00 00 ....|...h;...... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 84 3b 0d 00 - 60 f7 e6 7c 00 00 00 00 .....;..`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 68 3b 0d 00 - 00 00 00 00 05 40 00 80 ....h;.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 84 3b 0d 00 00 00 00 00 P........;...... 0006f2c8 01 00 00 00 80 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x4e0 eax=008451b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000090 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000090 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 90 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 0103fd58 94 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 90 00 00 00 .........R...... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0103fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x4f0 eax=77d4aefc ebx=00086e58 ecx=00000000 edx=00000000 esi=0007dc00 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DC00 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862B8 011BFFEC 7C57B388 00086E58 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E58 00000000 00000000 00086E58 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x500 eax=7ce57f6f ebx=00000102 ecx=00074540 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x4f8 eax=0044fc98 ebx=00000000 ecx=00230570 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=0123ff2c ebp=0123ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02599e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 0123FFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x540 eax=0130e318 ebx=00000006 ecx=0000010c edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02669c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001CC 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 dc fd 30 01 - 00 00 00 00 00 00 00 00 ......0......... 0130fdb8 06 00 00 00 d4 01 00 00 - d8 01 00 00 e0 01 00 00 ................ 0130fdc8 e4 01 00 00 d8 02 00 00 - c8 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 dc fd 30 01 00 00 00 00 - 00 00 00 00 40 05 00 00 ..0.........@... 0130fe08 05 00 00 00 d4 01 00 00 - d8 01 00 00 e0 01 00 00 ................ 0130fe18 e4 01 00 00 d8 02 00 00 - c8 01 00 00 50 a6 44 00 ............P.D. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 c8 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - d0 07 00 00 ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..0............. 0130fe78 e8 12 f8 77 ff ff ff ff - ec ff 30 01 00 00 00 00 ...w......0..... 0130fe88 40 05 00 00 cb cb 44 80 - 00 00 00 00 d0 01 00 00 @.....D......... 0130fe98 40 05 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 @............... 0130fea8 00 00 00 00 6b 75 02 00 - dc 01 00 00 b2 01 00 00 ....ku.......... 0130feb8 d4 01 00 00 d8 01 00 00 - e0 01 00 00 e4 01 00 00 ................ 0130fec8 d8 02 00 00 b0 51 61 ff - 46 02 00 00 14 e3 42 80 .....Qa.F.....B. State Dump for Thread Id 0x4f4 eax=778321fe ebx=00000003 ecx=0006ba01 edx=00000000 esi=77f88ef8 edi=00000003 eip=77f88f03 esp=01c1fd24 ebp=01c1fd70 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02f79c0b=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C1FD70 7C59A10E 01C1FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 01C1FFB4 7C57B388 00000004 7FFDE000 0006BA3C 000B4378 kernel32!WaitForMultipleObjects 01C1FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x2bc eax=00000202 ebx=01c7ff74 ecx=00000010 edx=00000000 esi=77f88f08 edi=000002b0 eip=77f88f13 esp=01c7ff58 ebp=01c7ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02fd9e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01C7FF7C 7C57B3DB 000002B0 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 01c7ff58 30 a0 59 7c b0 02 00 00 - 00 00 00 00 74 ff c7 01 0.Y|........t... 01c7ff68 00 00 00 00 30 25 33 01 - e0 7e f8 77 00 44 5f 9a ....0%3..~.w.D_. 01c7ff78 fe ff ff ff c0 7f f8 77 - db b3 57 7c b0 02 00 00 .......w..W|.... 01c7ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 b0 02 00 00 .'......U..p.... 01c7ff98 c0 27 09 00 05 00 00 00 - 30 25 33 01 ec ff c7 01 .'......0%3..... 01c7ffa8 30 25 33 01 95 d7 cf 70 - f0 3c 0c 00 6f d7 cf 70 0%3....p.<..o..p 01c7ffb8 88 b3 57 7c 30 25 33 01 - 05 00 00 00 f0 3c 0c 00 ..W|0%3......<.. 01c7ffc8 30 25 33 01 00 70 fd 7f - 28 dc 09 00 c0 ff c7 01 0%3..p..(....... 01c7ffd8 28 dc 09 00 ff ff ff ff - 54 1f 5c 7c 08 2b 57 7c (.......T.\|.+W| 01c7ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf 70 ............f..p 01c7fff8 30 25 33 01 00 00 00 00 - 0d 00 af 6f 01 00 3f 00 0%3........o..?. 01c80008 3f 00 3f 00 3f 00 00 00 - 00 00 00 00 00 00 00 00 ?.?.?........... 01c80018 00 00 03 01 00 00 01 00 - 02 00 03 00 04 00 05 00 ................ 01c80028 06 00 07 00 08 00 09 00 - 0a 00 0b 00 0c 00 0d 00 ................ 01c80038 0e 00 0f 00 10 00 11 00 - 12 00 13 00 14 00 15 00 ................ 01c80048 16 00 17 00 18 00 19 00 - 1a 00 1b 00 1c 00 1d 00 ................ 01c80058 1e 00 1f 00 20 00 21 00 - 22 00 23 00 24 00 25 00 .... .!.".#.$.%. 01c80068 26 00 27 00 28 00 29 00 - 2a 00 2b 00 2c 00 2d 00 &.'.(.).*.+.,.-. 01c80078 2e 00 2f 00 30 00 31 00 - 32 00 33 00 34 00 35 00 ../.0.1.2.3.4.5. 01c80088 36 00 37 00 38 00 39 00 - 3a 00 3b 00 3c 00 3d 00 6.7.8.9.:.;.<.=. State Dump for Thread Id 0x56c eax=00000000 ebx=01cdff74 ecx=7ffd6000 edx=00000000 esi=77f88f08 edi=000001f8 eip=77f88f13 esp=01cdff58 ebp=01cdff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:03039e3f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01CDFF7C 7C57B3DB 000001F8 000927C0 00000000 70CFD855 ntdll!ZwWaitForSingleObject 77F87FC0 4AFFC033 89257508 FF900C42 037D044A 520004C2 kernel32!WaitForSingleObject 0424548B 00000000 00000000 00000000 00000000 00000000 State Dump for Thread Id 0x4e8 eax=01d6f770 ebx=00000000 ecx=01d6ffdc edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=01d6f500 ebp=01d6f544 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:030c93e7=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 01D6F544 7C2EEEF1 01D6F6EC 0000006A 01D6F7BC 02000000 ntdll!NtOpenKey 01D6F700 7C2EEEA1 0000006A 01D6F7BC 00000000 02000000 advapi32!RegSetValueExA 01D6F794 7C2F4A83 0000006A 01D6F7BC 00000000 02000000 advapi32!RegSetValueExA 01D6F7C8 7C2F4C36 80000000 01D6FA08 00000000 02000000 advapi32!RegOpenKeyExW 01D6FC40 7CE28B31 01D6FC68 00000001 000C3248 00000000 advapi32!RegOpenKeyW 01D6FE88 7116E2AC 00000000 00000001 01D6FEA8 01D6FEC0 ole32!CreateOleAdviseHolder 01D6FEB8 7116E223 00000000 01D6FED8 00000002 000D4468 !DllGetClassObject 01D6FEDC 7116E3AB 000D4468 000C4760 000C4760 80004005 !DllGetClassObject 01D6FEF4 7116E375 00000002 000D4468 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 01d6f500 a2 ef 2e 7c 30 fc d6 01 - 00 00 00 02 1c f5 d6 01 ...|0........... 01d6f510 bc f7 d6 01 00 00 00 00 - 6a 00 00 00 18 00 00 00 ........j....... 01d6f520 00 00 00 00 34 f5 d6 01 - 40 00 00 00 00 00 00 00 ....4...@....... 01d6f530 00 00 00 00 e2 00 62 01 - f0 4c 08 00 f0 4c 08 00 ......b..L...L.. 01d6f540 6a 00 88 00 00 f7 d6 01 - f1 ee 2e 7c ec f6 d6 01 j..........|.... 01d6f550 6a 00 00 00 bc f7 d6 01 - 00 00 00 02 03 00 00 00 j............... 01d6f560 30 fc d6 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 0...........\.R. 01d6f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 01d6f580 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 01d6f590 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 01d6f5a0 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 01d6f5b0 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 01d6f5c0 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 01d6f5d0 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 01d6f5e0 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 01d6f5f0 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 01d6f600 5c 00 7b 00 36 00 41 00 - 38 00 37 00 31 00 31 00 \.{.6.A.8.7.1.1. 01d6f610 33 00 42 00 2d 00 42 00 - 36 00 46 00 32 00 2d 00 3.B.-.B.6.F.2.-. 01d6f620 34 00 30 00 63 00 38 00 - 2d 00 39 00 38 00 44 00 4.0.c.8.-.9.8.D. 01d6f630 37 00 2d 00 39 00 44 00 - 31 00 39 00 46 00 38 00 7.-.9.D.1.9.F.8. Application exception occurred: App: explorer.exe (pid=1332) When: 7/4/2005 @ 11:05:34.687 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 472 svchost.exe 524 LEXBCES.exe 548 spoolsv.exe 576 LEXPPS.exe 624 ccSetMgr.exe 688 navapsvc.exe 768 SAVScan.exe 808 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 916 symlcsvc.exe 932 wanmpsvc.exe 1000 WinMgmt.exe 1036 mspmspsv.exe 1048 svchost.exe 1072 ccEvtMgr.exe 1332 explorer.exe 1360 msiexec.exe 936 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (745E0000 - 748A6000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76631000) (7C0F0000 - 7C154000) (76DF0000 - 76E01000) (01390000 - 0139F000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) State Dump for Thread Id 0x538 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=00096058 eip=0006f28d esp=0006f239 ebp=00000000 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 0044310a add [ecx+esi+0xa],al ds:7e1c9647=?? 0006f28f 0060f7 add [eax+0xf7],ah ds:01359ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f239 f7 e6 7c c4 f2 06 00 01 - 00 00 00 e3 b5 e6 7c 54 ..|...........|T 0006f249 f2 06 00 60 f7 e6 7c c4 - f2 06 00 10 0f e7 7c 01 ...`..|.......|. 0006f259 00 00 00 34 60 09 00 28 - 31 0a 00 00 00 00 00 54 ...4`..(1......T 0006f269 f2 06 00 dc f2 06 00 eb - c6 e6 7c 8c f2 06 00 07 ..........|..... 0006f279 d7 e6 7c 8c f2 06 00 10 - f8 06 00 10 f8 06 00 10 ..|............. 0006f289 f8 06 00 44 31 0a 00 60 - f7 e6 7c 00 00 00 00 00 ...D1..`..|..... 0006f299 00 00 00 01 00 00 00 00 - 00 00 00 00 00 00 00 c4 ................ 0006f2a9 f2 06 00 28 31 0a 00 00 - 00 00 00 05 40 00 80 50 ...(1.......@..P 0006f2b9 fc 06 00 00 00 00 00 44 - 31 0a 00 00 00 00 00 01 .......D1....... 0006f2c9 00 00 00 98 04 08 00 00 - 00 00 00 00 00 00 00 60 ...............` 0006f2d9 f6 06 00 f8 f2 06 00 5c - d4 e6 7c 54 24 f1 7c 00 .......\..|T$.|. 0006f2e9 00 00 00 10 f8 06 00 d0 - fd 06 00 58 24 f1 7c 1c ...........X$.|. 0006f2f9 f3 06 00 7b d8 e6 7c 10 - f8 06 00 00 00 00 00 d0 ...{..|......... 0006f309 fd 06 00 5c 24 f1 7c 00 - 00 00 00 00 00 00 00 01 ...\$.|......... 0006f319 00 00 00 3c f3 06 00 24 - d8 e6 7c 58 24 f1 7c 00 ...<...$..|X$.|. 0006f329 00 00 00 10 f8 06 00 d0 - fd 06 00 05 40 00 80 58 ............@..X 0006f339 24 f1 7c 5c f3 06 00 a0 - d5 e6 7c 5c 24 f1 7c 01 $.|\......|\$.|. 0006f349 00 00 00 00 00 00 00 60 - f6 06 00 10 f8 06 00 d0 .......`........ 0006f359 fd 06 00 a0 f3 06 00 4f - d5 e6 7c 5c 24 f1 7c 60 .......O..|\$.|` 0006f369 f6 06 00 00 00 00 00 10 - f8 06 00 d0 fd 06 00 96 ................ State Dump for Thread Id 0x52c eax=00000000 ebx=00000000 ecx=00000101 edx=00000000 esi=77f88f08 edi=00000078 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000078 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 78 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|x........... 0103fd58 7c 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 |............... 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 78 00 00 00 .........R..x... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 45 78 70 ....C:\WINNT\Exp 0103fd98 6c 6f 72 65 72 2e 45 58 - 45 00 00 00 00 00 00 00 lorer.EXE....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x2f8 eax=77d4aefc ebx=00086e88 ecx=00000000 edx=00000000 esi=0007dc00 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DC00 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862E8 011BFFEC 7C57B388 00086E88 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E88 00000000 00000000 00086E88 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x530 eax=00000000 ebx=00000102 ecx=7ffdb000 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep *----> Raw Stack Dump <----* 011fff60 8f a2 59 7c 00 00 00 00 - 74 ff 1f 01 bf 9f 59 7c ..Y|....t.....Y| 011fff70 f8 5e 08 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 .^....<.....0u.. 011fff80 5a a2 59 7c 60 ea 00 00 - 00 00 00 00 45 5d e7 7c Z.Y|`.......E].| 011fff90 60 ea 00 00 2c 7f e5 7c - 00 00 00 00 00 00 e2 7c `...,..|.......| 011fffa0 f8 5e 08 00 ec ff 1f 01 - f8 5e 08 00 8b 7f e5 7c .^.......^.....| 011fffb0 26 37 e5 7c 89 b4 e6 7c - 88 b3 57 7c f8 5e 08 00 &7.|...|..W|.^.. 011fffc0 26 37 e5 7c 89 b4 e6 7c - f8 5e 08 00 00 b0 fd 7f &7.|...|.^...... 011fffd0 40 45 07 00 c0 ff 1f 01 - 40 45 07 00 ff ff ff ff @E......@E...... 011fffe0 54 1f 5c 7c 08 2b 57 7c - 00 00 00 00 00 00 00 00 T.\|.+W|........ 011ffff0 00 00 00 00 6f 7f e5 7c - f8 5e 08 00 00 00 00 00 ....o..|.^...... 01200000 03 00 00 00 80 b9 08 00 - 03 00 00 00 30 3d 08 00 ............0=.. 01200010 03 00 00 00 f0 ba 08 00 - 03 00 00 00 78 52 08 00 ............xR.. 01200020 03 00 00 00 70 55 08 00 - 03 00 00 00 a8 5d 08 00 ....pU.......].. 01200030 03 00 00 00 d8 84 09 00 - 03 00 00 00 48 86 09 00 ............H... 01200040 03 00 00 00 c0 86 09 00 - 03 00 00 00 30 83 09 00 ............0... 01200050 03 00 00 00 60 83 09 00 - 03 00 00 00 60 87 09 00 ....`.......`... 01200060 68 00 20 01 00 00 00 00 - 70 00 20 01 00 00 00 00 h. .....p. ..... 01200070 78 00 20 01 00 00 00 00 - 80 00 20 01 00 00 00 00 x. ....... ..... 01200080 88 00 20 01 00 00 00 00 - 90 00 20 01 00 00 00 00 .. ....... ..... 01200090 98 00 20 01 00 00 00 00 - a0 00 20 01 00 00 00 00 .. ....... ..... State Dump for Thread Id 0x4e8 eax=0000001c ebx=00000000 ecx=012bff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=012bff2c ebp=012bff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02619e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 012BFF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 012BFFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 012BFFEC 00000000 70C0C3D2 0006FEE0 00000000 00000000 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 012bff2c a8 a9 40 00 7c 00 03 00 - 0f 00 00 00 00 00 00 00 ..@.|........... 012bff3c 00 00 00 00 d4 d4 02 00 - ba 01 00 00 95 01 00 00 ................ 012bff4c b4 ff 2b 01 89 a3 40 00 - 64 c4 c0 70 00 00 40 00 ..+...@.d..p..@. 012bff5c 34 00 37 00 38 00 2d 00 - e0 fe 06 00 72 a3 40 00 4.7.8.-.....r.@. 012bff6c 72 90 40 00 28 01 00 00 - 00 00 40 00 00 00 00 00 r.@.(.....@..... 012bff7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012bff8c 97 02 00 00 fc f6 42 80 - e0 c6 6b ff 80 33 d0 87 ......B...k..3.. 012bff9c ff ff ff ff 00 00 00 00 - f0 07 43 80 00 00 00 00 ..........C..... 012bffac 00 00 00 00 00 00 00 00 - ec ff 2b 01 88 b3 57 7c ..........+...W| 012bffbc 00 00 00 00 34 00 37 00 - 38 00 2d 00 e0 fe 06 00 ....4.7.8.-..... 012bffcc 00 a0 fd 7f 39 00 38 00 - c0 ff 2b 01 39 00 38 00 ....9.8...+.9.8. 012bffdc ff ff ff ff 54 1f 5c 7c - 08 2b 57 7c 00 00 00 00 ....T.\|.+W|.... 012bffec 00 00 00 00 00 00 00 00 - d2 c3 c0 70 e0 fe 06 00 ...........p.... 012bfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 012c005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x2e8 eax=0009d000 ebx=00000006 ecx=0130e4e0 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02669c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001D4 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x528 eax=00001130 ebx=0000000e ecx=0165a140 edx=01659000 esi=00000000 edi=80000000 eip=77e30cb4 esp=0134f050 ebp=0134f05c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010246 function: PrivateExtractIconsW 77e30c92 7cf4 jl DrawFrame+0xed (77e34888) 77e30c94 3bf0 cmp esi,eax 77e30c96 0f8dac6dfeff jnl DdeQueryConvInfo+0xd90 (77e17a48) 77e30c9c 8b44f104 mov eax,[ecx+esi*8+0x4] ds:01359ee7=???????? 77e30ca0 bf00000080 mov edi,0x80000000 77e30ca5 85c7 test edi,eax 77e30ca7 740b jz GetWindowLongA+0x8a (77e331b4) 77e30ca9 25ffffff7f and eax,0x7fffffff 77e30cae 33f6 xor esi,esi 77e30cb0 8d4c1010 lea ecx,[eax+edx+0x10] ds:029b2ee7=???????? 77e30cb4 8b4cf104 mov ecx,[ecx+esi*8+0x4] ds:01359ee7=???????? 77e30cb8 85cf test edi,ecx 77e30cba 0f85886dfeff jne DdeQueryConvInfo+0xd90 (77e17a48) 77e30cc0 8d040a lea eax,[edx+ecx] ds:0165a140=00000409 77e30cc3 8b5518 mov edx,[ebp+0x18] ss:026a8f42=???????? 77e30cc6 8b4804 mov ecx,[eax+0x4] ds:0135b016=???????? 77e30cc9 890a mov [edx],ecx ds:01659000=00000000 77e30ccb ff30 push dword ptr [eax] ds:00001130=???????? 77e30ccd ff7508 push dword ptr [ebp+0x8] ss:026a8f42=???????? 77e30cd0 e844000000 call PrivateExtractIconsW+0x3d7 (77e30d19) 77e30cd5 5f pop edi 77e30cd6 5e pop esi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F05C 77E30E7A 015C0000 01659000 00000000 0000000E user32!PrivateExtractIconsW 0134F0D8 77E30AAB 00000310 00000000 00100020 00100020 user32!PrivateExtractIconsW 0134F53C 7CF732DB 0134F824 00000000 00100020 00100020 user32!PrivateExtractIconsW 0134F564 7CF73349 0134F824 00000000 00100020 00100020 shell32!Ordinal702 0134F59C 7CF737B0 0134F824 00000000 0000000A 0134FA30 shell32!Ordinal6 0134F5C8 7CF743ED 0008E5D0 0134F824 00000000 0134FA30 shell32!Ordinal239 0134F6F4 7CF736BA 00095C08 0134F824 075AA000 0134FA30 shell32!Ordinal654 0134FA3C 7CF7CBC0 075AA000 00000000 0007FFE0 0007FFC8 shell32!Ordinal239 0134FA64 7CF73B54 00091EFC 00095C08 0007FFE0 00000000 shell32!Ordinal72 0134FEB0 7CF7175A 00091F00 11021000 00000000 0007FFC8 shell32!Ordinal239 0134FECC 7CF71268 00091F00 0007FFE0 00000000 0007FFC8 shell32!Ordinal256 0134FEF0 7CF738CD 00087280 00091C20 0007FFE0 00000000 shell32!Ordinal256 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal239 *----> Raw Stack Dump <----* 0134f050 00 00 00 00 00 00 5c 01 - 00 b8 10 00 d8 f0 34 01 ......\.......4. 0134f060 7a 0e e3 77 00 00 5c 01 - 00 90 65 01 00 00 00 00 z..w..\...e..... 0134f070 0e 00 00 00 a0 f0 34 01 - 80 00 00 10 29 c2 58 7c ......4.....).X| 0134f080 00 00 00 00 00 00 00 00 - bc f0 34 01 2c f5 34 01 ..........4.,.4. 0134f090 0c 00 00 00 20 00 10 00 - 19 0c e3 77 80 00 00 10 .... ......w.... 0134f0a0 29 c2 58 7c 10 01 5c 01 - 00 90 65 01 00 00 5c 01 ).X|..\...e...\. 0134f0b0 20 00 10 00 80 00 00 10 - 14 03 00 00 00 00 00 00 ............... 0134f0c0 78 f0 34 01 00 00 00 00 - dc ff 34 01 bd 37 e4 77 x.4.......4..7.w 0134f0d0 28 0f e3 77 00 00 00 00 - 3c f5 34 01 ab 0a e3 77 (..w....<.4....w 0134f0e0 10 03 00 00 00 00 00 00 - 20 00 10 00 20 00 10 00 ........ ... ... 0134f0f0 94 f5 34 01 00 00 00 00 - 02 00 00 00 00 00 00 00 ..4............. 0134f100 00 00 00 00 08 5c 09 00 - 00 00 00 00 43 00 3a 00 .....\......C.:. 0134f110 5c 00 50 00 72 00 6f 00 - 67 00 72 00 61 00 6d 00 \.P.r.o.g.r.a.m. 0134f120 20 00 46 00 69 00 6c 00 - 65 00 73 00 5c 00 51 00 .F.i.l.e.s.\.Q. 0134f130 75 00 69 00 63 00 6b 00 - 54 00 69 00 6d 00 65 00 u.i.c.k.T.i.m.e. 0134f140 5c 00 51 00 75 00 69 00 - 63 00 6b 00 54 00 69 00 \.Q.u.i.c.k.T.i. 0134f150 6d 00 65 00 50 00 6c 00 - 61 00 79 00 65 00 72 00 m.e.P.l.a.y.e.r. 0134f160 2e 00 65 00 78 00 65 00 - 00 00 00 00 00 00 00 00 ..e.x.e......... 0134f170 24 f8 34 01 5c 00 5e 00 - 75 67 f8 77 60 fc fc 77 $.4.\.^.ug.w`..w 0134f180 37 6f f8 77 30 6f f8 77 - 08 02 00 00 1a 02 00 00 7o.w0o.w........ State Dump for Thread Id 0x3e0 eax=00000000 ebx=00000000 ecx=00010101 edx=ffffffff esi=77f886dc edi=02000000 eip=77f886e7 esp=0138f500 ebp=0138f544 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:026e93e7=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0138F544 7C2EEEF1 0138F6EC 0000006A 0138F7BC 02000000 ntdll!NtOpenKey 0138F700 7C2EEEA1 0000006A 0138F7BC 00000000 02000000 advapi32!RegSetValueExA 0138F794 7C2F4A83 0000006A 0138F7BC 00000000 02000000 advapi32!RegSetValueExA 0138F7C8 7C2F4C36 80000000 0138FA08 00000000 02000000 advapi32!RegOpenKeyExW 0138FC40 7CE28B31 0138FC68 00000001 0009EE40 00000000 advapi32!RegOpenKeyW 0138FE88 7116E2AC 00000000 00000001 0138FEA8 0138FEC0 ole32!CreateOleAdviseHolder 0138FEB8 7116E223 00000000 0138FED8 00000002 000A2B38 !DllGetClassObject 0138FEDC 7116E3AB 000A2B38 00099740 00099740 80004005 !DllGetClassObject 0138FEF4 7116E375 00000002 000A2B38 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 0138f500 f9 ef 2e 7c 30 fc 38 01 - 00 00 00 02 1c f5 38 01 ...|0.8.......8. 0138f510 bc f7 38 01 00 00 00 00 - 6a 00 00 00 18 00 00 00 ..8.....j....... 0138f520 00 00 00 00 34 f5 38 01 - 40 00 00 00 00 00 00 00 ....4.8.@....... 0138f530 00 00 00 00 9e 00 62 01 - 10 4d 08 00 10 4d 08 00 ......b..M...M.. 0138f540 6a 00 44 00 00 f7 38 01 - f1 ee 2e 7c ec f6 38 01 j.D...8....|..8. 0138f550 6a 00 00 00 bc f7 38 01 - 00 00 00 02 03 00 00 00 j.....8......... 0138f560 30 fc 38 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 0.8.........\.R. 0138f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0138f580 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 0138f590 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 0138f5a0 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 0138f5b0 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 0138f5c0 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 0138f5d0 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 0138f5e0 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 0138f5f0 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 0138f600 5c 00 7b 00 44 00 35 00 - 30 00 32 00 44 00 34 00 \.{.D.5.0.2.D.4. 0138f610 41 00 33 00 2d 00 30 00 - 33 00 45 00 36 00 2d 00 A.3.-.0.3.E.6.-. 0138f620 34 00 45 00 41 00 45 00 - 2d 00 41 00 31 00 34 00 4.E.A.E.-.A.1.4. 0138f630 45 00 2d 00 36 00 39 00 - 36 00 30 00 36 00 43 00 E.-.6.9.6.0.6.C. Application exception occurred: App: explorer.exe (pid=1320) When: 7/4/2005 @ 11:05:47.305 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 472 svchost.exe 524 LEXBCES.exe 548 spoolsv.exe 576 LEXPPS.exe 624 ccSetMgr.exe 688 navapsvc.exe 768 SAVScan.exe 808 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 916 symlcsvc.exe 932 wanmpsvc.exe 1000 WinMgmt.exe 1036 mspmspsv.exe 1048 svchost.exe 1072 ccEvtMgr.exe 1360 msiexec.exe 1320 explorer.exe 1328 drwtsn32.exe 1404 taskmgr.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (7C0F0000 - 7C154000) (01350000 - 0135F000) (76620000 - 76631000) State Dump for Thread Id 0x538 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008e410 eip=0006f28e esp=0006f238 ebp=00000000 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00d4 add ah,dl 0006f28d c20900 ret 0x9 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? 0006f2a3 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 ec e3 08 00 - b8 c2 09 00 00 00 00 00 ................ 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 d4 c2 09 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 b8 c2 09 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - d4 c2 09 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 98 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x3a8 eax=008451b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000090 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000090 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 90 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 0103fd58 94 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 90 00 00 00 .........R...... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0103fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x554 eax=77d4aefc ebx=00086e88 ecx=00000000 edx=00000000 esi=0007dc00 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DC00 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862E8 011BFFEC 7C57B388 00086E88 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E88 00000000 00000000 00086E88 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x2e8 eax=7ce57f6f ebx=00000102 ecx=00074540 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x4e8 eax=0000000a ebx=00000000 ecx=0123ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=0123ff2c ebp=0123ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02599e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 0123FFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 0123FFEC 00000000 70C0C3D2 0006FEE0 00000000 00000000 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0123ff2c a8 a9 40 00 32 00 1b 00 - 0f 00 00 00 00 00 00 00 ..@.2........... 0123ff3c 00 00 00 00 e5 08 03 00 - 06 02 00 00 a9 01 00 00 ................ 0123ff4c b4 ff 23 01 89 a3 40 00 - 64 c4 c0 70 00 00 40 00 ..#...@.d..p..@. 0123ff5c 34 00 37 00 38 00 2d 00 - e0 fe 06 00 72 a3 40 00 4.7.8.-.....r.@. 0123ff6c 72 90 40 00 54 01 00 00 - 00 00 40 00 00 00 00 00 r.@.T.....@..... 0123ff7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0123ff8c 97 02 00 00 fc f6 42 80 - 20 60 62 ff a0 7a 62 ff ......B. `b..zb. 0123ff9c ff ff ff ff 00 00 00 00 - f0 07 43 80 00 00 00 00 ..........C..... 0123ffac 00 00 00 00 00 00 00 00 - ec ff 23 01 88 b3 57 7c ..........#...W| 0123ffbc 00 00 00 00 34 00 37 00 - 38 00 2d 00 e0 fe 06 00 ....4.7.8.-..... 0123ffcc 00 a0 fd 7f 39 00 38 00 - c0 ff 23 01 39 00 38 00 ....9.8...#.9.8. 0123ffdc ff ff ff ff 54 1f 5c 7c - 08 2b 57 7c 00 00 00 00 ....T.\|.+W|.... 0123ffec 00 00 00 00 00 00 00 00 - d2 c3 c0 70 e0 fe 06 00 ...........p.... 0123fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x2f8 eax=0130e318 ebx=00000006 ecx=0000010c edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02669c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001D4 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000004 00000004 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x52c eax=000007a5 ebx=0134f1e2 ecx=00000000 edx=00000009 esi=00000009 edi=00004c7b eip=77fa34b8 esp=0134f18c ebp=0134f20c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: RtlUnicodeStringToInteger 77fa34a2 23f7 and esi,edi 77fa34a4 d3ef shr edi,cl 77fa34a6 eb14 jmp RtlRemoteCall+0x2e (77fabfbc) 77fa34a8 8bc7 mov eax,edi 77fa34aa 33d2 xor edx,edx 77fa34ac f7750c div dword ptr [ebp+0xc] ss:026a90f2=???????? 77fa34af 8bf2 mov esi,edx 77fa34b1 8bc7 mov eax,edi 77fa34b3 33d2 xor edx,edx 77fa34b5 f7750c div dword ptr [ebp+0xc] ss:026a90f2=???????? 77fa34b8 8bf8 mov edi,eax 77fa34ba 33d2 xor edx,edx 77fa34bc 4b dec ebx 77fa34bd 4b dec ebx 77fa34be 668b047590e8fc77 ds:00000009=???? mov ax,[RtlZeroHeap+0x171a (77fce890)+esi*2] 77fa34c6 668903 mov [ebx],ax ds:0134f1e2=0039 77fa34c9 3bfa cmp edi,edx 77fa34cb 75cb jnz RtlNtStatusToDosError+0x14e (77fac298) 77fa34cd 8d75e0 lea esi,[ebp+0xe0] ss:026a90f2=???????? 77fa34d0 2bf3 sub esi,ebx 77fa34d2 d1fe sar esi,1 77fa34d4 395510 cmp [ebp+0x10],edx ss:026a90f2=???????? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F20C 77F97E77 74B49FF8 0000000A 000000E2 0134F26C ntdll!RtlUnicodeStringToInteger 0134F440 77FA4854 0134F4AC 0134F464 00000000 0134F530 ntdll!RtlConvertSidToUnicodeString 0134F4C0 7C2EEE64 0134F4D4 00000000 02000000 00AC001E ntdll!RtlFormatCurrentUserKeyPath 0134F4DC 7C2EEB01 0134F6E8 0134F530 77F886DC 013400D6 advapi32!RegSetValueExA 0134F4F8 7C2EEF6F 0134F6E8 0134F530 0134F53E 0134F7B8 advapi32!RegSetValueExA 0134F540 7C2EEEF1 0134F6E8 00000222 0134F7B8 02000000 advapi32!RegSetValueExA 0134F6FC 7C2EEEA1 00000222 0134F7B8 00000000 02000000 advapi32!RegSetValueExA 0134F790 7C2F4A83 00000222 0134F7B8 00000000 02000000 advapi32!RegSetValueExA 0134F7C4 7C2F4C36 00000222 0134FA08 00000000 02000000 advapi32!RegOpenKeyExW 0134FC40 7CE28B31 0134FC68 00000000 0009B8F8 00000000 advapi32!RegOpenKeyW 0134FE88 7116E2AC 00000000 00000001 0134FEA8 0134FEC0 ole32!CreateOleAdviseHolder 0134FEB8 7116E223 00000000 0134FED8 00000002 0009EC30 !DllGetClassObject 0134FEDC 7116E3AB 0009EC30 00097600 00097600 80004005 !DllGetClassObject 0134FEF4 7116E375 00000002 0009EC30 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 0134f18c 6c f2 34 01 64 f4 34 01 - 03 00 00 c0 04 00 00 c0 l.4.d.4......... 0134f19c 10 00 00 00 10 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f1ac f0 00 00 00 b8 53 f4 77 - cd 53 f4 77 70 05 74 00 .....S.w.S.wp.t. 0134f1bc f0 02 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................ 0134f1cc d1 01 05 2e 08 f2 34 01 - 53 86 71 71 31 00 36 00 ......4.S.qq1.6. 0134f1dc 30 00 36 00 39 00 39 00 - 34 00 34 00 38 00 38 00 0.6.9.9.4.4.8.8. 0134f1ec 00 00 30 00 00 00 00 02 - 8c f1 34 01 e2 00 00 00 ..0.......4..... 0134f1fc 80 f7 34 01 64 7e fb 77 - 10 1c f8 77 ff ff ff ff ..4.d~.w...w.... 0134f20c 40 f4 34 01 77 7e f9 77 - f8 9f b4 74 0a 00 00 00 @.4.w~.w...t.... 0134f21c e2 00 00 00 6c f2 34 01 - 00 00 00 02 d4 f4 34 01 ....l.4.......4. 0134f22c 34 00 00 c0 53 00 2d 00 - 31 00 2d 00 35 00 2d 00 4...S.-.1.-.5.-. 0134f23c 32 00 31 00 2d 00 37 00 - 39 00 30 00 35 00 32 00 2.1.-.7.9.0.5.2. 0134f24c 35 00 34 00 37 00 38 00 - 2d 00 31 00 36 00 30 00 5.4.7.8.-.1.6.0. 0134f25c 36 00 39 00 38 00 30 00 - 38 00 34 00 38 00 2d 00 6.9.8.0.8.4.8.-. 0134f26c d4 f4 34 01 34 00 00 c0 - 39 00 39 00 34 00 34 00 ..4.4...9.9.4.4. 0134f27c 38 00 38 00 2d 00 31 00 - 30 00 30 00 30 00 00 00 8.8.-.1.0.0.0... 0134f28c 30 00 00 00 00 99 ff 00 - 00 cc 00 00 00 cc 33 00 0.............3. 0134f29c 00 cc 66 00 00 cc 99 00 - 00 cc cc 00 00 cc ff 00 ..f............. 0134f2ac 00 ff 66 00 00 ff 99 00 - 00 ff cc 00 33 00 00 00 ..f.........3... 0134f2bc 33 00 33 00 33 00 66 00 - 33 00 99 00 33 00 cc 00 3.3.3.f.3...3... Application exception occurred: App: explorer.exe (pid=1336) When: 7/4/2005 @ 11:05:56.298 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 472 svchost.exe 524 LEXBCES.exe 548 spoolsv.exe 576 LEXPPS.exe 624 ccSetMgr.exe 688 navapsvc.exe 768 SAVScan.exe 808 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 916 symlcsvc.exe 932 wanmpsvc.exe 1000 WinMgmt.exe 1036 mspmspsv.exe 1048 svchost.exe 1072 ccEvtMgr.exe 1360 msiexec.exe 1328 drwtsn32.exe 1404 taskmgr.exe 1336 explorer.exe 1456 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C35000) (78000000 - 78045000) (71710000 - 71794000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70295000) (7C740000 - 7C7CC000) (77430000 - 77441000) (779B0000 - 77A4B000) (7CE20000 - 7CF21000) (690A0000 - 690AB000) (7C950000 - 7C9E0000) (77840000 - 7787E000) (770C0000 - 770E3000) (71000000 - 71149000) (71160000 - 7125D000) (76620000 - 76631000) (7C0F0000 - 7C154000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (76DF0000 - 76E01000) (01430000 - 0143F000) State Dump for Thread Id 0x528 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008e468 eip=0006f28e esp=0006f238 ebp=00000000 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 002446 add [esi+eax*2],ah ds:00000000=?? FAULT ->0006f28e 0a00 or al,[eax] ds:00000000=?? 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? 0006f2a1 0000 add [eax],al ds:00000000=?? 0006f2a3 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 44 e4 08 00 - 08 46 0a 00 00 00 00 00 ....D....F...... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 24 46 0a 00 - 60 f7 e6 7c 00 00 00 00 ....$F..`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 08 46 0a 00 - 00 00 00 00 05 40 00 80 .....F.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 24 46 0a 00 00 00 00 00 P.......$F...... 0006f2c8 01 00 00 00 80 04 08 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x2f8 eax=008451b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000090 eip=77f88f13 esp=0103fd48 ebp=0103fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:02399c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0103FD6C 008452BB 00000090 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 0103FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 0103FFEC 00000000 008451B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0103fd48 30 a0 59 7c 90 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 0103fd58 94 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 0103fd68 01 01 00 00 b4 ff 03 01 - bb 52 84 00 90 00 00 00 .........R...... 0103fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 0103fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 0103fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 0103fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0103fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x4e8 eax=77d4aefc ebx=00086e58 ecx=00000000 edx=00000000 esi=0007dc00 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02519d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 0007DC00 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 000862B8 011BFFEC 7C57B388 00086E58 rpcrt4!UuidCreate 011BFFB4 7C57B388 00086E58 00000000 00000000 00086E58 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x554 eax=7ce57f6f ebx=00000102 ecx=00074540 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02559e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x3a8 eax=0000001c ebx=00000000 ecx=0123ff08 edx=00000000 esi=00000000 edi=00000000 eip=77e3c7cd esp=0123ff2c ebp=0123ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:02599e13=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF4C 0040A389 70C0C464 00400000 00370034 002D0038 user32!WaitMessage 0123FFB4 7C57B388 00000000 00370034 002D0038 0006FEE0 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x52c eax=0009d000 ebx=00000006 ecx=0130d7b8 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02669c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001E4 00000000 shell32!Ordinal68 77FCF980 7D05EBF8 77FCF9A8 77FCF968 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 dc fd 30 01 - 00 00 00 00 00 00 00 00 ......0......... 0130fdb8 06 00 00 00 d8 01 00 00 - e0 01 00 00 e8 01 00 00 ................ 0130fdc8 ec 01 00 00 f0 01 00 00 - d4 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 dc fd 30 01 00 00 00 00 - 00 00 00 00 2c 05 00 00 ..0.........,... 0130fe08 05 00 00 00 d8 01 00 00 - e0 01 00 00 e8 01 00 00 ................ 0130fe18 ec 01 00 00 f0 01 00 00 - d4 01 00 00 c0 da 44 00 ..............D. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 d4 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - d0 07 00 00 ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..0............. 0130fe78 e8 12 f8 77 ff ff ff ff - ec ff 30 01 00 00 00 00 ...w......0..... 0130fe88 2c 05 00 00 cb cb 44 80 - 00 00 00 00 dc 01 00 00 ,.....D......... 0130fe98 2c 05 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 ,............... 0130fea8 00 00 00 00 19 27 03 00 - dd 02 00 00 79 02 00 00 .....'......y... 0130feb8 d8 01 00 00 e0 01 00 00 - e8 01 00 00 ec 01 00 00 ................ 0130fec8 f0 01 00 00 8c cb 6b ff - 46 02 00 00 14 e3 42 80 ......k.F.....B. State Dump for Thread Id 0x2e8 eax=01622e08 ebx=0135fbc0 ecx=01610248 edx=00000000 esi=77f88f08 edi=00000108 eip=77f88f13 esp=0135fba4 ebp=0135fbc8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:026b9a8b=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0135FBC8 7C57B3DB 00000108 00000000 00000000 70C0CAE2 ntdll!ZwWaitForSingleObject 0135FBEC 7CF885D6 00000108 00004000 7CF883EE 7CF87D8C kernel32!WaitForSingleObject 0135FC0C 7CF884E1 00000000 7CF87D8C 00000000 00004000 shell32!SHGetFolderPathW 0135FC38 7CF8C2A2 00000000 00004019 00000000 00000000 shell32!SHGetFolderPathW 0135FC60 7CF8A436 0008FFF0 0135FCA0 0135FEAC 7CF75D0F shell32!Ordinal68 0135FC70 7CF75D0F 0008FFF0 000A5BD0 0135FCA0 7CF74B1A shell32!Ordinal16 0135FEAC 7CF74ABB FFFFFFFF 00000020 0135FF10 00000001 shell32!Ordinal95 0135FED8 7CF74CD6 0008FFFC 000A5BD0 0135FF10 0009E6D0 shell32!Ordinal95 0135FEF8 7CF74BD8 0008DB50 000A5BD0 0135FF10 0009E6D8 shell32!Ordinal95 0135FF14 7CF75F90 0009E6D0 000A1E10 0009E9B8 0009E9BC shell32!Ordinal95 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal95 *----> Raw Stack Dump <----* 0135fba4 30 a0 59 7c 08 01 00 00 - 00 00 00 00 c0 fb 35 01 0.Y|..........5. 0135fbb4 a0 fc 35 01 00 40 00 00 - 8c 7d f8 7c 00 00 00 00 ..5..@...}.|.... 0135fbc4 00 00 00 00 ec fb 35 01 - db b3 57 7c 08 01 00 00 ......5...W|.... 0135fbd4 00 00 00 00 00 00 00 00 - e2 ca c0 70 08 01 00 00 ...........p.... 0135fbe4 00 00 00 00 01 00 00 00 - 0c fc 35 01 d6 85 f8 7c ..........5....| 0135fbf4 08 01 00 00 00 40 00 00 - ee 83 f8 7c 8c 7d f8 7c .....@.....|.}.| 0135fc04 00 40 00 00 a0 fc 35 01 - 38 fc 35 01 e1 84 f8 7c .@....5.8.5....| 0135fc14 00 00 00 00 8c 7d f8 7c - 00 00 00 00 00 40 00 00 .....}.|.....@.. 0135fc24 a0 fc 35 01 05 40 00 80 - f0 ff 08 00 f0 ff 08 00 ..5..@.......... 0135fc34 57 00 07 80 60 fc 35 01 - a2 c2 f8 7c 00 00 00 00 W...`.5....|.... 0135fc44 19 40 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .@.............. 0135fc54 05 40 00 80 d0 5b 0a 00 - f0 ff 08 00 70 fc 35 01 .@...[......p.5. 0135fc64 36 a4 f8 7c f0 ff 08 00 - a0 fc 35 01 ac fe 35 01 6..|......5...5. 0135fc74 0f 5d f7 7c f0 ff 08 00 - d0 5b 0a 00 a0 fc 35 01 .].|.....[....5. 0135fc84 1a 4b f7 7c f0 ff 08 00 - d0 5b 0a 00 a0 fc 35 01 .K.|.....[....5. 0135fc94 5c f9 08 00 00 00 00 00 - 05 40 00 80 00 00 20 00 \........@.... . 0135fca4 5a 00 36 00 30 00 30 00 - 20 00 53 00 65 00 72 00 Z.6.0.0. .S.e.r. 0135fcb4 69 00 65 00 73 00 20 00 - 53 00 6f 00 6c 00 75 00 i.e.s. .S.o.l.u. 0135fcc4 74 00 69 00 6f 00 6e 00 - 20 00 43 00 65 00 6e 00 t.i.o.n. .C.e.n. 0135fcd4 74 00 65 00 72 00 2e 00 - 6c 00 6e 00 6b 00 00 00 t.e.r...l.n.k... State Dump for Thread Id 0x5a4 eax=00000044 ebx=c0000034 ecx=00000008 edx=00000000 esi=00000000 edi=02000000 eip=77f88203 esp=0139f44c ebp=0139f4c0 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwClose 77f881f8 b818000000 mov eax,0x18 77f881fd 8d542404 lea edx,[esp+0x4] ss:026f9333=???????? 77f88201 cd2e int 2e 77f88203 c20400 ret 0x4 77f88206 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0139F4C0 7C2EEE64 0139F4D4 02000000 77F886DC 00000001 ntdll!ZwClose 0139F4DC 7C2EEB01 0139F6E8 0139F530 77F886DC 01390082 advapi32!RegSetValueExA 0139F4F8 7C2EEF6F 0139F6E8 0139F530 0139F53E 0139F7B8 advapi32!RegSetValueExA 0139F540 7C2EEEF1 0139F6E8 00000242 0139F7B8 02000000 advapi32!RegSetValueExA 0139F6FC 7C2EEEA1 00000242 0139F7B8 00000000 02000000 advapi32!RegSetValueExA 0139F790 7C2F4A83 00000242 0139F7B8 00000000 02000000 advapi32!RegSetValueExA 0139F7C4 7C2F4C36 00000242 0139FA08 00000000 02000000 advapi32!RegOpenKeyExW 0139FC40 7CE28B31 0139FC68 00000001 000A1848 00000000 advapi32!RegOpenKeyW 0139FE88 7116E2AC 00000000 00000001 0139FEA8 0139FEC0 ole32!CreateOleAdviseHolder 0139FEB8 7116E223 00000000 0139FED8 00000002 000909D0 !DllGetClassObject 0139FEDC 7116E3AB 000909D0 000A2C20 000A2C20 80004005 !DllGetClassObject 0139FEF4 7116E375 00000002 000909D0 00000000 00000000 !DllGetClassObject 00000000 00000000 00000000 00000000 00000000 00000000 !DllGetClassObject *----> Raw Stack Dump <----* 0139f44c dc 47 fa 77 14 03 00 00 - 30 f5 39 01 34 00 00 c0 .G.w....0.9.4... 0139f45c 64 f4 39 01 00 00 00 00 - 01 05 00 00 00 00 00 05 d.9............. 0139f46c 15 00 00 00 26 76 1e 2f - f0 94 c8 5f f8 9f b4 74 ....&v./..._...t 0139f47c e8 03 00 00 01 03 00 00 - 01 66 99 00 30 f5 39 01 .........f..0.9. 0139f48c 10 00 00 00 bc f4 39 01 - ca de f9 77 10 8b 0a 00 ......9....w.... 0139f49c 74 e7 2e 7c 00 00 07 00 - 00 00 00 02 30 f5 39 01 t..|........0.9. 0139f4ac 34 00 00 c0 30 f5 39 01 - 24 00 00 00 2a 00 00 00 4...0.9.$...*... 0139f4bc 14 03 00 00 dc f4 39 01 - 64 ee 2e 7c d4 f4 39 01 ......9.d..|..9. 0139f4cc 00 00 00 02 dc 86 f8 77 - 01 00 00 00 dc 86 f8 77 .......w.......w 0139f4dc f8 f4 39 01 01 eb 2e 7c - e8 f6 39 01 30 f5 39 01 ..9....|..9.0.9. 0139f4ec dc 86 f8 77 82 00 39 01 - ac f5 39 01 40 f5 39 01 ...w..9...9.@.9. 0139f4fc 6f ef 2e 7c e8 f6 39 01 - 30 f5 39 01 3e f5 39 01 o..|..9.0.9.>.9. 0139f50c b8 f7 39 01 00 00 00 00 - 42 02 00 00 5c 00 00 00 ..9.....B...\... 0139f51c c6 00 00 00 64 f5 39 01 - 89 ed 2e 7c 40 f5 39 01 ....d.9....|@.9. 0139f52c 22 00 00 00 e8 f6 46 01 - 98 5b 08 00 98 5b 08 00 ".....F..[...[.. 0139f53c 42 02 00 00 fc f6 39 01 - f1 ee 2e 7c e8 f6 39 01 B.....9....|..9. 0139f54c 42 02 00 00 b8 f7 39 01 - 00 00 00 02 03 00 00 00 B.....9......... 0139f55c 34 fc 39 01 00 00 00 00 - c6 00 00 00 5c 00 52 00 4.9.........\.R. 0139f56c 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0139f57c 4d 00 41 00 43 00 48 00 - 49 00 4e 00 45 00 5c 00 M.A.C.H.I.N.E.\. State Dump for Thread Id 0x5a8 eax=000a9000 ebx=00000002 ecx=0142fce4 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=0142fe5c ebp=0142fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02789d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0142FEA8 77E4169F 0142FE80 00000001 00000000 0142FEA0 ntdll!NtWaitForMultipleObjects 0142FF04 77E41706 0142FED0 70C2BB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 0142FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects 0142FF74 70C1AB1B 0142FFA0 0142FFA4 0142FFA8 0142FF9C !Ordinal265 0142FFAC 70C1ACDF 00000000 7C57B388 00000000 00000000 !Ordinal293 0142FFEC 00000000 70C1ACAF 00000000 00000000 00505A4D !Ordinal293 *----> Raw Stack Dump <----* 0142fe5c fb a1 59 7c 02 00 00 00 - 80 fe 42 01 01 00 00 00 ..Y|......B..... 0142fe6c 00 00 00 00 a0 fe 42 01 - 00 00 00 00 00 00 00 00 ......B......... 0142fe7c 02 00 00 00 0c 02 00 00 - 64 02 00 00 00 00 00 00 ........d....... 0142fe8c 10 6c fd 7f 4f 94 59 7c - 20 28 07 00 00 00 07 00 .l..O.Y| (...... 0142fe9c 7a 26 e4 77 00 ba 3c dc - ff ff ff ff 04 ff 42 01 z&.w..<.......B. 0142feac 9f 16 e4 77 80 fe 42 01 - 01 00 00 00 00 00 00 00 ...w..B......... 0142febc a0 fe 42 01 00 00 00 00 - 60 ea 00 00 18 bb c2 70 ..B.....`......p 0142fecc 00 00 00 00 0c 02 00 00 - 64 02 00 00 ff ff ff ff ........d....... 0142fedc 6c ff 42 01 b7 07 59 7c - 00 00 07 00 00 00 00 00 l.B...Y|........ 0142feec e8 48 0a 00 00 00 00 00 - 00 00 00 00 cc 66 fd 7f .H...........f.. 0142fefc 00 00 00 00 64 02 00 00 - 20 ff 42 01 06 17 e4 77 ....d... .B....w 0142ff0c d0 fe 42 01 38 bb c2 70 - 60 ea 00 00 41 00 00 00 ..B.8..p`...A... 0142ff1c 00 00 00 00 74 ff 42 01 - 93 a7 c1 70 01 00 00 00 ....t.B....p.... 0142ff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00 00 8..p....`...A... 0142ff3c 00 00 00 00 18 bb c2 70 - 00 00 00 00 16 00 18 00 .......p........ 0142ff4c 00 6c fd 7f 00 00 00 00 - f0 fe 42 01 00 6c fd 7f .l........B..l.. 0142ff5c dc ff 42 01 54 1f 5c 7c - 67 29 03 00 18 bb c2 70 ..B.T.\|g).....p 0142ff6c 60 ea 00 00 01 00 00 00 - ac ff 42 01 1b ab c1 70 `.........B....p 0142ff7c a0 ff 42 01 a4 ff 42 01 - a8 ff 42 01 9c ff 42 01 ..B...B...B...B. 0142ff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00 00 `..........p.... Application exception occurred: App: explorer.exe (pid=1336) When: 7/4/2005 @ 11:13:09.385 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1336 explorer.exe 1388 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (715C0000 - 715E7000) (77820000 - 77827000) (759B0000 - 759B6000) (71890000 - 718F2000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (70290000 - 70302000) (69BF0000 - 69C0D000) (77800000 - 7781E000) (76620000 - 76631000) (77950000 - 7797B000) (75150000 - 75160000) (77BF0000 - 77C01000) (77980000 - 779A4000) (7CDC0000 - 7CE13000) (751C0000 - 751C6000) (7C340000 - 7C34F000) (745E0000 - 748A6000) (75500000 - 75504000) (66650000 - 666A4000) (70420000 - 704A8000) (70FE0000 - 710FB000) (71110000 - 711D9000) (7C0F0000 - 7C154000) (76DF0000 - 76E01000) (02730000 - 0273F000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) State Dump for Thread Id 0x540 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=000c73c0 eip=0006f295 esp=0006f219 ebp=00000000 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 0044d70c add [edi+edx*8+0xc],al ds:00f69ee7=?? 0006f28f 0060f7 add [eax+0xf7],ah ds:00f69ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? 0006f2a6 0000 add [eax],al ds:00000000=?? 0006f2a8 c4f2 les esi,edx 0006f2aa 06 push es *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f219 c0 73 0c 00 60 f7 e6 7c - 00 00 00 00 39 f2 06 00 .s..`..|....9... 0006f229 c4 f2 06 00 00 00 00 00 - 24 26 f1 7c 00 00 00 00 ........$&.|.... 0006f239 f7 e6 7c c4 f2 06 00 01 - 00 00 00 e3 b5 e6 7c 54 ..|...........|T 0006f249 f2 06 00 60 f7 e6 7c c4 - f2 06 00 10 0f e7 7c 01 ...`..|.......|. 0006f259 00 00 00 9c 73 0c 00 28 - d7 0c 00 00 00 00 00 54 ....s..(.......T 0006f269 f2 06 00 dc f2 06 00 eb - c6 e6 7c 8c f2 06 00 07 ..........|..... 0006f279 d7 e6 7c 8c f2 06 00 10 - f8 06 00 10 f8 06 00 10 ..|............. 0006f289 f8 06 00 44 d7 0c 00 60 - f7 e6 7c 00 00 00 00 00 ...D...`..|..... 0006f299 00 00 00 01 00 00 00 00 - 00 00 00 00 00 00 00 c4 ................ 0006f2a9 f2 06 00 28 d7 0c 00 00 - 00 00 00 05 40 00 80 50 ...(........@..P 0006f2b9 fc 06 00 00 00 00 00 44 - d7 0c 00 00 00 00 00 01 .......D........ 0006f2c9 00 00 00 78 e6 08 00 00 - 00 00 00 00 00 00 00 60 ...x...........` 0006f2d9 f6 06 00 f8 f2 06 00 5c - d4 e6 7c 54 24 f1 7c 00 .......\..|T$.|. 0006f2e9 00 00 00 10 f8 06 00 d0 - fd 06 00 58 24 f1 7c 1c ...........X$.|. 0006f2f9 f3 06 00 7b d8 e6 7c 10 - f8 06 00 00 00 00 00 d0 ...{..|......... 0006f309 fd 06 00 5c 24 f1 7c 00 - 00 00 00 00 00 00 00 01 ...\$.|......... 0006f319 00 00 00 3c f3 06 00 24 - d8 e6 7c 58 24 f1 7c 00 ...<...$..|X$.|. 0006f329 00 00 00 10 f8 06 00 d0 - fd 06 00 05 40 00 80 58 ............@..X 0006f339 24 f1 7c 5c f3 06 00 a0 - d5 e6 7c 5c 24 f1 7c 01 $.|\......|\$.|. 0006f349 00 00 00 00 00 00 00 60 - f6 06 00 10 f8 06 00 d0 .......`........ State Dump for Thread Id 0x534 eax=00000000 ebx=00000000 ecx=00000101 edx=00000000 esi=77f88f08 edi=00000074 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000074 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 74 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|t........... 00c2fd58 78 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 x............... 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 74 00 00 00 .........R..t... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 45 78 70 ....C:\WINNT\Exp 00c2fd98 6c 6f 72 65 72 2e 45 58 - 45 00 00 00 00 00 00 00 lorer.EXE....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x2f4 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=63fc5db7 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x524 eax=7ce57f6f ebx=00000102 ecx=00000000 edx=00000000 esi=77f88398 edi=0200ff74 eip=77f883a3 esp=0200ff60 ebp=0200ff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02f79e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0200FF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep *----> Raw Stack Dump <----* 0200ff60 8f a2 59 7c 00 00 00 00 - 74 ff 00 02 bf 9f 59 7c ..Y|....t.....Y| 0200ff70 80 ef 09 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 ......<.....0u.. 0200ff80 5a a2 59 7c 60 ea 00 00 - 00 00 00 00 45 5d e7 7c Z.Y|`.......E].| 0200ff90 60 ea 00 00 2c 7f e5 7c - 00 00 00 00 00 00 e2 7c `...,..|.......| 0200ffa0 80 ef 09 00 ec ff 00 02 - 80 ef 09 00 8b 7f e5 7c ...............| 0200ffb0 26 37 e5 7c 89 b4 e6 7c - 88 b3 57 7c 80 ef 09 00 &7.|...|..W|.... 0200ffc0 26 37 e5 7c 89 b4 e6 7c - 80 ef 09 00 00 b0 fd 7f &7.|...|........ 0200ffd0 00 00 00 00 c0 ff 00 02 - 00 00 00 00 ff ff ff ff ................ 0200ffe0 54 1f 5c 7c 08 2b 57 7c - 00 00 00 00 00 00 00 00 T.\|.+W|........ 0200fff0 00 00 00 00 6f 7f e5 7c - 80 ef 09 00 00 00 00 00 ....o..|........ 02010000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ.............. 02010010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 ........@....... 02010020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 02010030 00 00 00 00 00 00 00 00 - 00 00 00 00 b8 00 00 00 ................ 02010040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!Th 02010050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program canno 02010060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53 20 t be run in DOS 02010070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00 00 mode....$....... 02010080 89 25 35 db cd 44 5b 88 - cd 44 5b 88 cd 44 5b 88 .%5..D[..D[..D[. 02010090 9b 4c 5d 88 cc 44 5b 88 - 52 69 63 68 cd 44 5b 88 .L]..D[.Rich.D[. State Dump for Thread Id 0x52c eax=0000001c ebx=0006fee4 ecx=0265ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0265ff5c ebp=0265ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:035c9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0265FF7C 0040A389 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0265FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0265FFEC 00000000 70BECEFF 0006FEE4 00000000 00000000 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0265ff5c a8 a9 40 00 76 00 02 00 - 0f 00 00 00 00 00 00 00 ..@.v........... 0265ff6c 00 00 00 00 d5 b4 02 00 - 44 02 00 00 67 01 00 00 ........D...g... 0265ff7c b4 ff 65 02 89 a3 40 00 - 39 cf be 70 00 00 40 00 ..e...@.9..p..@. 0265ff8c 31 00 36 00 30 00 36 00 - 72 a3 40 00 72 90 40 00 1.6.0.6.r.@.r.@. 0265ff9c c4 01 00 00 00 00 40 00 - 00 00 00 00 00 00 00 00 ......@......... 0265ffac 00 00 00 00 00 00 00 00 - ec ff 65 02 88 b3 57 7c ..........e...W| 0265ffbc e4 fe 06 00 31 00 36 00 - 30 00 36 00 e4 fe 06 00 ....1.6.0.6..... 0265ffcc 00 a0 fd 7f 34 00 38 00 - c0 ff 65 02 34 00 38 00 ....4.8...e.4.8. 0265ffdc ff ff ff ff 54 1f 5c 7c - 08 2b 57 7c 00 00 00 00 ....T.\|.+W|.... 0265ffec 00 00 00 00 00 00 00 00 - ff ce be 70 e4 fe 06 00 ...........p.... 0265fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0266008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x520 eax=00000062 ebx=00000006 ecx=00000040 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=026afd98 ebp=026afde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:03619c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 026AFDE4 77E4169F 026AFDBC 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects 026AFE40 77E41706 026AFE0C 026AFEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx 026AFE5C 7CF8BD66 00000005 026AFEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 00000248 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x43c eax=000bc0d0 ebx=00000080 ecx=00000000 edx=00000000 esi=77fcb6ca edi=00000000 eip=77f88283 esp=026ef048 ebp=026ef0e0 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: NtCreateFile 77f88278 b820000000 mov eax,0x20 77f8827d 8d542404 lea edx,[esp+0x4] ss:03658f2f=???????? 77f88281 cd2e int 2e 77f88283 c22c00 ret 0x2c 77f88286 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 026EF0E0 77E30A0E 00000000 80000100 00000003 00000000 ntdll!NtCreateFile 026EF540 7CF732DB 026EF828 00000000 00100020 00100020 user32!PrivateExtractIconsW 026EF568 7CF73349 026EF828 00000000 00100020 00100020 shell32!Ordinal702 026EF5A0 7CF737B0 026EF828 00000000 0000000A 026EFA34 shell32!Ordinal6 026EF5CC 7CF743ED 000F3708 026EF828 00000000 026EFA34 shell32!Ordinal239 026EF6F8 7CF736BA 0009C7D0 026EF828 06DF2B43 026EFA34 shell32!Ordinal654 026EFA40 7CF7CBC0 06DF2B43 00000000 00083478 00083460 shell32!Ordinal239 026EFA68 7CF73B54 000B5F34 0009C7D0 00083478 00000000 shell32!Ordinal72 026EFEB4 7CF7175A 000B5F38 11021000 00000000 00083460 shell32!Ordinal239 026EFED0 7CF71268 000B5F38 00083478 00000000 00083460 shell32!Ordinal256 026EFEF4 7CF738CD 00096F08 0008E490 00083478 00000000 shell32!Ordinal256 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal239 *----> Raw Stack Dump <----* 026ef048 6c c5 58 7c e8 f0 6e 02 - 80 01 10 80 84 f0 6e 02 l.X|..n.......n. 026ef058 bc f0 6e 02 00 00 00 00 - 80 00 00 00 03 00 00 00 ..n............. 026ef068 01 00 00 00 60 08 00 00 - 00 00 00 00 00 00 00 00 ....`........... 026ef078 80 00 00 10 29 c2 58 7c - 00 00 00 00 18 00 00 00 ....).X|........ 026ef088 00 00 00 00 c4 f0 6e 02 - 40 00 00 00 00 00 00 00 ......n.@....... 026ef098 a8 f0 6e 02 00 00 00 00 - 00 00 00 00 00 00 00 00 ..n............. 026ef0a8 0c 00 00 00 02 00 00 00 - 01 01 00 00 08 02 00 00 ................ 026ef0b8 18 f3 6e 02 00 00 00 00 - 98 f5 6e 02 50 00 1a 02 ..n.......n.P... 026ef0c8 d8 21 07 00 7f ff ff ef - 00 00 00 00 d8 21 07 00 .!...........!.. 026ef0d8 01 00 00 00 04 01 00 00 - 40 f5 6e 02 0e 0a e3 77 ........@.n....w 026ef0e8 00 00 00 00 00 01 00 80 - 03 00 00 00 00 00 00 00 ................ 026ef0f8 03 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 026ef108 d0 c7 09 00 00 00 00 00 - 43 00 3a 00 5c 00 50 00 ........C.:.\.P. 026ef118 72 00 6f 00 67 00 72 00 - 61 00 6d 00 20 00 46 00 r.o.g.r.a.m. .F. 026ef128 69 00 6c 00 65 00 73 00 - 5c 00 57 00 69 00 6e 00 i.l.e.s.\.W.i.n. 026ef138 5a 00 69 00 70 00 5c 00 - 57 00 49 00 4e 00 5a 00 Z.i.p.\.W.I.N.Z. 026ef148 49 00 50 00 33 00 32 00 - 2e 00 45 00 58 00 45 00 I.P.3.2...E.X.E. 026ef158 00 00 00 00 00 00 00 00 - 00 00 00 00 24 00 02 00 ............$... 026ef168 00 00 00 00 00 00 00 00 - 00 00 00 00 28 f8 6e 02 ............(.n. 026ef178 48 00 4a 00 75 67 f8 77 - 60 fc fc 77 37 6f f8 77 H.J.ug.w`..w7o.w State Dump for Thread Id 0x514 eax=00000000 ebx=00000000 ecx=00010101 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0272f504 ebp=0272f548 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:036993eb=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0272F548 7C2EEEF1 0272F6F0 00000062 0272F7C0 02000000 ntdll!NtOpenKey 0272F704 7C2EEEA1 00000062 0272F7C0 00000000 02000000 advapi32!RegSetValueExA 0272F798 7C2F4A83 00000062 0272F7C0 00000000 02000000 advapi32!RegSetValueExA 0272F7CC 7C2F4C36 80000000 0272FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0272FC44 7CE28B31 0272FC6C 00000001 0009AA40 00000000 advapi32!RegOpenKeyW 0272FE8C 71125CA4 00000000 00000001 0272FEAC 0272FEC4 ole32!CreateOleAdviseHolder 0272FEBC 71125C18 00000000 0272FEDC 00000002 000CD540 BROWSEUI!Ordinal131 0272FEE0 71125BA7 000CD540 0009E778 0009E778 80004005 BROWSEUI!Ordinal131 0272FEF8 71125B6C 00000002 000CD540 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0272f504 f9 ef 2e 7c 34 fc 72 02 - 00 00 00 02 20 f5 72 02 ...|4.r..... .r. 0272f514 c0 f7 72 02 00 00 00 00 - 62 00 00 00 18 00 00 00 ..r.....b....... 0272f524 00 00 00 00 38 f5 72 02 - 40 00 00 00 00 00 00 00 ....8.r.@....... 0272f534 00 00 00 00 9e 00 62 01 - 88 e9 09 00 88 e9 09 00 ......b......... 0272f544 62 00 44 00 04 f7 72 02 - f1 ee 2e 7c f0 f6 72 02 b.D...r....|..r. 0272f554 62 00 00 00 c0 f7 72 02 - 00 00 00 02 03 00 00 00 b.....r......... 0272f564 34 fc 72 02 00 00 00 00 - e2 00 00 00 5c 00 52 00 4.r.........\.R. 0272f574 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0272f584 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 0272f594 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 0272f5a4 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 0272f5b4 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 0272f5c4 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 0272f5d4 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 0272f5e4 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 0272f5f4 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 0272f604 5c 00 7b 00 46 00 31 00 - 45 00 37 00 35 00 32 00 \.{.F.1.E.7.5.2. 0272f614 43 00 33 00 2d 00 46 00 - 44 00 37 00 32 00 2d 00 C.3.-.F.D.7.2.-. 0272f624 31 00 31 00 44 00 30 00 - 2d 00 41 00 45 00 46 00 1.1.D.0.-.A.E.F. 0272f634 36 00 2d 00 30 00 30 00 - 43 00 30 00 34 00 46 00 6.-.0.0.C.0.4.F. Application exception occurred: App: explorer.exe (pid=1300) When: 7/4/2005 @ 11:13:39.378 Exception number: 80000003 (hardcoded breakpoint) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1388 drwtsn32.exe 1084 taskmgr.exe 1300 explorer.exe 312 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (76DF0000 - 76E01000) (01420000 - 0142F000) State Dump for Thread Id 0x534 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a8c0 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00cc add ah,cl 0006f28d 020a add cl,[edx] ds:00000000=?? 0006f28f 0060f7 add [eax+0xf7],ah ds:00f69ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 9c a8 08 00 - b0 02 0a 00 00 00 00 00 ................ 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 cc 02 0a 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 b0 02 0a 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - cc 02 0a 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x524 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000094 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000094 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 94 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 98 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 94 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x568 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x530 eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x4f8 eax=004553d0 ebx=0006fee4 ecx=00230fd8 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 0040A389 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x4f4 eax=0130e36c ebx=00000006 ecx=0009bbf8 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001B8 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 dc fd 30 01 - 00 00 00 00 00 00 00 00 ......0......... 0130fdb8 06 00 00 00 dc 01 00 00 - e4 01 00 00 ec 01 00 00 ................ 0130fdc8 f0 01 00 00 b4 01 00 00 - e8 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 dc fd 30 01 00 00 00 00 - 00 00 00 00 f4 04 00 00 ..0............. 0130fe08 05 00 00 00 dc 01 00 00 - e4 01 00 00 ec 01 00 00 ................ 0130fe18 f0 01 00 00 b4 01 00 00 - e8 01 00 00 f0 8a 44 00 ..............D. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 e8 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - d0 07 00 00 ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..0............. 0130fe78 40 01 01 00 00 00 00 00 - ec ff 30 01 00 00 00 00 @.........0..... 0130fe88 f4 04 00 00 cb cb 44 80 - 00 00 00 00 e0 01 00 00 ......D......... 0130fe98 f4 04 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 ................ 0130fea8 00 00 00 00 7d 27 03 00 - b3 02 00 00 34 02 00 00 ....}'......4... 0130feb8 dc 01 00 00 e4 01 00 00 - ec 01 00 00 f0 01 00 00 ................ 0130fec8 b4 01 00 00 00 00 fb 00 - 0c 00 30 c0 fc 9b 16 bd ..........0..... State Dump for Thread Id 0x174 eax=00000001 ebx=00000000 ecx=00000000 edx=00000000 esi=77fcb6ca edi=00000000 eip=77f88283 esp=0135ea08 ebp=0135eaa0 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: NtCreateFile 77f88278 b820000000 mov eax,0x20 77f8827d 8d542404 lea edx,[esp+0x4] ss:022c88ef=???????? 77f88281 cd2e int 2e 77f88283 c22c00 ret 0x2c 77f88286 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0135EAA0 70BF4420 00000000 80000000 00000003 00000000 ntdll!NtCreateFile 0135ECD8 70C0E487 0135EF5C 80000000 00000003 00000000 SHLWAPI!SHDeleteKeyA 0135ED08 7CF7DF85 0135EF5C 00000000 0135EF30 7CF7C178 SHLWAPI!SHCreateStreamOnFileW 0135EF34 7CF7DF46 0135EF5C 7CF7DEFF 0008A30C 0135EF5C shell32!Ordinal72 0135F3C8 7CF7E279 0008C548 00095570 0008A30C 7CF75948 shell32!Ordinal72 0135FA08 7CF7DDCE 00000000 00095570 7CF79A10 0135FA74 shell32!Ordinal72 0135FA38 7CF7CBA8 0008C54C 00000000 00000001 0135FA78 shell32!Ordinal72 0135FA68 7CF73B54 0008C54C 00000000 00095570 00000000 shell32!Ordinal72 0135FEB4 7CF7175A 0008C550 11021000 00000000 00094BD0 shell32!Ordinal239 0135FED0 7CF71268 0008C550 00095570 00000000 00094BD0 shell32!Ordinal256 0135FEF4 7CF738CD 00089FA0 0008BD30 00095570 00000000 shell32!Ordinal256 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal239 *----> Raw Stack Dump <----* 0135ea08 6c c5 58 7c a8 ea 35 01 - 80 00 10 80 44 ea 35 01 l.X|..5.....D.5. 0135ea18 7c ea 35 01 00 00 00 00 - 00 00 00 00 03 00 00 00 |.5............. 0135ea28 01 00 00 00 60 00 00 00 - 00 00 00 00 00 00 00 00 ....`........... 0135ea38 00 00 00 00 00 a3 08 00 - 00 00 00 00 18 00 00 00 ................ 0135ea48 00 00 00 00 84 ea 35 01 - 40 00 00 00 00 00 00 00 ......5.@....... 0135ea58 68 ea 35 01 00 00 00 00 - 00 00 00 00 00 00 00 00 h.5............. 0135ea68 0c 00 00 00 02 00 00 00 - 01 01 fc 77 30 00 30 00 ...........w0.0. 0135ea78 32 00 31 00 34 00 30 00 - 31 00 2d 00 8e 00 1a 02 2.1.4.0.1.-..... 0135ea88 d8 21 07 00 ff ff ff ff - 00 00 00 00 d8 21 07 00 .!...........!.. 0135ea98 01 00 00 00 30 00 30 00 - d8 ec 35 01 20 44 bf 70 ....0.0...5. D.p 0135eaa8 00 00 00 00 00 00 00 80 - 03 00 00 00 00 00 00 00 ................ 0135eab8 03 00 00 00 00 00 00 00 - 00 00 00 00 72 00 6f 00 ............r.o. 0135eac8 90 54 09 00 28 00 00 00 - 76 00 65 00 00 80 fd 7f .T..(...v.e..... 0135ead8 00 80 fd 7f 70 bd 07 00 - 50 00 00 00 50 16 f8 77 ....p...P...P..w 0135eae8 dc ff 35 01 dc ff 35 01 - 3c eb 35 01 64 7e fb 77 ..5...5.<.5.d~.w 0135eaf8 50 16 f8 77 ff ff ff ff - 00 00 00 00 bc 99 59 7c P..w..........Y| 0135eb08 48 eb 35 01 03 00 1f 00 - 4c eb 35 01 ef 99 59 7c H.5.....L.5...Y| 0135eb18 00 00 00 00 00 00 00 00 - a8 44 09 00 a8 44 09 00 .........D...D.. 0135eb28 08 00 00 00 ff ff ff ff - 44 eb 35 01 14 eb 35 01 ........D.5...5. 0135eb38 dc ff 35 01 dc ff 35 01 - 54 1f 5c 7c 10 24 57 7c ..5...5.T.\|.$W| State Dump for Thread Id 0x578 eax=7ffd2004 ebx=00000000 ecx=00000054 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=013ef504 ebp=013ef548 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:023593eb=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 013EF548 7C2EEEF1 013EF6F0 00000062 013EF7C0 02000000 ntdll!NtOpenKey 013EF704 7C2EEEA1 00000062 013EF7C0 00000000 02000000 advapi32!RegSetValueExA 013EF798 7C2F4A83 00000062 013EF7C0 00000000 02000000 advapi32!RegSetValueExA 013EF7CC 7C2F4C36 80000000 013EFA0C 00000000 02000000 advapi32!RegOpenKeyExW 013EFC44 7CE28B31 013EFC6C 00000001 0009CCE8 00000000 advapi32!RegOpenKeyW 013EFE8C 71125CA4 00000000 00000001 013EFEAC 013EFEC4 ole32!CreateOleAdviseHolder 013EFEBC 71125C18 00000000 013EFEDC 00000002 0009F920 BROWSEUI!Ordinal131 013EFEE0 71125BA7 0009F920 00092B70 00092B70 80004005 BROWSEUI!Ordinal131 013EFEF8 71125B6C 00000002 0009F920 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 013ef504 f9 ef 2e 7c 34 fc 3e 01 - 00 00 00 02 20 f5 3e 01 ...|4.>..... .>. 013ef514 c0 f7 3e 01 00 00 00 00 - 62 00 00 00 18 00 00 00 ..>.....b....... 013ef524 00 00 00 00 38 f5 3e 01 - 40 00 00 00 00 00 00 00 ....8.>.@....... 013ef534 00 00 00 00 9e 00 62 01 - 90 c0 08 00 90 c0 08 00 ......b......... 013ef544 62 00 44 00 04 f7 3e 01 - f1 ee 2e 7c f0 f6 3e 01 b.D...>....|..>. 013ef554 62 00 00 00 c0 f7 3e 01 - 00 00 00 02 03 00 00 00 b.....>......... 013ef564 34 fc 3e 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 4.>.........\.R. 013ef574 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 013ef584 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 013ef594 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 013ef5a4 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 013ef5b4 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 013ef5c4 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 013ef5d4 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 013ef5e4 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 013ef5f4 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 013ef604 5c 00 7b 00 33 00 38 00 - 38 00 45 00 44 00 39 00 \.{.3.8.8.E.D.9. 013ef614 31 00 37 00 2d 00 37 00 - 46 00 44 00 32 00 2d 00 1.7.-.7.F.D.2.-. 013ef624 31 00 31 00 44 00 30 00 - 2d 00 41 00 36 00 30 00 1.1.D.0.-.A.6.0. 013ef634 42 00 2d 00 30 00 30 00 - 41 00 30 00 43 00 39 00 B.-.0.0.A.0.C.9. Application exception occurred: App: explorer.exe (pid=756) When: 7/4/2005 @ 11:15:59.951 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1412 iexplore.exe 1380 taskmgr.exe 756 explorer.exe 1440 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x52c eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00dc add ah,bl 0006f28d 8e09 mov cs,[ecx] ds:7cf12624=0000 0006f28f 0060f7 add [eax+0xf7],ah ds:00f69ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 34 a8 08 00 - c0 8e 09 00 00 00 00 00 ....4........... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 dc 8e 09 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 c0 8e 09 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - dc 8e 09 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 10 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x4f8 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000084 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000084 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 84 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 88 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 84 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x568 eax=77d4aefc ebx=000832e0 ecx=00000000 edx=00000000 esi=00079ce0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CE0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082740 011BFFEC 7C57B388 000832E0 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832E0 00000000 00000000 000832E0 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x524 eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x530 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 0040A389 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x598 eax=0009c000 ebx=00000006 ecx=0130d818 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001D8 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x594 eax=000795e8 ebx=7c2f4c09 ecx=000795f7 edx=7ce53a93 esi=00001000 edi=00000001 eip=7c597e00 esp=0134f79c ebp=0134f7cc iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: IsBadReadPtr 7c597de7 85c9 test ecx,ecx 7c597de9 7435 jz RegisterWowExec+0x7f6 (7c5a0920) 7c597deb 8b4508 mov eax,[ebp+0x8] ss:022b96b2=???????? 7c597dee 85c0 test eax,eax 7c597df0 744c jz RegisterWowExec+0xa14 (7c5a0b3e) 7c597df2 8d4c01ff lea ecx,[ecx+eax+0xff] ds:00fe34cf=???????? 7c597df6 3bc8 cmp ecx,eax 7c597df8 7244 jb RegisterWowExec+0x14 (7c5a013e) 7c597dfa 8365fc00 and dword ptr [ebp+0xfc],0x0 ss:022b96b2=???????? 7c597dfe 8a10 mov dl,[eax] ds:000795e8=93 7c597e00 8d56ff lea edx,[esi+0xff] ds:00f6aee6=???????? 7c597e03 f7d2 not edx 7c597e05 23c2 and eax,edx 7c597e07 8945e0 mov [ebp+0xe0],eax ss:022b96b2=???????? 7c597e0a 23ca and ecx,edx 7c597e0c 894de4 mov [ebp+0xe4],ecx ss:022b96b2=???????? 7c597e0f 3bc1 cmp eax,ecx 7c597e11 7409 jz GetProcessTimes+0x5a (7c59811c) 7c597e13 03c6 add eax,esi 7c597e15 8945e0 mov [ebp+0xe0],eax ss:022b96b2=???????? 7c597e18 8a10 mov dl,[eax] ds:000795e8=93 7c597e1a ebf3 jmp RegisterWowExec+0xe5 (7c5a020f) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F7CC 7CE6B4BB 000795E8 00000010 7CE53A80 0134FC44 kernel32!IsBadReadPtr 0134F7E0 7CE28978 000795E8 0134F800 00000105 00000000 ole32!StringFromGUID2 0134FC44 7CE28B31 0134FC6C 00000000 000795E8 00000000 ole32!CreateOleAdviseHolder 0134FE8C 71125CA4 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 00098390 BROWSEUI!Ordinal131 0134FEE0 71125BA7 00098390 000920D8 000920D8 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 00098390 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f79c 01 00 00 00 00 00 00 00 - 09 4c 2f 7c 00 00 00 00 .........L/|.... 0134f7ac 00 00 00 02 34 fc 34 01 - 9c f7 34 01 80 3a e5 7c ....4.4...4..:.| 0134f7bc dc ff 34 01 54 1f 5c 7c - f0 29 57 7c 00 00 00 00 ..4.T.\|.)W|.... 0134f7cc e0 f7 34 01 bb b4 e6 7c - e8 95 07 00 10 00 00 00 ..4....|........ 0134f7dc 80 3a e5 7c 44 fc 34 01 - 78 89 e2 7c e8 95 07 00 .:.|D.4.x..|.... 0134f7ec 00 f8 34 01 05 01 00 00 - 00 00 00 00 01 00 00 00 ..4............. 0134f7fc 98 6e 09 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .n.............. 0134f80c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f81c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f82c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f83c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f84c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f85c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f86c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f87c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f88c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f89c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f8ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f8bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f8cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Application exception occurred: App: explorer.exe (pid=1428) When: 7/4/2005 @ 11:16:05.038 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1412 iexplore.exe 1380 taskmgr.exe 1428 explorer.exe 1448 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x2f4 eax=7ce6f760 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=00000000 edi=0008a858 eip=0006f28e esp=0006f234 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:7ce6f760=01 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:7ce6f760=01 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:7ce6f760=01 0006f289 f8 clc 0006f28a 06 push es 0006f28b 009c96090060f7 add [esi+edx*4+0xf7600009],bl ds:f7600009=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:7ce6f760=01 0006f296 0000 add [eax],al ds:7ce6f760=01 0006f298 0000 add [eax],al ds:7ce6f760=01 0006f29a 0000 add [eax],al ds:7ce6f760=01 0006f29c 0100 add [eax],eax ds:7ce6f760=00000001 0006f29e 0000 add [eax],al ds:7ce6f760=01 0006f2a0 0000 add [eax],al ds:7ce6f760=01 0006f2a2 0000 add [eax],al ds:7ce6f760=01 0006f2a4 0000 add [eax],al ds:7ce6f760=01 0006f2a6 0000 add [eax],al ds:7ce6f760=01 *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f234 12 02 00 00 60 f7 e6 7c - c4 f2 06 00 01 00 00 00 ....`..|........ 0006f244 e3 b5 e6 7c 54 f2 06 00 - 60 f7 e6 7c c4 f2 06 00 ...|T...`..|.... 0006f254 10 0f e7 7c 01 00 00 00 - 34 a8 08 00 80 96 09 00 ...|....4....... 0006f264 00 00 00 00 54 f2 06 00 - dc f2 06 00 eb c6 e6 7c ....T..........| 0006f274 8c f2 06 00 07 d7 e6 7c - 8c f2 06 00 10 f8 06 00 .......|........ 0006f284 10 f8 06 00 10 f8 06 00 - 9c 96 09 00 60 f7 e6 7c ............`..| 0006f294 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................ 0006f2a4 00 00 00 00 c4 f2 06 00 - 80 96 09 00 00 00 00 00 ................ 0006f2b4 05 40 00 80 50 fc 06 00 - 00 00 00 00 9c 96 09 00 .@..P........... 0006f2c4 00 00 00 00 01 00 00 00 - 00 c8 07 00 00 00 00 00 ................ 0006f2d4 00 00 00 00 60 f6 06 00 - f8 f2 06 00 5c d4 e6 7c ....`.......\..| 0006f2e4 54 24 f1 7c 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 T$.|............ 0006f2f4 58 24 f1 7c 1c f3 06 00 - 7b d8 e6 7c 10 f8 06 00 X$.|....{..|.... 0006f304 00 00 00 00 d0 fd 06 00 - 5c 24 f1 7c 00 00 00 00 ........\$.|.... 0006f314 00 00 00 00 01 00 00 00 - 3c f3 06 00 24 d8 e6 7c ........<...$..| 0006f324 58 24 f1 7c 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 X$.|............ 0006f334 05 40 00 80 58 24 f1 7c - 5c f3 06 00 a0 d5 e6 7c .@..X$.|\......| 0006f344 5c 24 f1 7c 01 00 00 00 - 00 00 00 00 60 f6 06 00 \$.|........`... 0006f354 10 f8 06 00 d0 fd 06 00 - a0 f3 06 00 4f d5 e6 7c ............O..| 0006f364 5c 24 f1 7c 60 f6 06 00 - 00 00 00 00 10 f8 06 00 \$.|`........... State Dump for Thread Id 0x598 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000084 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000084 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 84 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 88 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 84 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x5a0 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x59c eax=7ce57f6f ebx=00000102 ecx=00074480 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x530 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 0040A389 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 70BECEFF 0006FEE4 00000000 00000000 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 0123ff5c a8 a9 40 00 86 01 02 00 - 2a c0 00 00 04 00 00 00 ..@.....*....... 0123ff6c 62 01 04 00 94 64 05 00 - 7f 02 00 00 3b 02 00 00 b....d......;... 0123ff7c b4 ff 23 01 89 a3 40 00 - 39 cf be 70 00 00 40 00 ..#...@.9..p..@. 0123ff8c 31 00 36 00 30 00 36 00 - 72 a3 40 00 72 90 40 00 1.6.0.6.r.@.r.@. 0123ff9c 54 01 00 00 00 00 40 00 - 00 00 00 00 00 00 00 00 T.....@......... 0123ffac 00 00 00 00 00 00 00 00 - ec ff 23 01 88 b3 57 7c ..........#...W| 0123ffbc e4 fe 06 00 31 00 36 00 - 30 00 36 00 e4 fe 06 00 ....1.6.0.6..... 0123ffcc 00 a0 fd 7f 34 00 38 00 - c0 ff 23 01 34 00 38 00 ....4.8...#.4.8. 0123ffdc ff ff ff ff 54 1f 5c 7c - 08 2b 57 7c 00 00 00 00 ....T.\|.+W|.... 0123ffec 00 00 00 00 00 00 00 00 - ff ce be 70 e4 fe 06 00 ...........p.... 0123fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0124008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x568 eax=00098000 ebx=00000006 ecx=0130d7b8 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001DC 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000005 00000005 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x52c eax=00000000 ebx=c0000034 ecx=00010101 edx=00000000 esi=00020008 edi=02000000 eip=77f88727 esp=0134f448 ebp=0134f4c4 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: NtOpenProcessToken 77f8871c b86b000000 mov eax,0x6b 77f88721 8d542404 lea edx,[esp+0x4] ss:022b932f=???????? 77f88725 cd2e int 2e 77f88727 c20c00 ret 0xc 77f8872a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F4C4 7C2EEE64 0134F4D8 00000000 02000000 00000001 ntdll!NtOpenProcessToken 0134F4E0 7C2EEB01 0134F6EC 0134F534 77F886DC 013400D6 advapi32!RegSetValueExA 0134F4FC 7C2EEF6F 0134F6EC 0134F534 0134F542 0134F7BC advapi32!RegSetValueExA 0134F544 7C2EEEF1 0134F6EC 0000023E 0134F7BC 02000000 advapi32!RegSetValueExA 0134F700 7C2EEEA1 0000023E 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F794 7C2F4A83 0000023E 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F7C8 7C2F4C36 0000023E 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000000 00098F60 00000000 advapi32!RegOpenKeyW 0134FE8C 71125C71 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 0009AEA8 BROWSEUI!Ordinal131 0134FEE0 71125BA7 0009AEA8 000981C0 000981C0 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 0009AEA8 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f448 b6 47 fa 77 ff ff ff ff - 08 00 02 00 c0 f4 34 01 .G.w..........4. 0134f458 34 f5 34 01 34 00 00 c0 - c2 b7 fc 77 28 0f 07 00 4.4.4......w(... 0134f468 90 c0 08 00 00 00 00 02 - dc 86 f8 77 00 00 00 00 ...........w.... 0134f478 f0 94 c8 5f f8 9f b4 74 - e8 03 00 00 01 ff 33 00 ..._...t......3. 0134f488 99 cc 66 00 34 f5 34 01 - 38 f5 34 01 10 00 00 00 ..f.4.4.8.4..... 0134f498 c4 f4 34 01 ca de f9 77 - 08 c1 08 00 00 00 07 00 ..4....w........ 0134f4a8 10 00 00 00 00 00 00 02 - 38 f5 34 01 34 00 00 c0 ........8.4.4... 0134f4b8 00 f5 34 01 35 00 00 00 - e0 f4 34 01 e0 f4 34 01 ..4.5.....4...4. 0134f4c8 64 ee 2e 7c d8 f4 34 01 - 00 00 00 00 00 00 00 02 d..|..4......... 0134f4d8 01 00 00 00 dc 86 f8 77 - fc f4 34 01 01 eb 2e 7c .......w..4....| 0134f4e8 ec f6 34 01 34 f5 34 01 - dc 86 f8 77 d6 00 34 01 ..4.4.4....w..4. 0134f4f8 b0 f5 34 01 44 f5 34 01 - 6f ef 2e 7c ec f6 34 01 ..4.D.4.o..|..4. 0134f508 34 f5 34 01 42 f5 34 01 - bc f7 34 01 00 00 00 00 4.4.B.4...4..... 0134f518 3e 02 00 00 5c 00 00 00 - 1a 01 00 00 68 f5 34 01 >...\.......h.4. 0134f528 89 ed 2e 7c 44 f5 34 01 - 22 00 00 00 ec f6 9a 01 ...|D.4."....... 0134f538 c8 99 09 00 c8 99 09 00 - 3e 02 00 00 00 f7 34 01 ........>.....4. 0134f548 f1 ee 2e 7c ec f6 34 01 - 3e 02 00 00 bc f7 34 01 ...|..4.>.....4. 0134f558 00 00 00 02 03 00 00 00 - 38 fc 34 01 00 00 00 00 ........8.4..... 0134f568 1a 01 00 00 5c 00 52 00 - 45 00 47 00 49 00 53 00 ....\.R.E.G.I.S. 0134f578 54 00 52 00 59 00 5c 00 - 4d 00 41 00 43 00 48 00 T.R.Y.\.M.A.C.H. Application exception occurred: App: explorer.exe (pid=1428) When: 7/4/2005 @ 11:16:10.275 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1412 iexplore.exe 1380 taskmgr.exe 1448 drwtsn32.exe 1428 explorer.exe 1456 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x2f4 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28d esp=0006f234 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 009ca0090060f7 add [eax+0xf7600009],bl ds:f7600009=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? 0006f2a6 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f234 12 02 00 00 60 f7 e6 7c - c4 f2 06 00 01 00 00 00 ....`..|........ 0006f244 e3 b5 e6 7c 54 f2 06 00 - 60 f7 e6 7c c4 f2 06 00 ...|T...`..|.... 0006f254 10 0f e7 7c 01 00 00 00 - 34 a8 08 00 80 a0 09 00 ...|....4....... 0006f264 00 00 00 00 54 f2 06 00 - dc f2 06 00 eb c6 e6 7c ....T..........| 0006f274 8c f2 06 00 07 d7 e6 7c - 8c f2 06 00 10 f8 06 00 .......|........ 0006f284 10 f8 06 00 10 f8 06 00 - 9c a0 09 00 60 f7 e6 7c ............`..| 0006f294 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................ 0006f2a4 00 00 00 00 c4 f2 06 00 - 80 a0 09 00 00 00 00 00 ................ 0006f2b4 05 40 00 80 50 fc 06 00 - 00 00 00 00 9c a0 09 00 .@..P........... 0006f2c4 00 00 00 00 01 00 00 00 - 00 c8 07 00 00 00 00 00 ................ 0006f2d4 00 00 00 00 60 f6 06 00 - f8 f2 06 00 5c d4 e6 7c ....`.......\..| 0006f2e4 54 24 f1 7c 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 T$.|............ 0006f2f4 58 24 f1 7c 1c f3 06 00 - 7b d8 e6 7c 10 f8 06 00 X$.|....{..|.... 0006f304 00 00 00 00 d0 fd 06 00 - 5c 24 f1 7c 00 00 00 00 ........\$.|.... 0006f314 00 00 00 00 01 00 00 00 - 3c f3 06 00 24 d8 e6 7c ........<...$..| 0006f324 58 24 f1 7c 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 X$.|............ 0006f334 05 40 00 80 58 24 f1 7c - 5c f3 06 00 a0 d5 e6 7c .@..X$.|\......| 0006f344 5c 24 f1 7c 01 00 00 00 - 00 00 00 00 60 f6 06 00 \$.|........`... 0006f354 10 f8 06 00 d0 fd 06 00 - a0 f3 06 00 4f d5 e6 7c ............O..| 0006f364 5c 24 f1 7c 60 f6 06 00 - 00 00 00 00 10 f8 06 00 \$.|`........... State Dump for Thread Id 0x568 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=0000008c eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 0000008C FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 8c 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 90 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 8c 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x530 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5a0 eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x598 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 0040A389 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x52c eax=00098000 ebx=00000006 ecx=0130d818 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001E4 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000003 00000003 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x59c eax=00000000 ebx=00000000 ecx=00010101 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0134f504 ebp=0134f548 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:022b93eb=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F548 7C2EEEF1 0134F6F0 00000062 0134F7C0 02000000 ntdll!NtOpenKey 0134F704 7C2EEEA1 00000062 0134F7C0 00000000 02000000 advapi32!RegSetValueExA 0134F798 7C2F4A83 00000062 0134F7C0 00000000 02000000 advapi32!RegSetValueExA 0134F7CC 7C2F4C36 80000000 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000001 00098FB0 00000000 advapi32!RegOpenKeyW 0134FE8C 71125C71 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 0009C960 BROWSEUI!Ordinal131 0134FEE0 71125BA7 0009C960 00098218 00098218 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 0009C960 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f504 a2 ef 2e 7c 34 fc 34 01 - 00 00 00 02 20 f5 34 01 ...|4.4..... .4. 0134f514 c0 f7 34 01 00 00 00 00 - 62 00 00 00 18 00 00 00 ..4.....b....... 0134f524 00 00 00 00 38 f5 34 01 - 40 00 00 00 00 00 00 00 ....8.4.@....... 0134f534 00 00 00 00 e2 00 62 01 - 90 c0 08 00 90 c0 08 00 ......b......... 0134f544 62 00 88 00 04 f7 34 01 - f1 ee 2e 7c f0 f6 34 01 b.....4....|..4. 0134f554 62 00 00 00 c0 f7 34 01 - 00 00 00 02 03 00 00 00 b.....4......... 0134f564 34 fc 34 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 4.4.........\.R. 0134f574 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0134f584 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 0134f594 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 0134f5a4 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 0134f5b4 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 0134f5c4 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 0134f5d4 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 0134f5e4 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 0134f5f4 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 0134f604 5c 00 7b 00 32 00 39 00 - 46 00 34 00 36 00 46 00 \.{.2.9.F.4.6.F. 0134f614 38 00 31 00 2d 00 34 00 - 42 00 32 00 41 00 2d 00 8.1.-.4.B.2.A.-. 0134f624 31 00 31 00 44 00 31 00 - 2d 00 39 00 42 00 43 00 1.1.D.1.-.9.B.C. 0134f634 45 00 2d 00 30 00 30 00 - 41 00 30 00 43 00 39 00 E.-.0.0.A.0.C.9. Application exception occurred: App: explorer.exe (pid=864) When: 7/4/2005 @ 12:40:57.941 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1128 iexplore.exe 1316 taskmgr.exe 312 msiexec.exe 864 explorer.exe 852 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x148 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 008c9f090060f7 add [edi+ebx*4+0xf7600009],cl ds:f766f2cd=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? 0006f2a6 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 34 a8 08 00 - 70 9f 09 00 00 00 00 00 ....4...p....... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 8c 9f 09 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 70 9f 09 00 - 00 00 00 00 05 40 00 80 ....p........@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 8c 9f 09 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x58c eax=00000000 ebx=00000000 ecx=00000101 edx=00000000 esi=77f88f08 edi=00000074 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000074 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 74 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|t........... 00c2fd58 78 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 x............... 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 74 00 00 00 .........R..t... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x3ac eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079ce0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CE0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5b4 eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x140 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403551 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x14c eax=0130e36c ebx=00000006 ecx=00096908 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001E8 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000002 00000002 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x174 eax=c0000034 ebx=00000000 ecx=01010101 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0134f504 ebp=0134f548 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:022b93eb=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F548 7C2EEEF1 0134F6F0 00000062 0134F7C0 02000000 ntdll!NtOpenKey 0134F704 7C2EEEA1 00000062 0134F7C0 00000000 02000000 advapi32!RegSetValueExA 0134F798 7C2F4A83 00000062 0134F7C0 00000000 02000000 advapi32!RegSetValueExA 0134F7CC 7C2F4C36 80000000 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000001 000795F8 00000000 advapi32!RegOpenKeyW 0134FE8C 71125CA4 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 0009CA68 BROWSEUI!Ordinal131 0134FEE0 71125BA7 0009CA68 000968A0 000968A0 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 0009CA68 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f504 f9 ef 2e 7c 34 fc 34 01 - 00 00 00 02 20 f5 34 01 ...|4.4..... .4. 0134f514 c0 f7 34 01 00 00 00 00 - 62 00 00 00 18 00 00 00 ..4.....b....... 0134f524 00 00 00 00 38 f5 34 01 - 40 00 00 00 00 00 00 00 ....8.4.@....... 0134f534 00 00 00 00 9e 00 62 01 - 90 c0 08 00 90 c0 08 00 ......b......... 0134f544 62 00 44 00 04 f7 34 01 - f1 ee 2e 7c f0 f6 34 01 b.D...4....|..4. 0134f554 62 00 00 00 c0 f7 34 01 - 00 00 00 02 03 00 00 00 b.....4......... 0134f564 34 fc 34 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 4.4.........\.R. 0134f574 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0134f584 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 0134f594 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 0134f5a4 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 0134f5b4 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 0134f5c4 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 0134f5d4 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 0134f5e4 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 0134f5f4 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 0134f604 5c 00 7b 00 45 00 30 00 - 44 00 37 00 39 00 33 00 \.{.E.0.D.7.9.3. 0134f614 30 00 36 00 2d 00 38 00 - 34 00 42 00 45 00 2d 00 0.6.-.8.4.B.E.-. 0134f624 31 00 31 00 43 00 45 00 - 2d 00 39 00 36 00 34 00 1.1.C.E.-.9.6.4. 0134f634 31 00 2d 00 34 00 34 00 - 34 00 35 00 35 00 33 00 1.-.4.4.4.5.5.3. Application exception occurred: App: explorer.exe (pid=740) When: 7/4/2005 @ 12:43:39.113 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1128 iexplore.exe 1316 taskmgr.exe 1388 Windows2000-KB8.exe 1092 UPDATE.exe 1468 cmd.exe 740 explorer.exe 1420 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x4f8 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28e esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 007c5d09 add [ebp+ebx*2+0x9],bh ss:00fd91ab=?? 0006f28f 0060f7 add [eax+0xf7],ah ds:00f69ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 34 a8 08 00 - 60 5d 09 00 00 00 00 00 ....4...`]...... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 7c 5d 09 00 - 60 f7 e6 7c 00 00 00 00 ....|]..`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 60 5d 09 00 - 00 00 00 00 05 40 00 80 ....`].......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 7c 5d 09 00 00 00 00 00 P.......|]...... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x2f4 eax=00000000 ebx=00000000 ecx=00000101 edx=00000000 esi=77f88f08 edi=00000074 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000074 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 74 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|t........... 00c2fd58 78 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 x............... 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 74 00 00 00 .........R..t... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x140 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079ce0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CE0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x14c eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x148 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403852 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x360 eax=0130e36c ebx=00000006 ecx=0009c0b8 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001B8 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000001 00000001 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x5a0 eax=0134fa0c ebx=00000000 ecx=0134fa0e edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0134f500 ebp=0134f544 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:022b93e7=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F544 7C2EEEF1 0134F6EC 00000242 0134F7BC 02000000 ntdll!NtOpenKey 0134F700 7C2EEEA1 00000242 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F794 7C2F4A83 00000242 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F7C8 7C2F4C36 00000242 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000000 0009CCC8 00000000 advapi32!RegOpenKeyW 0134FE8C 71125CA4 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 00095108 BROWSEUI!Ordinal131 0134FEE0 71125BA7 00095108 000908B8 000908B8 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 00095108 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f500 a2 ef 2e 7c 38 fc 34 01 - 00 00 00 02 1c f5 34 01 ...|8.4.......4. 0134f510 bc f7 34 01 00 00 00 00 - 42 02 00 00 18 00 00 00 ..4.....B....... 0134f520 00 00 00 00 34 f5 34 01 - 40 00 00 00 00 00 00 00 ....4.4.@....... 0134f530 00 00 00 00 5e 01 9a 01 - 98 eb 09 00 98 eb 09 00 ....^........... 0134f540 42 02 88 00 00 f7 34 01 - f1 ee 2e 7c ec f6 34 01 B.....4....|..4. 0134f550 42 02 00 00 bc f7 34 01 - 00 00 00 02 03 00 00 00 B.....4......... 0134f560 38 fc 34 01 00 00 00 00 - 1a 01 00 00 5c 00 52 00 8.4.........\.R. 0134f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0134f580 4d 00 41 00 43 00 48 00 - 49 00 4e 00 45 00 5c 00 M.A.C.H.I.N.E.\. 0134f590 53 00 4f 00 46 00 54 00 - 57 00 41 00 52 00 45 00 S.O.F.T.W.A.R.E. 0134f5a0 5c 00 43 00 6c 00 61 00 - 73 00 73 00 65 00 73 00 \.C.l.a.s.s.e.s. 0134f5b0 5c 00 63 00 6c 00 73 00 - 69 00 64 00 5c 00 7b 00 \.c.l.s.i.d.\.{. 0134f5c0 37 00 62 00 39 00 65 00 - 33 00 38 00 62 00 30 00 7.b.9.e.3.8.b.0. 0134f5d0 2d 00 61 00 39 00 37 00 - 63 00 2d 00 31 00 31 00 -.a.9.7.c.-.1.1. 0134f5e0 64 00 30 00 2d 00 38 00 - 35 00 33 00 34 00 2d 00 d.0.-.8.5.3.4.-. 0134f5f0 30 00 30 00 63 00 30 00 - 34 00 66 00 64 00 38 00 0.0.c.0.4.f.d.8. 0134f600 64 00 35 00 30 00 33 00 - 7d 00 5c 00 49 00 6d 00 d.5.0.3.}.\.I.m. 0134f610 70 00 6c 00 65 00 6d 00 - 65 00 6e 00 74 00 65 00 p.l.e.m.e.n.t.e. 0134f620 64 00 20 00 43 00 61 00 - 74 00 65 00 67 00 6f 00 d. .C.a.t.e.g.o. 0134f630 72 00 69 00 65 00 73 00 - 5c 00 7b 00 30 00 30 00 r.i.e.s.\.{.0.0. Application exception occurred: App: explorer.exe (pid=1272) When: 7/4/2005 @ 12:43:44.060 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1128 iexplore.exe 1316 taskmgr.exe 1388 Windows2000-KB8.exe 1092 UPDATE.exe 1468 cmd.exe 1420 drwtsn32.exe 1272 explorer.exe 1520 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01380000 - 0138F000) State Dump for Thread Id 0x2e4 eax=000000c8 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28e esp=0006f238 ebp=00000000 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: 0006f27f 0010 add [eax],dl ds:000000c8=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:000000c8=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:000000c8=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 0014c8 add [eax+ecx*8],dl ds:7cf12624=00 FAULT ->0006f28e 0900 or [eax],eax ds:000000c8=???????? 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:000000c8=?? 0006f297 0000 add [eax],al ds:000000c8=?? 0006f299 0000 add [eax],al ds:000000c8=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:000000c8=?? 0006f29f 0000 add [eax],al ds:000000c8=?? 0006f2a1 0000 add [eax],al ds:000000c8=?? 0006f2a3 0000 add [eax],al ds:000000c8=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 34 a8 08 00 - f8 c7 09 00 00 00 00 00 ....4........... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 14 c8 09 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 f8 c7 09 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 14 c8 09 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x360 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000090 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000090 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 90 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 94 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 90 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x148 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x140 eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x2f4 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403852 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5a0 eax=0130e36c ebx=00000006 ecx=000996b8 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001E4 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000006 00000006 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x14c eax=00000000 ebx=00000000 ecx=01010101 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0134f504 ebp=0134f548 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:022b93eb=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F548 7C2EEEF1 0134F6F0 00000062 0134F7C0 02000000 ntdll!NtOpenKey 0134F704 7C2EEEA1 00000062 0134F7C0 00000000 02000000 advapi32!RegSetValueExA 0134F798 7C2F4A83 00000062 0134F7C0 00000000 02000000 advapi32!RegSetValueExA 0134F7CC 7C2F4C36 80000000 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000001 00095C90 00000000 advapi32!RegOpenKeyW 0134FE8C 71125C71 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 00097B18 BROWSEUI!Ordinal131 0134FEE0 71125BA7 00097B18 00093978 00093978 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 00097B18 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f504 f9 ef 2e 7c 34 fc 34 01 - 00 00 00 02 20 f5 34 01 ...|4.4..... .4. 0134f514 c0 f7 34 01 00 00 00 00 - 62 00 00 00 18 00 00 00 ..4.....b....... 0134f524 00 00 00 00 38 f5 34 01 - 40 00 00 00 00 00 00 00 ....8.4.@....... 0134f534 00 00 00 00 9e 00 62 01 - 90 c0 08 00 90 c0 08 00 ......b......... 0134f544 62 00 44 00 04 f7 34 01 - f1 ee 2e 7c f0 f6 34 01 b.D...4....|..4. 0134f554 62 00 00 00 c0 f7 34 01 - 00 00 00 02 03 00 00 00 b.....4......... 0134f564 34 fc 34 01 00 00 00 00 - e2 00 00 00 5c 00 52 00 4.4.........\.R. 0134f574 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0134f584 55 00 73 00 65 00 72 00 - 5c 00 53 00 2d 00 31 00 U.s.e.r.\.S.-.1. 0134f594 2d 00 35 00 2d 00 32 00 - 31 00 2d 00 37 00 39 00 -.5.-.2.1.-.7.9. 0134f5a4 30 00 35 00 32 00 35 00 - 34 00 37 00 38 00 2d 00 0.5.2.5.4.7.8.-. 0134f5b4 31 00 36 00 30 00 36 00 - 39 00 38 00 30 00 38 00 1.6.0.6.9.8.0.8. 0134f5c4 34 00 38 00 2d 00 31 00 - 39 00 35 00 37 00 39 00 4.8.-.1.9.5.7.9. 0134f5d4 39 00 34 00 34 00 38 00 - 38 00 2d 00 31 00 30 00 9.4.4.8.8.-.1.0. 0134f5e4 30 00 30 00 5f 00 43 00 - 6c 00 61 00 73 00 73 00 0.0._.C.l.a.s.s. 0134f5f4 65 00 73 00 5c 00 43 00 - 4c 00 53 00 49 00 44 00 e.s.\.C.L.S.I.D. 0134f604 5c 00 7b 00 32 00 44 00 - 45 00 33 00 46 00 39 00 \.{.2.D.E.3.F.9. 0134f614 30 00 44 00 2d 00 41 00 - 43 00 41 00 39 00 2d 00 0.D.-.A.C.A.9.-. 0134f624 34 00 41 00 43 00 38 00 - 2d 00 39 00 30 00 33 00 4.A.C.8.-.9.0.3. 0134f634 33 00 2d 00 44 00 45 00 - 32 00 46 00 33 00 36 00 3.-.D.E.2.F.3.6. Application exception occurred: App: explorer.exe (pid=740) When: 7/4/2005 @ 12:43:48.727 Exception number: c0000096 (privileged instruction) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1128 iexplore.exe 1316 taskmgr.exe 1388 Windows2000-KB8.exe 1092 UPDATE.exe 1468 cmd.exe 1420 drwtsn32.exe 1520 drwtsn32.exe 740 explorer.exe 1544 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x4f8 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00e4 add ah,ah 0006f28d 98 cwde 0006f28e 0900 or [eax],eax ds:00000000=???????? 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 34 a8 08 00 - c8 98 09 00 00 00 00 00 ....4........... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 e4 98 09 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 c8 98 09 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - e4 98 09 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x5a0 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000080 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000080 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 80 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 84 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 80 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x2f4 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x148 eax=7ce57f6f ebx=00000102 ecx=00074480 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x360 eax=000002aa ebx=0006fee4 ecx=00000000 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403852 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x14c eax=00000000 ebx=00000006 ecx=7cf87c24 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001D4 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000005 00000005 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x140 eax=0134f4b0 ebx=00000000 ecx=0134f43c edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0134f500 ebp=0134f544 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:022b93e7=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F544 7C2EEEF1 0134F6EC 000002AE 0134F7BC 02000000 ntdll!NtOpenKey 0134F700 7C2EEEA1 000002AE 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F794 7C2F4A83 000002AE 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F7C8 7C2F4C36 000002AE 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000000 00095110 00000000 advapi32!RegOpenKeyW 0134FE8C 71125CA4 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 000720A0 BROWSEUI!Ordinal131 0134FEE0 71125BA7 000720A0 00097EF8 00097EF8 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 000720A0 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f500 a2 ef 2e 7c 38 fc 34 01 - 00 00 00 02 1c f5 34 01 ...|8.4.......4. 0134f510 bc f7 34 01 00 00 00 00 - ae 02 00 00 18 00 00 00 ..4............. 0134f520 00 00 00 00 34 f5 34 01 - 40 00 00 00 00 00 00 00 ....4.4.@....... 0134f530 00 00 00 00 5e 01 9a 01 - 78 eb 09 00 78 eb 09 00 ....^...x...x... 0134f540 ae 02 88 00 00 f7 34 01 - f1 ee 2e 7c ec f6 34 01 ......4....|..4. 0134f550 ae 02 00 00 bc f7 34 01 - 00 00 00 02 03 00 00 00 ......4......... 0134f560 38 fc 34 01 00 00 00 00 - 1a 01 00 00 5c 00 52 00 8.4.........\.R. 0134f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0134f580 4d 00 41 00 43 00 48 00 - 49 00 4e 00 45 00 5c 00 M.A.C.H.I.N.E.\. 0134f590 53 00 4f 00 46 00 54 00 - 57 00 41 00 52 00 45 00 S.O.F.T.W.A.R.E. 0134f5a0 5c 00 43 00 6c 00 61 00 - 73 00 73 00 65 00 73 00 \.C.l.a.s.s.e.s. 0134f5b0 5c 00 63 00 6c 00 73 00 - 69 00 64 00 5c 00 7b 00 \.c.l.s.i.d.\.{. 0134f5c0 33 00 42 00 36 00 45 00 - 44 00 38 00 43 00 35 00 3.B.6.E.D.8.C.5. 0134f5d0 2d 00 35 00 42 00 39 00 - 31 00 2d 00 31 00 31 00 -.5.B.9.1.-.1.1. 0134f5e0 44 00 35 00 2d 00 38 00 - 30 00 33 00 43 00 2d 00 D.5.-.8.0.3.C.-. 0134f5f0 30 00 30 00 44 00 30 00 - 42 00 37 00 36 00 38 00 0.0.D.0.B.7.6.8. 0134f600 42 00 34 00 42 00 30 00 - 7d 00 5c 00 49 00 6d 00 B.4.B.0.}.\.I.m. 0134f610 70 00 6c 00 65 00 6d 00 - 65 00 6e 00 74 00 65 00 p.l.e.m.e.n.t.e. 0134f620 64 00 20 00 43 00 61 00 - 74 00 65 00 67 00 6f 00 d. .C.a.t.e.g.o. 0134f630 72 00 69 00 65 00 73 00 - 5c 00 7b 00 30 00 30 00 r.i.e.s.\.{.0.0. Application exception occurred: App: explorer.exe (pid=1528) When: 7/4/2005 @ 12:43:58.551 Exception number: c0000096 (privileged instruction) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1128 iexplore.exe 1316 taskmgr.exe 1388 Windows2000-KB8.exe 1092 UPDATE.exe 1468 cmd.exe 1528 explorer.exe 1540 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01350000 - 0135F000) State Dump for Thread Id 0x5ec eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28c esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000212 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00f4 add ah,dh 0006f28d 55 push ebp 0006f28e 0900 or [eax],eax ds:00000000=???????? 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:00000000=?? 0006f297 0000 add [eax],al ds:00000000=?? 0006f299 0000 add [eax],al ds:00000000=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:00000000=?? 0006f29f 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 34 a8 08 00 - d8 55 09 00 00 00 00 00 ....4....U...... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 f4 55 09 00 - 60 f7 e6 7c 00 00 00 00 .....U..`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 d8 55 09 00 - 00 00 00 00 05 40 00 80 .....U.......@.. 0006f2b8 50 fc 06 00 00 00 00 00 - f4 55 09 00 00 00 00 00 P........U...... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x5f0 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000094 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000094 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 94 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 98 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 94 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x5b4 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x58c eax=7ce57f6f ebx=00000102 ecx=00074480 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x174 eax=00000001 ebx=004632d0 ecx=00010101 edx=00000000 esi=00000411 edi=0000022c eip=77e3b6a4 esp=0123fe8c ebp=0123fec0 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: InflateRect 77e3b68f 7799 ja CharUpperBuffA+0x3724 (77e46d2a) 77e3b691 b6e3 mov dh,0xe3 77e3b693 7790 ja CharUpperBuffA+0x111f (77e44725) 77e3b695 90 nop 77e3b696 90 nop 77e3b697 90 nop 77e3b698 90 nop 77e3b699 b8bc110000 mov eax,0x11bc 77e3b69e 8d542404 lea edx,[esp+0x4] ss:021a9d73=???????? 77e3b6a2 cd2e int 2e 77e3b6a4 c21c00 ret 0x1c 77e3b6a7 81ff00040000 cmp edi,0x400 77e3b6ad 0f839f850000 jnb CharUpperBuffA+0x64c (77e43c52) 77e3b6b3 ff7518 push dword ptr [ebp+0x18] ss:021a9da6=???????? 77e3b6b6 8a871818e477 mov al,[edi+0x77e41818] ds:77e41a44=00 77e3b6bc 83e03f and eax,0x3f 77e3b6bf 689e020000 push 0x29e 77e3b6c4 6a00 push 0x0 77e3b6c6 ff7514 push dword ptr [ebp+0x14] ss:021a9da6=???????? 77e3b6c9 ff7510 push dword ptr [ebp+0x10] ss:021a9da6=???????? 77e3b6cc 57 push edi 77e3b6cd 52 push edx *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FEC0 77E3B811 004632D0 00000411 0000022C 000005F8 user32!InflateRect 0123FEE0 7CF7187A 00270210 00000411 0000022C 000005F8 user32!SendMessageW 0123FF24 00403D42 001B0246 00008003 0002B01F 000004CC shell32!Ordinal2 0123FF4C 00403D08 001B0246 000004CC 00099060 00000000 explorer! 000004CC 00000000 00000000 00000000 00000000 00000000 explorer! *----> Raw Stack Dump <----* 0123fe8c 0c 82 e3 77 10 02 27 00 - 11 04 00 00 2c 02 00 00 ...w..'.....,... 0123fe9c f8 05 00 00 00 00 00 00 - ae 02 00 00 00 00 00 00 ................ 0123feac 2c 02 00 00 11 04 00 00 - 44 ff 23 01 10 02 27 00 ,.......D.#...'. 0123febc c0 18 00 00 e0 fe 23 01 - 11 b8 e3 77 d0 32 46 00 ......#....w.2F. 0123fecc 11 04 00 00 2c 02 00 00 - f8 05 00 00 00 00 00 00 ....,........... 0123fedc 00 00 00 80 24 ff 23 01 - 7a 18 f7 7c 10 02 27 00 ....$.#.z..|..'. 0123feec 11 04 00 00 2c 02 00 00 - f8 05 00 00 97 9b f7 7c ....,..........| 0123fefc 60 90 09 00 46 3d 40 00 - cc 04 00 00 46 02 1b 00 `...F=@.....F... 0123ff0c 00 80 00 00 10 02 27 00 - 00 00 00 00 00 00 00 00 ......'......... 0123ff1c f8 05 00 00 00 00 00 00 - 4c ff 23 01 42 3d 40 00 ........L.#.B=@. 0123ff2c 46 02 1b 00 03 80 00 00 - 1f b0 02 00 cc 04 00 00 F............... 0123ff3c 01 00 00 00 44 ff 23 01 - 60 90 09 00 00 00 00 00 ....D.#.`....... 0123ff4c cc 04 00 00 08 3d 40 00 - 46 02 1b 00 cc 04 00 00 .....=@.F....... 0123ff5c 60 90 09 00 00 00 00 00 - 00 00 00 00 04 ff 06 00 `............... 0123ff6c b4 ff 23 01 e4 fe 06 00 - ed 38 40 00 5d 38 40 00 ..#......8@.]8@. 0123ff7c 04 ff 06 00 4d 38 40 00 - 39 cf be 70 00 00 40 00 ....M8@.9..p..@. 0123ff8c 31 00 36 00 30 00 36 00 - 3b 38 40 00 67 25 40 00 1.6.0.6.;8@.g%@. 0123ff9c 54 01 00 00 00 00 40 00 - 00 00 00 00 00 00 00 00 T.....@......... 0123ffac 00 00 00 00 00 00 00 00 - ec ff 23 01 88 b3 57 7c ..........#...W| 0123ffbc e4 fe 06 00 31 00 36 00 - 30 00 36 00 e4 fe 06 00 ....1.6.0.6..... State Dump for Thread Id 0x5f4 eax=0130e36c ebx=00000005 ecx=0009bb08 edx=00000000 esi=77f88ef8 edi=00000005 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000004 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001B8 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000006 00000006 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x5fc eax=00000000 ebx=00000000 ecx=00010101 edx=00000000 esi=77f886dc edi=02000000 eip=77f886e7 esp=0134f500 ebp=0134f544 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtOpenKey 77f886dc b867000000 mov eax,0x67 77f886e1 8d542404 lea edx,[esp+0x4] ss:022b93e7=???????? 77f886e5 cd2e int 2e 77f886e7 c20c00 ret 0xc 77f886ea 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F544 7C2EEEF1 0134F6EC 00000236 0134F7BC 02000000 ntdll!NtOpenKey 0134F700 7C2EEEA1 00000236 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F794 7C2F4A83 00000236 0134F7BC 00000000 02000000 advapi32!RegSetValueExA 0134F7C8 7C2F4C36 00000236 0134FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0134FC44 7CE28B31 0134FC6C 00000000 000947B8 00000000 advapi32!RegOpenKeyW 0134FE8C 71125CA4 00000000 00000001 0134FEAC 0134FEC4 ole32!CreateOleAdviseHolder 0134FEBC 71125C18 00000000 0134FEDC 00000002 00094290 BROWSEUI!Ordinal131 0134FEE0 71125BA7 00094290 0008FA90 0008FA90 80004005 BROWSEUI!Ordinal131 0134FEF8 71125B6C 00000002 00094290 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0134f500 a2 ef 2e 7c 38 fc 34 01 - 00 00 00 02 1c f5 34 01 ...|8.4.......4. 0134f510 bc f7 34 01 00 00 00 00 - 36 02 00 00 18 00 00 00 ..4.....6....... 0134f520 00 00 00 00 34 f5 34 01 - 40 00 00 00 00 00 00 00 ....4.4.@....... 0134f530 00 00 00 00 5e 01 9a 01 - d0 e6 09 00 d0 e6 09 00 ....^........... 0134f540 36 02 88 00 00 f7 34 01 - f1 ee 2e 7c ec f6 34 01 6.....4....|..4. 0134f550 36 02 00 00 bc f7 34 01 - 00 00 00 02 03 00 00 00 6.....4......... 0134f560 38 fc 34 01 00 00 00 00 - 1a 01 00 00 5c 00 52 00 8.4.........\.R. 0134f570 45 00 47 00 49 00 53 00 - 54 00 52 00 59 00 5c 00 E.G.I.S.T.R.Y.\. 0134f580 4d 00 41 00 43 00 48 00 - 49 00 4e 00 45 00 5c 00 M.A.C.H.I.N.E.\. 0134f590 53 00 4f 00 46 00 54 00 - 57 00 41 00 52 00 45 00 S.O.F.T.W.A.R.E. 0134f5a0 5c 00 43 00 6c 00 61 00 - 73 00 73 00 65 00 73 00 \.C.l.a.s.s.e.s. 0134f5b0 5c 00 63 00 6c 00 73 00 - 69 00 64 00 5c 00 7b 00 \.c.l.s.i.d.\.{. 0134f5c0 35 00 33 00 42 00 36 00 - 41 00 41 00 36 00 43 00 5.3.B.6.A.A.6.C. 0134f5d0 2d 00 33 00 46 00 35 00 - 36 00 2d 00 31 00 31 00 -.3.F.5.6.-.1.1. 0134f5e0 44 00 30 00 2d 00 39 00 - 31 00 36 00 42 00 2d 00 D.0.-.9.1.6.B.-. 0134f5f0 30 00 30 00 41 00 41 00 - 30 00 30 00 43 00 31 00 0.0.A.A.0.0.C.1. 0134f600 38 00 30 00 36 00 38 00 - 7d 00 5c 00 49 00 6d 00 8.0.6.8.}.\.I.m. 0134f610 70 00 6c 00 65 00 6d 00 - 65 00 6e 00 74 00 65 00 p.l.e.m.e.n.t.e. 0134f620 64 00 20 00 43 00 61 00 - 74 00 65 00 67 00 6f 00 d. .C.a.t.e.g.o. 0134f630 72 00 69 00 65 00 73 00 - 5c 00 7b 00 30 00 30 00 r.i.e.s.\.{.0.0. Application exception occurred: App: explorer.exe (pid=1516) When: 7/4/2005 @ 12:44:03.177 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 428 svchost.exe 468 svchost.exe 520 LEXBCES.exe 544 spoolsv.exe 572 LEXPPS.exe 596 ccSetMgr.exe 692 navapsvc.exe 772 SAVScan.exe 804 MSTask.exe 828 tcpsvcs.exe 876 stisvc.exe 920 symlcsvc.exe 936 wanmpsvc.exe 1004 WinMgmt.exe 1036 mspmspsv.exe 1044 svchost.exe 1076 ccEvtMgr.exe 1128 iexplore.exe 1316 taskmgr.exe 1388 Windows2000-KB8.exe 1092 UPDATE.exe 1468 cmd.exe 1540 drwtsn32.exe 1516 explorer.exe 320 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76631000) (7C0F0000 - 7C154000) (01360000 - 0136F000) State Dump for Thread Id 0x5f8 eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a858 eip=0006f28e esp=0006f237 ebp=00000000 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 004c9209 add [edx+edx*4+0x9],cl ds:00f69ee7=?? 0006f28f 0060f7 add [eax+0xf7],ah ds:00f69ee6=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f237 00 60 f7 e6 7c c4 f2 06 - 00 01 00 00 00 e3 b5 e6 .`..|........... 0006f247 7c 54 f2 06 00 60 f7 e6 - 7c c4 f2 06 00 10 0f e7 |T...`..|....... 0006f257 7c 01 00 00 00 34 a8 08 - 00 30 92 09 00 00 00 00 |....4...0...... 0006f267 00 54 f2 06 00 dc f2 06 - 00 eb c6 e6 7c 8c f2 06 .T..........|... 0006f277 00 07 d7 e6 7c 8c f2 06 - 00 10 f8 06 00 10 f8 06 ....|........... 0006f287 00 10 f8 06 00 4c 92 09 - 00 60 f7 e6 7c 00 00 00 .....L...`..|... 0006f297 00 00 00 00 00 01 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a7 00 c4 f2 06 00 30 92 09 - 00 00 00 00 00 05 40 00 .....0........@. 0006f2b7 80 50 fc 06 00 00 00 00 - 00 4c 92 09 00 00 00 00 .P.......L...... 0006f2c7 00 01 00 00 00 00 c8 07 - 00 00 00 00 00 00 00 00 ................ 0006f2d7 00 60 f6 06 00 f8 f2 06 - 00 5c d4 e6 7c 54 24 f1 .`.......\..|T$. 0006f2e7 7c 00 00 00 00 10 f8 06 - 00 d0 fd 06 00 58 24 f1 |............X$. 0006f2f7 7c 1c f3 06 00 7b d8 e6 - 7c 10 f8 06 00 00 00 00 |....{..|....... 0006f307 00 d0 fd 06 00 5c 24 f1 - 7c 00 00 00 00 00 00 00 .....\$.|....... 0006f317 00 01 00 00 00 3c f3 06 - 00 24 d8 e6 7c 58 24 f1 .....<...$..|X$. 0006f327 7c 00 00 00 00 10 f8 06 - 00 d0 fd 06 00 05 40 00 |.............@. 0006f337 80 58 24 f1 7c 5c f3 06 - 00 a0 d5 e6 7c 5c 24 f1 .X$.|\......|\$. 0006f347 7c 01 00 00 00 00 00 00 - 00 60 f6 06 00 10 f8 06 |........`...... 0006f357 00 d0 fd 06 00 a0 f3 06 - 00 4f d5 e6 7c 5c 24 f1 .........O..|\$. 0006f367 7c 60 f6 06 00 00 00 00 - 00 10 f8 06 00 d0 fd 06 |`.............. State Dump for Thread Id 0x5f4 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000094 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000094 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 94 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 98 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 94 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x174 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5b4 eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x5f0 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403852 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5fc eax=00000000 ebx=00000006 ecx=7cf87c24 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001DC 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000009 00000009 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 dc fd 30 01 - 00 00 00 00 00 00 00 00 ......0......... 0130fdb8 06 00 00 00 ec 01 00 00 - f4 01 00 00 e8 01 00 00 ................ 0130fdc8 f8 01 00 00 e4 01 00 00 - e0 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 dc fd 30 01 00 00 00 00 - 00 00 00 00 fc 05 00 00 ..0............. 0130fe08 05 00 00 00 ec 01 00 00 - f4 01 00 00 e8 01 00 00 ................ 0130fe18 f8 01 00 00 e4 01 00 00 - e0 01 00 00 a0 5d 49 00 .............]I. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 e0 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - d0 07 00 00 ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..0............. 0130fe78 98 02 13 00 00 00 00 00 - ec ff 30 01 00 00 00 00 ..........0..... 0130fe88 fc 05 00 00 cb cb 44 80 - 00 00 00 00 f0 01 00 00 ......D......... 0130fe98 fc 05 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 ................ 0130fea8 00 00 00 00 19 ed 55 00 - 6b 03 00 00 cd 02 00 00 ......U.k....... 0130feb8 ec 01 00 00 f4 01 00 00 - e8 01 00 00 f8 01 00 00 ................ 0130fec8 e4 01 00 00 30 9f af 84 - 46 02 00 00 14 e3 42 80 ....0...F.....B. State Dump for Thread Id 0x58c eax=00000010 ebx=0135f246 ecx=00000004 edx=00000000 esi=0135f1f0 edi=0135f248 eip=77fb67cd esp=0135f174 ebp=0135f17c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: memmove 77fb67a4 8b448ef0 mov eax,[esi+ecx*4+0xf0] ds:00f69eeb=???????? 77fb67a8 89448ff0 mov [edi+ecx*4+0xf0],eax ds:00f69eeb=???????? 77fb67ac 8b448ef4 mov eax,[esi+ecx*4+0xf4] ds:00f69eeb=???????? 77fb67b0 89448ff4 mov [edi+ecx*4+0xf4],eax ds:00f69eeb=???????? 77fb67b4 8b448ef8 mov eax,[esi+ecx*4+0xf8] ds:00f69eeb=???????? 77fb67b8 89448ff8 mov [edi+ecx*4+0xf8],eax ds:00f69eeb=???????? 77fb67bc 8b448efc mov eax,[esi+ecx*4+0xfc] ds:00f69eeb=???????? 77fb67c0 89448ffc mov [edi+ecx*4+0xfc],eax ds:00f69eeb=???????? 77fb67c4 8d048d00000000 lea eax,[00000000+ecx*4] ds:00000004=???????? 77fb67cb 03f0 add esi,eax 77fb67cd 03f8 add edi,eax 77fb67cf ff2495d867fb77 ds:00000000=???????? jmp dword ptr [memmove+0x148 (77fb67d8)+edx*4] 77fb67d6 8bff mov edi,edi 77fb67d8 e867fb77f0 call 68736344 77fb67dd 67fb sti 77fb67df 77fc ja RtlConvertUlongToLargeInteger+0x1e0d (77fbcfdd) 77fb67e1 67fb sti 77fb67e3 7710 ja RtlConvertUlongToLargeInteger+0x1e25 (77fbcff5) 77fb67e5 68fb778b45 push 0x458b77fb 77fb67ea 085e5f or [esi+0x5f],bl ds:022c90d6=?? 77fb67ed c9 leave 77fb67ee c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0135F17C 77FA3510 0135F246 0135F1DE 00000012 0135F246 ntdll!memmove 0135F210 77F97E77 2F1E7626 0000000A 000000F7 0135F246 ntdll!RtlUnicodeStringToInteger 0135F444 77FA4854 0135F4B0 0135F468 00000000 0135F534 ntdll!RtlConvertSidToUnicodeString 0135F4C4 7C2EEE64 0135F4D8 00000000 02000000 00AC001E ntdll!RtlFormatCurrentUserKeyPath 0135F4E0 7C2EEB01 0135F6EC 0135F534 77F886DC 013500D6 advapi32!RegSetValueExA 0135F4FC 7C2EEF6F 0135F6EC 0135F534 0135F542 0135F7BC advapi32!RegSetValueExA 0135F544 7C2EEEF1 0135F6EC 0000023E 0135F7BC 02000000 advapi32!RegSetValueExA 0135F700 7C2EEEA1 0000023E 0135F7BC 00000000 02000000 advapi32!RegSetValueExA 0135F794 7C2F4A83 0000023E 0135F7BC 00000000 02000000 advapi32!RegSetValueExA 0135F7C8 7C2F4C36 0000023E 0135FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0135FC44 7CE28B31 0135FC6C 00000000 0009AFD0 00000000 advapi32!RegOpenKeyW 0135FE8C 71125C71 00000000 00000001 0135FEAC 0135FEC4 ole32!CreateOleAdviseHolder 0135FEBC 71125C18 00000000 0135FEDC 00000002 00095B40 BROWSEUI!Ordinal131 0135FEE0 71125BA7 00095B40 000960C8 000960C8 80004005 BROWSEUI!Ordinal131 0135FEF8 71125B6C 00000002 00095B40 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0135f174 09 00 00 00 12 00 00 00 - 10 f2 35 01 10 35 fa 77 ..........5..5.w 0135f184 46 f2 35 01 de f1 35 01 - 12 00 00 00 46 f2 35 01 F.5...5.....F.5. 0135f194 68 f4 35 01 01 00 00 c0 - 00 00 00 00 3e 00 00 00 h.5.........>... 0135f1a4 58 e5 09 00 00 00 00 00 - f8 f1 35 01 c1 4b 70 71 X.........5..Kpq 0135f1b4 6a 02 01 1c 20 00 00 00 - f0 00 00 00 10 00 00 00 j... ........... 0135f1c4 10 00 00 00 67 02 01 7b - 20 00 00 00 f0 00 00 00 ....g..{ ....... 0135f1d4 b8 53 f4 77 cd 53 f4 77 - 31 00 37 00 39 00 30 00 .S.w.S.w1.7.9.0. 0135f1e4 35 00 32 00 35 00 34 00 - 37 00 38 00 00 00 05 22 5.2.5.4.7.8...." 0135f1f4 00 00 00 02 90 f1 35 01 - f7 00 00 00 84 f7 35 01 ......5.......5. 0135f204 64 7e fb 77 10 1c f8 77 - 00 00 00 00 44 f4 35 01 d~.w...w....D.5. 0135f214 77 7e f9 77 26 76 1e 2f - 0a 00 00 00 f7 00 00 00 w~.w&v./........ 0135f224 46 f2 35 01 00 00 00 02 - d8 f4 35 01 34 00 00 c0 F.5.......5.4... 0135f234 53 00 2d 00 31 00 2d 00 - 35 00 2d 00 32 00 31 00 S.-.1.-.5.-.2.1. 0135f244 2d 00 37 00 39 00 30 00 - 35 00 32 00 35 00 34 00 -.7.9.0.5.2.5.4. 0135f254 37 00 38 00 48 31 f8 77 - ff ff ff ff 38 f4 35 01 7.8.H1.w....8.5. 0135f264 15 ae fc 77 d8 0a 07 00 - 00 00 00 02 d8 f4 35 01 ...w..........5. 0135f274 34 00 00 c0 39 00 39 00 - 34 00 34 00 38 00 38 00 4...9.9.4.4.8.8. 0135f284 2d 00 31 00 30 00 30 00 - 30 00 00 00 00 00 99 00 -.1.0.0.0....... 0135f294 00 00 cc 00 00 33 00 00 - 00 33 33 00 00 33 66 00 .....3...33..3f. 0135f2a4 00 33 99 00 00 33 cc 00 - 00 33 ff 00 00 66 00 00 .3...3...3...f.. Application exception occurred: App: explorer.exe (pid=696) When: 7/4/2005 @ 12:47:55.754 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 424 svchost.exe 468 svchost.exe 516 LEXBCES.exe 540 spoolsv.exe 568 LEXPPS.exe 596 ccSetMgr.exe 688 navapsvc.exe 764 SAVScan.exe 796 MSTask.exe 824 tcpsvcs.exe 872 stisvc.exe 912 symlcsvc.exe 928 wanmpsvc.exe 1000 WinMgmt.exe 1028 mspmspsv.exe 1040 svchost.exe 1072 ccEvtMgr.exe 1396 drwtsn32.exe 1244 wuauclt.exe 696 explorer.exe 1492 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76630000) (7C0F0000 - 7C154000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (76DF0000 - 76E01000) (01400000 - 0140F000) State Dump for Thread Id 0x564 eax=00000001 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a8c0 eip=0006f28e esp=0006f238 ebp=00000000 iopl=0 nv up ei pl nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000213 function: 0006f27f 0010 add [eax],dl ds:00000001=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000001=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000001=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 001cff add [edi+edi*8],bl ds:0008a8c0=6f FAULT ->0006f28e 0900 or [eax],eax ds:00000001=???????? 0006f290 60 pushad 0006f291 f7e6 mul esi 0006f293 7c00 jl 0006f295 0006f295 0000 add [eax],al ds:00000001=?? 0006f297 0000 add [eax],al ds:00000001=?? 0006f299 0000 add [eax],al ds:00000001=?? 0006f29b 0001 add [ecx],al ds:7cf12624=00 0006f29d 0000 add [eax],al ds:00000001=?? 0006f29f 0000 add [eax],al ds:00000001=?? 0006f2a1 0000 add [eax],al ds:00000001=?? 0006f2a3 0000 add [eax],al ds:00000001=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 9c a8 08 00 - 00 ff 09 00 00 00 00 00 ................ 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 1c ff 09 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 00 ff 09 00 - 00 00 00 00 05 40 00 80 .............@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 1c ff 09 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x5b4 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=0000008c eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 0000008C FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 8c 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 90 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 8c 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x5b8 eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5bc eax=00087000 ebx=00000102 ecx=011ffd00 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x5c0 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403852 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x5c4 eax=00000000 ebx=00000006 ecx=00098e44 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001F0 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000002 00000002 00000000 00000000 00000000 00000000 00000000 00000000 shell32! State Dump for Thread Id 0x5c8 eax=0134eca8 ebx=00000080 ecx=00070ad8 edx=00000000 esi=77fcb6ca edi=00000000 eip=77f88283 esp=0134f048 ebp=0134f0e0 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: NtCreateFile 77f88278 b820000000 mov eax,0x20 77f8827d 8d542404 lea edx,[esp+0x4] ss:022b8f2f=???????? 77f88281 cd2e int 2e 77f88283 c22c00 ret 0x2c 77f88286 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0134F0E0 77E30A0E 00000000 80000100 00000003 00000000 ntdll!NtCreateFile 0134F540 7CF732DB 0134F828 00000000 00100020 00100020 user32!PrivateExtractIconsW 0134F568 7CF73349 0134F828 00000000 00100020 00100020 shell32!Ordinal702 0134F5A0 7CF737B0 0134F828 00000000 0000000A 0134FA34 shell32!Ordinal6 0134F5CC 7CF743ED 000924A8 0134F828 00000000 0134FA34 shell32!Ordinal239 0134F6F8 7CF736BA 0008A328 0134F828 00000000 0134FA34 shell32!Ordinal654 0134FA40 7CF7CBC0 00000000 00000000 00096238 00096220 shell32!Ordinal239 0134FA68 7CF73B54 0008C54C 0008A328 00096238 00000000 shell32!Ordinal72 0134FEB4 7CF7175A 0008C550 11021000 00000000 00096220 shell32!Ordinal239 0134FED0 7CF71268 0008C550 00096238 00000000 00096220 shell32!Ordinal256 0134FEF4 7CF738CD 00089FA0 0008BD30 00096238 00000000 shell32!Ordinal256 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal239 *----> Raw Stack Dump <----* 0134f048 6c c5 58 7c e8 f0 34 01 - 80 01 10 80 84 f0 34 01 l.X|..4.......4. 0134f058 bc f0 34 01 00 00 00 00 - 80 00 00 00 03 00 00 00 ..4............. 0134f068 01 00 00 00 60 08 00 00 - 00 00 00 00 00 00 00 00 ....`........... 0134f078 80 00 00 10 29 c2 58 7c - 00 00 00 00 18 00 00 00 ....).X|........ 0134f088 00 00 00 00 c4 f0 34 01 - 40 00 00 00 00 00 00 00 ......4.@....... 0134f098 a8 f0 34 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..4............. 0134f0a8 0c 00 00 00 02 00 00 00 - 01 01 00 00 08 02 00 00 ................ 0134f0b8 18 f3 34 01 00 00 00 00 - 98 f5 34 01 72 00 1a 02 ..4.......4.r... 0134f0c8 d8 21 07 00 7f ff ff ef - 00 00 00 00 d8 21 07 00 .!...........!.. 0134f0d8 01 00 00 00 04 01 00 00 - 40 f5 34 01 0e 0a e3 77 ........@.4....w 0134f0e8 00 00 00 00 00 01 00 80 - 03 00 00 00 00 00 00 00 ................ 0134f0f8 03 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0134f108 28 a3 08 00 00 00 00 00 - 43 00 3a 00 5c 00 57 00 (.......C.:.\.W. 0134f118 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73 00 I.N.N.T.\.s.y.s. 0134f128 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 70 00 t.e.m.3.2.\.s.p. 0134f138 6f 00 6f 00 6c 00 5c 00 - 64 00 72 00 69 00 76 00 o.o.l.\.d.r.i.v. 0134f148 65 00 72 00 73 00 5c 00 - 77 00 33 00 32 00 78 00 e.r.s.\.w.3.2.x. 0134f158 38 00 36 00 5c 00 33 00 - 5c 00 6c 00 78 00 62 00 8.6.\.3.\.l.x.b. 0134f168 63 00 70 00 73 00 77 00 - 78 00 2e 00 65 00 78 00 c.p.s.w.x...e.x. 0134f178 65 00 00 00 75 67 f8 77 - 60 fc fc 77 37 6f f8 77 e...ug.w`..w7o.w State Dump for Thread Id 0x5cc eax=008b0000 ebx=00000000 ecx=013ff7ac edx=00000000 esi=7c32d764 edi=00000000 eip=77f88f13 esp=013ff738 ebp=013ff7a8 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:0236961f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 013FF7A8 77F87F26 7C32D700 7C2EEA7E 7C32D764 7CF0E5D1 ntdll!ZwWaitForSingleObject 013FF7D8 7C2F4644 013FF7F0 7C2F4633 013FF7F0 7CE28A11 ntdll!RtlEnterCriticalSection 013FFC44 7CE28B31 013FFC6C 00000000 7CF0E6F8 00000000 advapi32!RegCloseKey 013FFE8C 71125CA4 00000000 00000001 013FFEAC 013FFEC4 ole32!CreateOleAdviseHolder 013FFEBC 71125C18 00000000 013FFEDC 00000002 0009FD80 BROWSEUI!Ordinal131 013FFEE0 71125BA7 0009FD80 0009DB00 0009DB00 80004005 BROWSEUI!Ordinal131 013FFEF8 71125B6C 00000002 0009FD80 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 013ff738 95 f2 f8 77 0c 03 00 00 - 00 00 00 00 00 00 00 00 ...w............ 013ff748 64 d7 32 7c 60 d7 32 7c - 09 4c 2f 7c 25 6d f9 77 d.2|`.2|.L/|%m.w 013ff758 80 f7 3f 01 02 00 00 00 - 00 00 00 00 18 00 00 00 ..?............. 013ff768 12 03 00 00 bc f7 3f 01 - 40 00 00 00 00 00 00 00 ......?.@....... 013ff778 00 00 00 00 1c f7 3f 01 - 7a 00 00 00 dc ff 3f 01 ......?.z.....?. 013ff788 b6 1f 2d 7c a0 49 2f 7c - ff ff ff ff c8 f7 3f 01 ..-|.I/|......?. 013ff798 83 4a 2f 7c 12 03 00 00 - bc f7 3f 01 00 00 00 00 .J/|......?..... 013ff7a8 d8 f7 3f 01 26 7f f8 77 - 00 d7 32 7c 7e ea 2e 7c ..?.&..w..2|~..| 013ff7b8 64 d7 32 7c d1 e5 f0 7c - f0 f7 3f 01 62 ea 2e 7c d.2|...|..?.b..| 013ff7c8 60 d7 32 7c 12 03 00 00 - 02 00 00 00 01 00 00 00 `.2|............ 013ff7d8 44 fc 3f 01 44 46 2f 7c - f0 f7 3f 01 33 46 2f 7c D.?.DF/|..?.3F/| 013ff7e8 f0 f7 3f 01 11 8a e2 7c - 12 03 00 00 00 00 00 00 ..?....|........ 013ff7f8 01 00 00 00 28 06 0a 00 - 7b 00 30 00 30 00 30 00 ....(...{.0.0.0. 013ff808 32 00 31 00 34 00 39 00 - 33 00 2d 00 30 00 30 00 2.1.4.9.3.-.0.0. 013ff818 30 00 30 00 2d 00 30 00 - 30 00 30 00 30 00 2d 00 0.0.-.0.0.0.0.-. 013ff828 43 00 30 00 30 00 30 00 - 2d 00 30 00 30 00 30 00 C.0.0.0.-.0.0.0. 013ff838 30 00 30 00 30 00 30 00 - 30 00 30 00 30 00 34 00 0.0.0.0.0.0.0.4. 013ff848 36 00 7d 00 00 00 00 00 - 00 00 00 00 00 00 00 00 6.}............. 013ff858 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 013ff868 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Application exception occurred: App: explorer.exe (pid=1348) When: 7/4/2005 @ 12:48:07.821 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: cc807184-a User Name: Darius Number of Processors: 1 Processor Type: x86 Family 6 Model 8 Stepping 10 Windows 2000 Version: 5.0 Current Build: 2195 Service Pack: 4 Current Type: Uniprocessor Free Registered Organization: Registered Owner: Darius Daubaras *----> Task List <----* 0 Idle.exe 8 System.exe 172 smss.exe 200 csrss.exe 196 winlogon.exe 248 services.exe 260 lsass.exe 424 svchost.exe 468 svchost.exe 516 LEXBCES.exe 540 spoolsv.exe 568 LEXPPS.exe 596 ccSetMgr.exe 688 navapsvc.exe 764 SAVScan.exe 796 MSTask.exe 824 tcpsvcs.exe 872 stisvc.exe 912 symlcsvc.exe 928 wanmpsvc.exe 1000 WinMgmt.exe 1028 mspmspsv.exe 1040 svchost.exe 1072 ccEvtMgr.exe 1244 wuauclt.exe 1500 taskmgr.exe 1348 explorer.exe 696 drwtsn32.exe 0 _Total.exe (00400000 - 0043E000) (77F80000 - 77FFC000) (7C2D0000 - 7C335000) (7C570000 - 7C623000) (77D30000 - 77DA8000) (77F40000 - 77F7F000) (77E10000 - 77E79000) (70BD0000 - 70C1C000) (716F0000 - 7177A000) (75E60000 - 75E7A000) (732E0000 - 73305000) (23000000 - 23056000) (7CF30000 - 7D186000) (70200000 - 70279000) (77530000 - 77552000) (78000000 - 78045000) (690A0000 - 690AB000) (7CE20000 - 7CF21000) (7C950000 - 7C9E0000) (779B0000 - 77A4B000) (77840000 - 7787E000) (770C0000 - 770E3000) (70FE0000 - 710FB000) (71110000 - 711D9000) (76620000 - 76630000) (7C0F0000 - 7C154000) (76FA0000 - 76FAF000) (773E0000 - 773F5000) (7CDC0000 - 7CE13000) (77980000 - 779A4000) (75050000 - 75058000) (75030000 - 75044000) (75020000 - 75028000) (751C0000 - 751C6000) (77BF0000 - 77C01000) (77950000 - 7797B000) (7C340000 - 7C34F000) (75150000 - 75160000) (76F20000 - 76F97000) (76DF0000 - 76E01000) (014B0000 - 014BF000) State Dump for Thread Id 0x57c eax=00000000 ebx=0006f2c4 ecx=7cf12624 edx=00000000 esi=7ce6f760 edi=0008a8f4 eip=0006f28e esp=0006f238 ebp=00000000 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: 0006f27e 06 push es 0006f27f 0010 add [eax],dl ds:00000000=?? 0006f281 f8 clc 0006f282 06 push es 0006f283 0010 add [eax],dl ds:00000000=?? 0006f285 f8 clc 0006f286 06 push es 0006f287 0010 add [eax],dl ds:00000000=?? 0006f289 f8 clc 0006f28a 06 push es 0006f28b 00841b0a0060f7 add [ebx+ebx+0xf760000a],al ds:f766f2ce=?? 0006f292 e67c out 7c,al 0006f294 0000 add [eax],al ds:00000000=?? 0006f296 0000 add [eax],al ds:00000000=?? 0006f298 0000 add [eax],al ds:00000000=?? 0006f29a 0000 add [eax],al ds:00000000=?? 0006f29c 0100 add [eax],eax ds:00000000=???????? 0006f29e 0000 add [eax],al ds:00000000=?? 0006f2a0 0000 add [eax],al ds:00000000=?? 0006f2a2 0000 add [eax],al ds:00000000=?? 0006f2a4 0000 add [eax],al ds:00000000=?? 0006f2a6 0000 add [eax],al ds:00000000=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00000000 00000000 00000000 00000000 00000000 00000000 *----> Raw Stack Dump <----* 0006f238 60 f7 e6 7c c4 f2 06 00 - 01 00 00 00 e3 b5 e6 7c `..|...........| 0006f248 54 f2 06 00 60 f7 e6 7c - c4 f2 06 00 10 0f e7 7c T...`..|.......| 0006f258 01 00 00 00 d0 a8 08 00 - 68 1b 0a 00 00 00 00 00 ........h....... 0006f268 54 f2 06 00 dc f2 06 00 - eb c6 e6 7c 8c f2 06 00 T..........|.... 0006f278 07 d7 e6 7c 8c f2 06 00 - 10 f8 06 00 10 f8 06 00 ...|............ 0006f288 10 f8 06 00 84 1b 0a 00 - 60 f7 e6 7c 00 00 00 00 ........`..|.... 0006f298 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0006f2a8 c4 f2 06 00 68 1b 0a 00 - 00 00 00 00 05 40 00 80 ....h........@.. 0006f2b8 50 fc 06 00 00 00 00 00 - 84 1b 0a 00 00 00 00 00 P............... 0006f2c8 01 00 00 00 00 c8 07 00 - 00 00 00 00 00 00 00 00 ................ 0006f2d8 60 f6 06 00 f8 f2 06 00 - 5c d4 e6 7c 54 24 f1 7c `.......\..|T$.| 0006f2e8 00 00 00 00 10 f8 06 00 - d0 fd 06 00 58 24 f1 7c ............X$.| 0006f2f8 1c f3 06 00 7b d8 e6 7c - 10 f8 06 00 00 00 00 00 ....{..|........ 0006f308 d0 fd 06 00 5c 24 f1 7c - 00 00 00 00 00 00 00 00 ....\$.|........ 0006f318 01 00 00 00 3c f3 06 00 - 24 d8 e6 7c 58 24 f1 7c ....<...$..|X$.| 0006f328 00 00 00 00 10 f8 06 00 - d0 fd 06 00 05 40 00 80 .............@.. 0006f338 58 24 f1 7c 5c f3 06 00 - a0 d5 e6 7c 5c 24 f1 7c X$.|\......|\$.| 0006f348 01 00 00 00 00 00 00 00 - 60 f6 06 00 10 f8 06 00 ........`....... 0006f358 d0 fd 06 00 a0 f3 06 00 - 4f d5 e6 7c 5c 24 f1 7c ........O..|\$.| 0006f368 60 f6 06 00 00 00 00 00 - 10 f8 06 00 d0 fd 06 00 `............... State Dump for Thread Id 0x538 eax=008251b0 ebx=00000000 ecx=7c5723c0 edx=00000000 esi=77f88f08 edi=00000094 eip=77f88f13 esp=00c2fd48 ebp=00c2fd6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: ZwWaitForSingleObject 77f88f08 b8ea000000 mov eax,0xea 77f88f0d 8d542404 lea edx,[esp+0x4] ss:01b99c2f=???????? 77f88f11 cd2e int 2e 77f88f13 c20c00 ret 0xc 77f88f16 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 00C2FD6C 008252BB 00000094 FFFFFFFF 00000000 0006ED1C ntdll!ZwWaitForSingleObject 00C2FFB4 7C57B388 00000000 0006ED1C 0006ED68 00000000 00C2FFEC 00000000 008251B0 00000000 00000000 00002EB8 kernel32!lstrcmpiW *----> Raw Stack Dump <----* 00c2fd48 30 a0 59 7c 94 00 00 00 - 00 00 00 00 00 00 00 00 0.Y|............ 00c2fd58 98 00 00 00 00 00 10 00 - 00 00 00 00 01 01 00 00 ................ 00c2fd68 01 01 00 00 b4 ff c2 00 - bb 52 82 00 94 00 00 00 .........R...... 00c2fd78 ff ff ff ff 00 00 00 00 - 1c ed 06 00 68 ed 06 00 ............h... 00c2fd88 00 00 00 00 43 3a 5c 57 - 49 4e 4e 54 5c 65 78 70 ....C:\WINNT\exp 00c2fd98 6c 6f 72 65 72 2e 65 78 - 65 00 00 00 00 00 00 00 lorer.exe....... 00c2fda8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00c2fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0x52c eax=77d4aefc ebx=000832d8 ecx=00000000 edx=00000000 esi=00079cf0 edi=00000100 eip=77f88b37 esp=011bfe28 ebp=011bff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: ZwReplyWaitReceivePortEx 77f88b2c b8ac000000 mov eax,0xac 77f88b31 8d542404 lea edx,[esp+0x4] ss:02129d0f=???????? 77f88b35 cd2e int 2e 77f88b37 c21400 ret 0x14 77f88b3a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011BFF74 77D4E0C0 77D4E003 00079CF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx 011BFFA8 77D4AF16 00082738 011BFFEC 7C57B388 000832D8 rpcrt4!UuidCreate 011BFFB4 7C57B388 000832D8 00000000 00000000 000832D8 rpcrt4!RpcMgmtSetCancelTimeout 011BFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x528 eax=7ce57f6f ebx=00000102 ecx=00074480 edx=00000000 esi=77f88398 edi=011fff74 eip=77f883a3 esp=011fff60 ebp=011fff7c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: NtDelayExecution 77f88398 b832000000 mov eax,0x32 77f8839d 8d542404 lea edx,[esp+0x4] ss:02169e47=???????? 77f883a1 cd2e int 2e 77f883a3 c20800 ret 0x8 77f883a6 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 011FFF7C 7C59A25A 0000EA60 00000000 7CE75D45 0000EA60 ntdll!NtDelayExecution 00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep State Dump for Thread Id 0x534 eax=0000001c ebx=0006fee4 ecx=0123ff38 edx=00000000 esi=0006ff04 edi=00000000 eip=77e3c7cd esp=0123ff5c ebp=0123ff7c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: WaitMessage 77e3c7c2 b836120000 mov eax,0x1236 77e3c7c7 8d542404 lea edx,[esp+0x4] ss:021a9e43=???????? 77e3c7cb cd2e int 2e 77e3c7cd c3 ret 77e3c7ce 90 nop 77e3c7cf 90 nop 77e3c7d0 90 nop 77e3c7d1 90 nop 77e3c7d2 90 nop *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0123FF7C 00403852 70BECF39 00400000 00360031 00360030 user32!WaitMessage 0123FFB4 7C57B388 0006FEE4 00360031 00360030 0006FEE4 explorer! 0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW State Dump for Thread Id 0x530 eax=0130e36c ebx=00000006 ecx=000996d0 edx=00000000 esi=77f88ef8 edi=00000006 eip=77f88f03 esp=0130fd98 ebp=0130fde4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:02279c7f=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0130FDE4 77E4169F 0130FDBC 00000001 00000000 0130FDDC ntdll!NtWaitForMultipleObjects 0130FE40 77E41706 0130FE0C 0130FEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx 0130FE5C 7CF8BD66 00000005 0130FEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects 7D05EBF8 FFFFFFFF 00000000 00000000 000001E0 00000000 shell32!Ordinal68 77FCF8C0 7D05EBF8 77FCF8E8 77FCF8A8 00000009 00000009 00000000 00000000 00000000 00000000 00000000 00000000 shell32! *----> Raw Stack Dump <----* 0130fd98 fb a1 59 7c 06 00 00 00 - bc fd 30 01 01 00 00 00 ..Y|......0..... 0130fda8 00 00 00 00 dc fd 30 01 - 00 00 00 00 00 00 00 00 ......0......... 0130fdb8 06 00 00 00 e4 01 00 00 - ec 01 00 00 f0 01 00 00 ................ 0130fdc8 f4 01 00 00 d8 01 00 00 - dc 01 00 00 67 63 f7 7c ............gc.| 0130fdd8 00 00 00 00 00 d3 ce fe - ff ff ff ff 40 fe 30 01 ............@.0. 0130fde8 9f 16 e4 77 bc fd 30 01 - 01 00 00 00 00 00 00 00 ...w..0......... 0130fdf8 dc fd 30 01 00 00 00 00 - 00 00 00 00 30 05 00 00 ..0.........0... 0130fe08 05 00 00 00 e4 01 00 00 - ec 01 00 00 f0 01 00 00 ................ 0130fe18 f4 01 00 00 d8 01 00 00 - dc 01 00 00 20 36 45 00 ............ 6E. 0130fe28 00 90 fd 7f 04 00 00 00 - 00 00 00 00 cc 96 fd 7f ................ 0130fe38 00 00 00 00 dc 01 00 00 - 5c fe 30 01 06 17 e4 77 ........\.0....w 0130fe48 0c fe 30 01 b8 fe 30 01 - d0 07 00 00 ff 00 00 00 ..0...0......... 0130fe58 00 00 00 00 f8 eb 05 7d - 66 bd f8 7c 05 00 00 00 .......}f..|.... 0130fe68 b8 fe 30 01 00 00 00 00 - d0 07 00 00 ff 00 00 00 ..0............. 0130fe78 3e 01 01 00 00 00 00 00 - ec ff 30 01 00 00 00 00 >.........0..... 0130fe88 30 05 00 00 cb cb 44 80 - 00 00 00 00 e8 01 00 00 0.....D......... 0130fe98 30 05 00 00 00 00 00 00 - 00 04 00 00 00 00 00 00 0............... 0130fea8 00 00 00 00 e6 71 02 00 - 4d 03 00 00 b5 02 00 00 .....q..M....... 0130feb8 e4 01 00 00 ec 01 00 00 - f0 01 00 00 f4 01 00 00 ................ 0130fec8 d8 01 00 00 00 00 fb 00 - 0c 00 30 c0 fc 5b 12 bd ..........0..[.. State Dump for Thread Id 0x524 eax=7ffd0071 ebx=c0000034 ecx=00000030 edx=00000000 esi=00020008 edi=02000000 eip=77f88727 esp=0135f448 ebp=0135f4c4 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: NtOpenProcessToken 77f8871c b86b000000 mov eax,0x6b 77f88721 8d542404 lea edx,[esp+0x4] ss:022c932f=???????? 77f88725 cd2e int 2e 77f88727 c20c00 ret 0xc 77f8872a 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0135F4C4 7C2EEE64 0135F4D8 00000000 02000000 00000001 ntdll!NtOpenProcessToken 0135F4E0 7C2EEB01 0135F6EC 0135F534 77F886DC 013500D6 advapi32!RegSetValueExA 0135F4FC 7C2EEF6F 0135F6EC 0135F534 0135F542 0135F7BC advapi32!RegSetValueExA 0135F544 7C2EEEF1 0135F6EC 00000236 0135F7BC 02000000 advapi32!RegSetValueExA 0135F700 7C2EEEA1 00000236 0135F7BC 00000000 02000000 advapi32!RegSetValueExA 0135F794 7C2F4A83 00000236 0135F7BC 00000000 02000000 advapi32!RegSetValueExA 0135F7C8 7C2F4C36 00000236 0135FA0C 00000000 02000000 advapi32!RegOpenKeyExW 0135FC44 7CE28B31 0135FC6C 00000000 000797C8 00000000 advapi32!RegOpenKeyW 0135FE8C 71125C71 00000000 00000001 0135FEAC 0135FEC4 ole32!CreateOleAdviseHolder 0135FEBC 71125C18 00000000 0135FEDC 00000002 000A19D0 BROWSEUI!Ordinal131 0135FEE0 71125BA7 000A19D0 00094F78 00094F78 80004005 BROWSEUI!Ordinal131 0135FEF8 71125B6C 00000002 000A19D0 00000000 00000000 BROWSEUI!Ordinal131 00000000 00000000 00000000 00000000 00000000 00000000 BROWSEUI!Ordinal131 *----> Raw Stack Dump <----* 0135f448 b6 47 fa 77 ff ff ff ff - 08 00 02 00 c0 f4 35 01 .G.w..........5. 0135f458 34 f5 35 01 34 00 00 c0 - c2 b7 fc 77 28 0f 07 00 4.5.4......w(... 0135f468 90 c0 08 00 00 00 00 02 - dc 86 f8 77 00 00 00 00 ...........w.... 0135f478 f0 94 c8 5f f8 9f b4 74 - e8 03 00 00 01 ff 33 00 ..._...t......3. 0135f488 99 cc 66 00 34 f5 35 01 - 38 f5 35 01 10 00 00 00 ..f.4.5.8.5..... 0135f498 c4 f4 35 01 ca de f9 77 - 08 c1 08 00 00 00 07 00 ..5....w........ 0135f4a8 10 00 00 00 00 00 00 02 - 38 f5 35 01 34 00 00 c0 ........8.5.4... 0135f4b8 00 f5 35 01 35 00 00 00 - e0 f4 35 01 e0 f4 35 01 ..5.5.....5...5. 0135f4c8 64 ee 2e 7c d8 f4 35 01 - 00 00 00 00 00 00 00 02 d..|..5......... 0135f4d8 01 00 00 00 dc 86 f8 77 - fc f4 35 01 01 eb 2e 7c .......w..5....| 0135f4e8 ec f6 35 01 34 f5 35 01 - dc 86 f8 77 d6 00 35 01 ..5.4.5....w..5. 0135f4f8 b0 f5 35 01 44 f5 35 01 - 6f ef 2e 7c ec f6 35 01 ..5.D.5.o..|..5. 0135f508 34 f5 35 01 42 f5 35 01 - bc f7 35 01 00 00 00 00 4.5.B.5...5..... 0135f518 36 02 00 00 5c 00 00 00 - 1a 01 00 00 68 f5 35 01 6...\.......h.5. 0135f528 89 ed 2e 7c 44 f5 35 01 - 22 00 00 00 ec f6 9a 01 ...|D.5."....... 0135f538 c8 3e 0a 00 c8 3e 0a 00 - 36 02 00 00 00 f7 35 01 .>...>..6.....5. 0135f548 f1 ee 2e 7c ec f6 35 01 - 36 02 00 00 bc f7 35 01 ...|..5.6.....5. 0135f558 00 00 00 02 03 00 00 00 - 38 fc 35 01 00 00 00 00 ........8.5..... 0135f568 1a 01 00 00 5c 00 52 00 - 45 00 47 00 49 00 53 00 ....\.R.E.G.I.S. 0135f578 54 00 52 00 59 00 5c 00 - 4d 00 41 00 43 00 48 00 T.R.Y.\.M.A.C.H. State Dump for Thread Id 0x504 eax=0009e278 ebx=00000000 ecx=0139ffdc edx=00000000 esi=77fcb6ca edi=00000000 eip=77f88283 esp=0139ea08 ebp=0139eaa0 iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282 function: NtCreateFile 77f88278 b820000000 mov eax,0x20 77f8827d 8d542404 lea edx,[esp+0x4] ss:023088ef=???????? 77f88281 cd2e int 2e 77f88283 c22c00 ret 0x2c 77f88286 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0139EAA0 70BF4420 00000000 80000000 00000003 00000000 ntdll!NtCreateFile 0139ECD8 70C0E487 0139EF5C 80000000 00000003 00000000 SHLWAPI!SHDeleteKeyA 0139ED08 7CF7DF85 0139EF5C 00000000 0139EF30 7CF7C178 SHLWAPI!SHCreateStreamOnFileW 0139EF34 7CF7DF46 0139EF5C 7CF7DEFF 0008A30C 0139EF5C shell32!Ordinal72 0139F3C8 7CF7E279 0008C548 0009FF10 0008A30C 7CF75948 shell32!Ordinal72 0139FA08 7CF7DDCE 00000000 0009FF10 7CF79A10 0139FA74 shell32!Ordinal72 0139FA38 7CF7CBA8 0008C54C 00000000 00000001 0139FA78 shell32!Ordinal72 0139FA68 7CF73B54 0008C54C 00000000 0009FF10 00000000 shell32!Ordinal72 0139FEB4 7CF7175A 0008C550 11021000 00000000 0009FEF8 shell32!Ordinal239 0139FED0 7CF71268 0008C550 0009FF10 00000000 0009FEF8 shell32!Ordinal256 0139FEF4 7CF738CD 00089FA0 0008BD30 0009FF10 00000000 shell32!Ordinal256 00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal239 *----> Raw Stack Dump <----* 0139ea08 6c c5 58 7c a8 ea 39 01 - 80 00 10 80 44 ea 39 01 l.X|..9.....D.9. 0139ea18 7c ea 39 01 00 00 00 00 - 00 00 00 00 03 00 00 00 |.9............. 0139ea28 01 00 00 00 60 00 00 00 - 00 00 00 00 00 00 00 00 ....`........... 0139ea38 00 00 00 00 00 a3 08 00 - 00 00 00 00 18 00 00 00 ................ 0139ea48 00 00 00 00 84 ea 39 01 - 40 00 00 00 00 00 00 00 ......9.@....... 0139ea58 68 ea 39 01 00 00 00 00 - 00 00 00 00 00 00 00 00 h.9............. 0139ea68 0c 00 00 00 02 00 00 00 - 01 01 fc 77 30 00 30 00 ...........w0.0. 0139ea78 32 00 31 00 34 00 30 00 - 31 00 2d 00 9a 00 1a 02 2.1.4.0.1.-..... 0139ea88 d8 21 07 00 ff ff ff ff - 00 00 00 00 d8 21 07 00 .!...........!.. 0139ea98 01 00 00 00 30 00 30 00 - d8 ec 39 01 20 44 bf 70 ....0.0...9. D.p 0139eaa8 00 00 00 00 00 00 00 80 - 03 00 00 00 00 00 00 00 ................ 0139eab8 03 00 00 00 00 00 00 00 - 00 00 00 00 72 00 6f 00 ............r.o. 0139eac8 28 a7 09 00 28 00 00 00 - 76 00 65 00 00 70 fd 7f (...(...v.e..p.. 0139ead8 00 70 fd 7f a8 bd 07 00 - 50 00 00 00 50 16 f8 77 .p......P...P..w 0139eae8 dc ff 39 01 dc ff 39 01 - 3c eb 39 01 64 7e fb 77 ..9...9.<.9.d~.w 0139eaf8 50 16 f8 77 ff ff ff ff - 00 00 00 00 bc 99 59 7c P..w..........Y| 0139eb08 48 eb 39 01 03 00 1f 00 - 4c eb 39 01 ef 99 59 7c H.9.....L.9...Y| 0139eb18 00 00 00 00 00 00 00 00 - 40 b0 09 00 40 b0 09 00 ........@...@... 0139eb28 08 00 00 00 ff ff ff ff - 44 eb 39 01 14 eb 39 01 ........D.9...9. 0139eb38 dc ff 39 01 dc ff 39 01 - 54 1f 5c 7c 10 24 57 7c ..9...9.T.\|.$W| State Dump for Thread Id 0x550 eax=70bebfa6 ebx=00000002 ecx=85788d00 edx=00000000 esi=77f88ef8 edi=00000002 eip=77f88f03 esp=0147fe5c ebp=0147fea8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: NtWaitForMultipleObjects 77f88ef8 b8e9000000 mov eax,0xe9 77f88efd 8d542404 lea edx,[esp+0x4] ss:023e9d43=???????? 77f88f01 cd2e int 2e 77f88f03 c21400 ret 0x14 77f88f06 8bff mov edi,edi *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0147FEA8 77E4169F 0147FE80 00000001 00000000 0147FEA0 ntdll!NtWaitForMultipleObjects 0147FF04 77E41706 0147FED0 70C16170 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx 0147FF20 70BD18A5 00000001 70C16170 00000000 0000EA60 user32!MsgWaitForMultipleObjects 0147FF74 70BEC069 0147FFA0 0147FFA4 0147FFA8 0147FF9C SHLWAPI!Ordinal60 0147FFAC 70BEBFCF EC06D74F 7C57B388 00000000 C00010B8 SHLWAPI!Ordinal124 0147FFEC 00000000 00000000 00000000 00000000 00000000 SHLWAPI!Ordinal124