Jump to content


Photo

Device Driver Error, Computer Shuts Off


  • Please log in to reply
20 replies to this topic

#1 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 30 June 2006 - 09:27 PM

I am running Windows XP Home Edition. For awhile now, my computer
will shut off on it's own at any given time and acts like it is stuck in a loop where it will
'go to sleep' over and over and over again. After starting back up each time, the error messages varies from "Hardware Failed, Replace Failed Component" to "Device Driver Error". Each day it would
get worse. Finally, the system would not start back up. I restored the computer three days ago.

Restoring the computer did not help. Aside from still restarting over and over again through out the day, a new error message comes up reading "Generic Host Process for Win32 Services" and also a small
box with a red X circle reads "Sony Application. Resource DLL Error" after start up.

I am unable to complete any type of computer check (Adware, Spam, Defrag, etc) due to the computer shutting off at any given time. The last successful spyware scan I ran two months ago, my browser had been hijacked but I fixed it.

My Sony Digital Camera has a video movie mode to it, back in May I ran the movie option for the first time and played a 30 second clip.... it didn't ask to load anything before, during or after, but since then I do know the problems started.

I ran HJT and have a log ready if that would help any.

Thanks in advance.

Edited by mountainskies, 30 June 2006 - 09:28 PM.


#2 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 03 July 2006 - 11:28 PM

Is there another place on the net where I can get help with my PC problems? I'd sure appreciate it.

#3 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 July 2006 - 11:55 PM

bump.

Any ideas, please?

#4 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 08:04 AM

mountainskies

Click Start->>Run and type in cmd

It will open a Dos window with a C:\ prompt

Type in drwtsn32

Dr Watson will open

Click the first Browse button and Select Desktop

Click the second Browse button and Select Desktop

Now if you get a Drwatson error the log and the user.dmp files will show up on your desktop.

Open the log ( It will open in Notepad),

Select Edit->>Select All->>Rt Click->>Copy

And paste a copy of that log as a reply to this thread.

Thanks

bamajim
IPB Image

#5 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 09:39 AM

Thank you very much for the reply.... here is the log, I will cross my fingers it can give some answers. Thanks again.

MDMP(Q tID  d   +   T /?   8  
 ?    (
 /  AuthenticAMD?   | A7DR   pt 
vw

Edited by mountainskies, 15 July 2006 - 03:42 PM.


#6 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 09:41 AM

Is that correct? I sure hope I ran the log the right way!

#7 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 10:02 AM

mountainskies

Thats not exactly what I had in mind, Really got too much
Lets try this again, please

When Dr Watson opens
Under Crash Dump Type->>Mini should be selected
Under options: Only the following items should be "Checked"Dump All Thread contents
Append To Existing Log File
Create Crash Dump File
What we are looking for is a file copy of the Application errors in the bottom window

Before you do this again, delete the previous text file from your desktop.

One more thing when it opens in notepad; Select Edit->>Wordrap

thanks bamajim
IPB Image

#8 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 12:24 PM

bamajim, I am following your instructions but for some reason I am not finding the log your looking for, I continue to receive the log as I posted previously.

Once Dr Watson is open, I click on Browse then Desktop then OK. I click on the second Browse then Desktop then Open (user is in the field to open), but nothing is opening onto my Desktop.... Notepad is not opening up automatically.

Now, in Dr Watson it does show three Application Errors in the bottom window listing each one. I right click and it asks "What's This?". Can I click on View for each one and copy what is needed here?

I really do appreciate your help and I am sorry I seem to be having difficulties finding what your needing.

Edited by mountainskies, 11 July 2006 - 12:31 PM.


#9 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 12:38 PM

mountainskies

When you are saving the log in notepad, make sure the extension is "txt."

If you are still having problems, what I'm looking for is the error's in the bottom pane.

If I can get those we can go from there.

Sorry for any confusion

thanks bamajim
IPB Image

#10 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 12:51 PM

Here are the errors in the bottom pane.

C:\Program Files\Internet Explorer\iexplore.exe c0000005 mshtml(021D0366)
C:\Program Files\Internet Explorer\iexplore.exe c0000005 ntdll!RtlCaptureContext(77F7F6D1)
C:\Program Files\Internet Explorer\iexplore.exe c0000005 <nosymbols>(00000004)

#11 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 01:06 PM

mountainskies

Very well done, were almost there.
I have a simplier proceedure for us to use to get the info.

Open Notepad

With Dr. Watson open->> Higlite the first error, then click The view button, it will open the log for that error.
With that log open, Rt click your mouse in the log itself Select All, then Copy.
Copy the contents to Notepad, then paste it here.

These lists can be long, so lets do 1 error at a time

Here's a sample of what it should look like

Microsoft ® DrWtsn32
Copyright © 1985-2001 Microsoft Corp. All rights reserved.

Application exception occurred:
App: C:\WINDOWS\Explorer.EXE (pid=584)
When: 7/2/2006 @ 12:34:43.968
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name:
User Name:
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 6 Model 14 Stepping 8
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner:



of course it will be much longer

thanks bamajim
IPB Image

#12 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 01:17 PM

OK, that I can do lol. This is my husbands computer, hence the computer name.

Here is the first log;



Application exception occurred:
App: C:\Program Files\Internet Explorer\iexplore.exe (pid=2016)
When: 6/28/2006 @ 14:48:00.921
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: DENNISHOME
User Name: Owner
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 1
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: Dennis

*----> Task List <----*
0 System Process
4 System
424 smss.exe
472 csrss.exe
496 winlogon.exe
540 services.exe
560 lsass.exe
732 svchost.exe
792 svchost.exe
920 svchost.exe
1008 svchost.exe
1104 spoolsv.exe
1216 alg.exe
1276 Omniserv.exe
1704 OPXPApp.exe
1912 Explorer.EXE
1984 hpsysdrv.exe
2000 KBD.EXE
244 aoltray.exe
252 BackWeb-1940576.exe
316 Residence.exe
1612 SpamSubtract.exe
976 svchost.exe
1616 wuauclt.exe
2016 iexplore.exe
1580 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000419000: C:\Program Files\Internet Explorer\iexplore.exe
(0000000000900000 - 00000000010f7000: C:\WINDOWS\system32\SHELL32.dll
(0000000001660000 - 0000000001668000: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
(00000000017e0000 - 0000000001809000: C:\Program Files\Microsoft Money\System\mnyside.dll
(0000000001810000 - 0000000001821000: C:\Program Files\Microsoft Money\System\misstub.dll
(00000000018c0000 - 00000000018e1000: C:\WINDOWS\System32\SpSubLSP.dll
(0000000001920000 - 00000000019af000: C:\WINDOWS\System32\mlang.dll
(0000000002130000 - 00000000023e7000: C:\WINDOWS\System32\mshtml.dll
(00000000030f0000 - 0000000003117000: C:\WINDOWS\System32\MSLS31.DLL
(000000000ffa0000 - 000000000ffc1000: C:\WINDOWS\System32\dssenh.dll
(000000000ffd0000 - 000000000fff3000: C:\WINDOWS\System32\rsaenh.dll
(0000000010000000 - 0000000010006000: C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll
(0000000051000000 - 000000005104d000: C:\WINDOWS\System32\DDRAW.dll
(0000000058510000 - 0000000058575000: C:\WINDOWS\System32\macromed\flash\swflash.ocx
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\uxtheme.dll
(000000005e310000 - 000000005e31b000: C:\WINDOWS\System32\pngfilt.dll
(000000005ff20000 - 000000005ff43000: C:\WINDOWS\System32\MSRATING.DLL
(000000005ff50000 - 000000005ff61000: C:\WINDOWS\System32\msratelc.dll
(0000000065000000 - 0000000065009000: C:\WINDOWS\System32\ddrawex.dll
(0000000066880000 - 000000006688a000: C:\WINDOWS\System32\imgutil.dll
(0000000066e50000 - 0000000066e8b000: C:\WINDOWS\System32\iepeers.dll
(000000006bdd0000 - 000000006be03000: C:\WINDOWS\System32\dxtrans.dll
(000000006be10000 - 000000006be65000: C:\WINDOWS\System32\dxtmsft.dll
(000000006e4a0000 - 000000006e4a8000: C:\WINDOWS\System32\corpol.dll
(0000000070a70000 - 0000000070ad4000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071a50000 - 0000000071a8b000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\System32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac5000: C:\WINDOWS\System32\WS2_32.dll
(0000000071ad0000 - 0000000071ad8000: C:\WINDOWS\System32\wsock32.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\System32\NETAPI32.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\System32\sensapi.dll
(0000000072430000 - 0000000072442000: C:\WINDOWS\System32\browselc.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\System32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\System32\wdmaud.drv
(0000000073000000 - 0000000073023000: C:\WINDOWS\System32\WINSPOOL.DRV
(0000000073080000 - 000000007309c000: C:\WINDOWS\system32\rsvpsp.dll
(00000000732d0000 - 00000000732d5000: C:\WINDOWS\System32\SOFTPUB.DLL
(00000000732e0000 - 00000000732e5000: C:\WINDOWS\System32\riched32.dll
(0000000073300000 - 0000000073375000: C:\WINDOWS\System32\vbscript.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINDOWS\System32\DCIMAN32.dll
(0000000073d50000 - 0000000073d60000: C:\WINDOWS\System32\cryptnet.dll
(00000000745e0000 - 00000000748a6000: C:\WINDOWS\System32\msi.dll
(0000000074cb0000 - 0000000074d1f000: C:\WINDOWS\System32\mshtmled.dll
(0000000074e30000 - 0000000074e9a000: C:\WINDOWS\System32\RICHED20.dll
(0000000075150000 - 0000000075163000: C:\WINDOWS\System32\Cabinet.dll
(0000000075260000 - 0000000075287000: C:\WINDOWS\System32\ADVPACK.DLL
(0000000075a70000 - 0000000075b15000: C:\WINDOWS\system32\USERENV.dll
(0000000075c50000 - 0000000075ce1000: C:\WINDOWS\System32\jscript.dll
(0000000075e90000 - 0000000075f37000: C:\WINDOWS\System32\SXS.DLL
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\appHelp.dll
(0000000075f80000 - 000000007607c000: C:\WINDOWS\System32\BROWSEUI.dll
(00000000760f0000 - 000000007616a000: C:\WINDOWS\system32\urlmon.dll
(0000000076170000 - 00000000761f8000: C:\WINDOWS\System32\shdoclc.dll
(0000000076200000 - 0000000076298000: C:\WINDOWS\system32\WININET.dll
(00000000762a0000 - 00000000762b0000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 000000007634b000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\IMM32.DLL
(00000000763b0000 - 00000000763f5000: C:\WINDOWS\system32\comdlg32.dll
(0000000076670000 - 0000000076757000: C:\WINDOWS\System32\SETUPAPI.dll
(00000000767f0000 - 0000000076814000: C:\WINDOWS\System32\schannel.dll
(00000000769c0000 - 0000000076b0a000: C:\WINDOWS\System32\SHDOCVW.dll
(0000000076b20000 - 0000000076b35000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\System32\WINMM.dll
(0000000076c30000 - 0000000076c5b000: C:\WINDOWS\System32\wintrust.dll
(0000000076c60000 - 0000000076c89000: C:\WINDOWS\System32\sfc_os.dll
(0000000076c90000 - 0000000076cb2000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076ce0000 - 0000000076cff000: C:\WINDOWS\System32\NTMARTA.DLL
(0000000076e80000 - 0000000076e8d000: C:\WINDOWS\System32\rtutils.dll
(0000000076e90000 - 0000000076ea1000: C:\WINDOWS\System32\rasman.dll
(0000000076eb0000 - 0000000076edb000: C:\WINDOWS\System32\TAPI32.dll
(0000000076ee0000 - 0000000076f17000: C:\WINDOWS\System32\RASAPI32.DLL
(0000000076f20000 - 0000000076f45000: C:\WINDOWS\System32\DNSAPI.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\System32\Secur32.dll
(0000000076fb0000 - 0000000076fb7000: C:\WINDOWS\System32\winrnr.dll
(0000000076fc0000 - 0000000076fc5000: C:\WINDOWS\System32\rasadhlp.dll
(0000000076fd0000 - 0000000077048000: C:\WINDOWS\System32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d1000: C:\WINDOWS\system32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 00000000774d2000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\System32\midimap.dll
(0000000077be0000 - 0000000077bf4000: C:\WINDOWS\System32\MSACM32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078086000: C:\WINDOWS\system32\RPCRT4.dll
(0000000079170000 - 0000000079191000: C:\WINDOWS\System32\mscoree.dll
(0000000079410000 - 0000000079422000: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
(000000007c000000 - 000000007c054000: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\MSVCR70.dll
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll

*----> State Dump for Thread Id 0xcc <----*

eax=00000000 ebx=0258b680 ecx=02218728 edx=0000001b esi=0258b6b4 edi=02218728
eip=021d0366 esp=0013d288 ebp=0013d2c4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\mshtml.dll -
function: mshtml
021d0351 40 inc eax
021d0352 0401 add al,0x1
021d0354 46 inc esi
021d0355 045e add al,0x5e
021d0357 c20400 ret 0x4
021d035a 56 push esi
021d035b 8b742408 mov esi,[esp+0x8]
021d035f 8b06 mov eax,[esi]
021d0361 8b5604 mov edx,[esi+0x4]
021d0364 f7d8 neg eax
FAULT ->021d0366 014158 add [ecx+0x58],eax ds:0023:02218780=144d8dff
021d0369 014160 add [ecx+0x60],eax
021d036c f7da neg edx
021d036e 01515c add [ecx+0x5c],edx
021d0371 015164 add [ecx+0x64],edx
021d0374 56 push esi
021d0375 e8c1ffffff call mshtml+0xa033b (021d033b)
021d037a 5e pop esi
021d037b c20400 ret 0x4
021d037e 8b442404 mov eax,[esp+0x4]
021d0382 8b10 mov edx,[eax]

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\MSLS31.DLL -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0013d2c4 030f2fc4 0243c940 02529910 00000001 mshtml+0xa0366
00000000 00000000 00000000 00000000 00000000 MSLS31!LsQueryLineDup+0x4da

*----> Raw Stack Dump <----*
000000000013d288 80 b6 58 02 2a 04 1d 02 - b4 b6 58 02 00 00 00 00 ..X.*.....X.....
000000000013d298 bc e4 13 00 00 00 00 00 - d5 05 01 27 00 00 00 00 ...........'....
000000000013d2a8 00 00 00 00 40 c9 43 02 - e8 9f 44 02 00 00 00 00 ....@.C...D.....
000000000013d2b8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013d2c8 c4 2f 0f 03 40 c9 43 02 - 10 99 52 02 01 00 00 00 ./..@.C...R.....
000000000013d2d8 d2 98 55 02 00 00 00 00 - a8 32 0f 03 00 00 00 00 ..U......2......
000000000013d2e8 40 bf 04 03 b8 d5 13 00 - 06 00 00 00 ec 9e 44 02 @.............D.
000000000013d2f8 34 d3 13 00 24 26 0f 03 - 48 00 ef 02 06 00 00 00 4...$&..H.......
000000000013d308 10 1b 45 02 00 00 00 00 - 00 00 00 00 18 d3 13 00 ..E.............
000000000013d318 0d 00 00 00 03 00 00 00 - 10 00 00 00 0d 00 00 00 ................
000000000013d328 03 00 00 00 10 00 00 00 - 1e 00 00 00 28 d6 13 00 ............(...
000000000013d338 33 87 21 02 28 87 21 02 - 00 00 00 00 00 00 00 01 3.!.(.!.........
000000000013d348 80 b6 58 02 90 b4 58 02 - c0 00 00 00 94 00 00 00 ..X...X.........
000000000013d358 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013d368 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013d378 a7 03 00 00 6e 02 00 00 - 02 00 00 00 02 00 00 00 ....n...........
000000000013d388 a9 03 00 00 70 02 00 00 - f8 e4 13 00 00 00 00 00 ....p...........
000000000013d398 00 00 00 00 00 00 00 00 - 00 00 00 00 8d 65 1c 02 .............e..
000000000013d3a8 00 00 00 00 00 00 00 00 - d5 02 00 00 44 01 00 00 ............D...
000000000013d3b8 c0 00 00 00 94 00 00 00 - 95 03 00 00 d8 01 00 00 ................

*----> State Dump for Thread Id 0x56c <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=7ffe0304 esp=0155ff9c ebp=0155ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0155ff98 77f75ab4 77f6c2c7 00000001 0155ffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
0155ffb4 77e7d33b 00000000 00000000 00000000 ntdll!ZwDelayExecution+0xc
0155ffec 00000000 77f6c282 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000155ff9c b4 5a f7 77 c7 c2 f6 77 - 01 00 00 00 ac ff 55 01 .Z.w...w......U.
000000000155ffac 00 00 00 00 00 00 00 80 - ec ff 55 01 3b d3 e7 77 ..........U.;..w
000000000155ffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000155ffcc 00 00 00 00 00 d0 fd 7f - c0 ff 55 01 07 00 00 00 ..........U.....
000000000155ffdc ff ff ff ff 09 48 e9 77 - b8 3d e8 77 00 00 00 00 .....H.w.=.w....
000000000155ffec 00 00 00 00 00 00 00 00 - 82 c2 f6 77 00 00 00 00 ...........w....
000000000155fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015600ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015600bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015600cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x134 <----*

eax=00000000 ebx=00000000 ecx=02000000 edx=00000000 esi=77fc32c0 edi=77fc32e0
eip=7ffe0304 esp=0165ff70 ebp=0165ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0165ff6c 77f7625d 77f519b1 000001cc 0165ffac *SharedUserSystemCall+0xc (FPO: [0,0,0])
0165ffb4 77e7d33b 00000000 0013d4c0 00150000 ntdll!ZwRemoveIoCompletion+0xc
0165ffec 00000000 77f51976 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000165ff70 5d 62 f7 77 b1 19 f5 77 - cc 01 00 00 ac ff 65 01 ]b.w...w......e.
000000000165ff80 b0 ff 65 01 98 ff 65 01 - a0 ff 65 01 c0 d4 13 00 ..e...e...e.....
000000000165ff90 00 00 15 00 00 00 00 00 - 00 00 00 00 68 8e 01 03 ............h...
000000000165ffa0 00 7c 28 e8 ff ff ff ff - 01 00 00 00 4c bf f6 77 .|(.........L..w
000000000165ffb0 18 24 e2 02 ec ff 65 01 - 3b d3 e7 77 00 00 00 00 .$....e.;..w....
000000000165ffc0 c0 d4 13 00 00 00 15 00 - 00 00 00 00 1f 00 00 00 ................
000000000165ffd0 00 c0 fd 7f c0 ff 65 01 - 07 00 00 00 ff ff ff ff ......e.........
000000000165ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
000000000165fff0 00 00 00 00 76 19 f5 77 - 00 00 00 00 00 00 00 00 ....v..w........
0000000001660000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ..............
0000000001660010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 ........@.......
0000000001660020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001660030 00 00 00 00 00 00 00 00 - 00 00 00 00 e8 00 00 00 ................
0000000001660040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!Th
0000000001660050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program canno
0000000001660060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53 20 t be run in DOS
0000000001660070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00 00 mode....$.......
0000000001660080 9d 1b 34 af d9 7a 5a fc - d9 7a 5a fc d9 7a 5a fc ..4..zZ..zZ..zZ.
0000000001660090 5a 66 54 fc dd 7a 5a fc - d9 7a 5a fc da 7a 5a fc ZfT..zZ..zZ..zZ.
00000000016600a0 8f 65 49 fc d3 7a 5a fc - d9 7a 5b fc eb 7a 5a fc .eI..zZ..z[..zZ.

*----> State Dump for Thread Id 0x348 <----*

eax=01aaf24c ebx=001968b8 ecx=00000001 edx=00000000 esi=7fffffff edi=ffffffff
eip=7ffe0304 esp=01aaf1a0 ebp=01aaf1dc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mswsock.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for C:\WINDOWS\System32\SpSubLSP.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\SpSubLSP.dll -
ChildEBP RetAddr Args to Child
01aaf19c 77f7671a 71a51f97 00000244 00000001 *SharedUserSystemCall+0xc (FPO: [0,0,0])
01aaf1dc 71a520a4 00000244 00000258 00000000 ntdll!NtWaitForSingleObject+0xc
01aaf2c0 018c7e0e 00000001 01aaf400 01aaf2fc mswsock+0x20a4
01aafe84 000002b0 00000acc 000004f8 00000888 SpSubLSP+0x7e0e

*----> Raw Stack Dump <----*
0000000001aaf1a0 1a 67 f7 77 97 1f a5 71 - 44 02 00 00 01 00 00 00 .g.w...qD.......
0000000001aaf1b0 c8 f1 aa 01 5c f2 aa 01 - 00 f4 aa 01 4c f2 aa 01 ....\.......L...
0000000001aaf1c0 3a 79 78 22 f4 9a c6 01 - ff ff ff ff ff ff ff 7f :yx"............
0000000001aaf1d0 b8 68 19 00 00 00 00 00 - 00 00 00 00 c0 f2 aa 01 .h..............
0000000001aaf1e0 a4 20 a5 71 44 02 00 00 - 58 02 00 00 00 00 00 00 . .qD...X.......
0000000001aaf1f0 04 00 00 00 34 fc aa 01 - 80 bb bb 01 4f aa e7 77 ....4.......O..w
0000000001aaf200 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
0000000001aaf210 47 01 48 03 44 57 f5 77 - 00 00 00 00 00 00 00 00 G.H.DW.w........
0000000001aaf220 00 00 00 00 00 00 00 00 - 10 00 00 00 00 00 00 00 ................
0000000001aaf230 00 00 00 00 00 00 00 00 - 00 00 00 00 80 0f 05 fd ................
0000000001aaf240 ff ff ff ff 00 00 00 00 - 68 f2 aa 01 80 0f 05 fd ........h.......
0000000001aaf250 ff ff ff ff 01 00 00 00 - 00 00 00 00 58 02 00 00 ............X...
0000000001aaf260 19 00 00 00 00 00 00 00 - 3c 08 00 00 19 00 00 00 ........<.......
0000000001aaf270 00 00 00 00 3c 08 00 00 - 02 01 00 00 00 00 00 00 ....<...........
0000000001aaf280 00 00 00 00 00 00 00 00 - ca 11 aa 71 40 ea 17 00 ...........q@...
0000000001aaf290 1c 00 00 00 01 00 00 00 - 00 00 00 00 4c f2 aa 01 ............L...
0000000001aaf2a0 00 00 00 00 b8 68 19 00 - f4 f1 aa 01 80 06 1a 00 .....h..........
0000000001aaf2b0 44 fc aa 01 bc 2a a7 71 - 80 b7 a5 71 ff ff ff ff D....*.q...q....
0000000001aaf2c0 84 fe aa 01 0e 7e 8c 01 - 01 00 00 00 00 f4 aa 01 .....~..........
0000000001aaf2d0 fc f2 aa 01 04 f5 aa 01 - 88 ff aa 01 34 fc aa 01 ............4...

*----> State Dump for Thread Id 0x374 <----*

eax=018c24f0 ebx=77f51502 ecx=01bd0640 edx=00000000 esi=00000250 edi=77e75923
eip=7ffe0304 esp=01ceff58 ebp=01ceff84 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
01ceff54 77f7625d 77e7594a 00000250 01ceffb4 *SharedUserSystemCall+0xc (FPO: [0,0,0])
01ceff84 018c252d 00000250 01ceffbc 01ceffb4 ntdll!ZwRemoveIoCompletion+0xc
77e7a5a2 e877e83a fffffd2a 14d445c7 c7000000 SpSubLSP+0x252d
e068346a 00000000 00000000 00000000 00000000 0xe877e83a

*----> Raw Stack Dump <----*
0000000001ceff58 5d 62 f7 77 4a 59 e7 77 - 50 02 00 00 b4 ff ce 01 ]b.wJY.wP.......
0000000001ceff68 9c ff ce 01 7c ff ce 01 - 00 00 00 00 56 9b 4f 80 ....|.......V.O.
0000000001ceff78 20 90 af ff 80 28 9e ff - 40 bd 42 f4 a2 a5 e7 77 ....(..@.B....w
0000000001ceff88 2d 25 8c 01 50 02 00 00 - bc ff ce 01 b4 ff ce 01 -%..P...........
0000000001ceff98 b0 ff ce 01 ff ff ff ff - 94 f4 aa 01 3d 00 00 00 ............=...
0000000001ceffa8 ec ff ce 01 50 02 00 00 - 00 00 00 00 e1 81 f5 77 ....P..........w
0000000001ceffb8 3b d3 e7 77 50 02 00 00 - 94 f4 aa 01 3d 00 00 00 ;..wP.......=...
0000000001ceffc8 50 02 00 00 00 00 00 00 - 00 80 fd 7f c0 ff ce 01 P...............
0000000001ceffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77 .........H.w.=.w
0000000001ceffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f0 24 8c 01 .............$..
0000000001cefff8 50 02 00 00 00 00 00 00 - 02 00 00 00 28 00 00 00 P...........(...
0000000001cf0008 47 ba 00 00 af 16 01 00 - 01 00 00 00 01 00 00 00 G...............
0000000001cf0018 af 16 01 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cf0088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x428 <----*

eax=71aa284d ebx=0019ce38 ecx=77f79005 edx=00000000 esi=77f75aa8 edi=0019ce38
eip=7ffe0304 esp=01e2fe8c ebp=01e2ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
01e2fe88 77f75ab4 71aa28a8 00000001 01e2ffa4 *SharedUserSystemCall+0xc (FPO: [0,0,0])
01e2ffb4 77e7d33b 0019ce38 0019ce38 01aaf5b0 ntdll!ZwDelayExecution+0xc
01e2ffec 00000000 71aa284d 0019ce38 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000001e2fe8c b4 5a f7 77 a8 28 aa 71 - 01 00 00 00 a4 ff e2 01 .Z.w.(.q........
0000000001e2fe9c b0 f5 aa 01 43 3a 5c 57 - 49 4e 44 4f 57 53 5c 53 ....C:\WINDOWS\S
0000000001e2feac 79 73 74 65 6d 33 32 5c - 57 53 32 48 45 4c 50 2e ystem32\WS2HELP.
0000000001e2febc 64 6c 6c 00 00 00 00 00 - 00 00 00 00 00 00 00 00 dll.............
0000000001e2fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001e2fedc 00 00 00 00 00 00 00 00 - 54 54 54 50 51 51 51 92 ........TTTPQQQ.
0000000001e2feec 77 77 77 d1 90 90 90 ff - 75 75 75 d4 4a 4a 4a 97 www.....uuu.JJJ.
0000000001e2fefc 3d 3d 3d 3b 00 00 00 04 - 00 00 00 00 00 00 00 00 ===;............
0000000001e2ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001e2ff1c 38 f5 df ff d4 42 53 80 - 00 84 d6 80 58 64 4f 80 8....BS.....XdO.
0000000001e2ff2c 7c 85 d6 80 10 84 d6 80 - 5d c3 61 80 20 90 af ff |.......].a. ...
0000000001e2ff3c 10 84 d6 80 00 70 fd 7f - 00 00 00 00 00 00 00 00 .....p..........
0000000001e2ff4c 90 7c 44 f4 8a cd 4f 80 - 00 00 00 00 05 00 00 00 .|D...O.........
0000000001e2ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 9a 9a 4f 80 ..............O.
0000000001e2ff6c 68 7c 44 f4 44 84 d6 80 - 56 9b 4f 80 20 90 af ff h|D.D...V.O. ...
0000000001e2ff7c 10 84 d6 80 40 7d 44 f4 - 00 00 00 00 f8 84 d6 80 ....@}D.........
0000000001e2ff8c 01 00 00 00 00 00 00 00 - 20 90 af ff 6e cd 4f 80 ........ ...n.O.
0000000001e2ff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 80 ................
0000000001e2ffac a8 7c 44 f4 30 62 f7 77 - ec ff e2 01 3b d3 e7 77 .|D.0b.w....;..w
0000000001e2ffbc 38 ce 19 00 38 ce 19 00 - b0 f5 aa 01 38 ce 19 00 8...8.......8...

*----> State Dump for Thread Id 0x14c <----*

eax=780015dd ebx=065067e8 ecx=77120000 edx=00000000 esi=00000100 edi=00000000
eip=7ffe0304 esp=01f2fe28 ebp=01f2ff90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
01f2fe24 77f762b7 780016a4 000001e4 01f2ff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
01f2ff90 78001601 780019d6 00153208 00000000 ntdll!ZwReplyWaitReceivePortEx+0xc
001633c0 ffffffff 000002d0 000002cc 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

*----> Raw Stack Dump <----*
0000000001f2fe28 b7 62 f7 77 a4 16 00 78 - e4 01 00 00 80 ff f2 01 .b.w...x........
0000000001f2fe38 00 00 00 00 e8 67 50 06 - 60 ff f2 01 f4 5d 01 00 .....gP.`....]..
0000000001f2fe48 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fe58 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 00 00 01 00 .]...]...]......
0000000001f2fe68 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fe78 f4 5d 01 00 01 00 00 00 - f4 5d 01 00 f4 5d 01 00 .].......]...]..
0000000001f2fe88 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fe98 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fea8 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2feb8 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fec8 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fed8 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fee8 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2fef8 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2ff08 f4 5d 01 00 f4 5d 01 00 - f4 5d 01 00 f4 5d 01 00 .]...]...]...]..
0000000001f2ff18 f4 5d 01 00 38 f5 df ff - d4 42 53 80 00 dd d6 80 .]..8....BS.....
0000000001f2ff28 58 64 4f 80 14 df d6 80 - a8 dd d6 80 5d c3 61 80 XdO.........].a.
0000000001f2ff38 20 90 af ff a8 dd d6 80 - 2f 16 00 78 60 ff f2 01 ......./..x`...
0000000001f2ff48 4a 16 00 78 b0 d3 15 00 - 40 36 16 00 c0 33 16 00 J..x....@6...3..
0000000001f2ff58 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x384 <----*

eax=04505610 ebx=77f755de ecx=76202241 edx=00000000 esi=00000358 edi=00000000
eip=7ffe0304 esp=028fff18 ebp=028fff7c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
028fff14 77f7671a 77e7a62d 00000358 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
028fff7c 77e7ac21 00000358 000927c0 00000000 ntdll!NtWaitForSingleObject+0xc
77f75690 4affc033 89177508 fff00c42 037d044a kernel32!WaitForSingleObject+0xf
0424548b 00000000 00000000 00000000 00000000 0x4affc033

*----> Raw Stack Dump <----*
00000000028fff18 1a 67 f7 77 2d a6 e7 77 - 58 03 00 00 00 00 00 00 .g.w-..wX.......
00000000028fff28 40 ff 8f 02 00 00 00 00 - e0 25 3f 02 de 55 f7 77 @........%?..U.w
00000000028fff38 c8 cd 1c 02 40 ff 8f 02 - 00 44 5f 9a fe ff ff ff ....@....D_.....
00000000028fff48 00 f0 fd 7f 00 f0 fa 7f - 14 00 00 00 01 00 00 00 ................
00000000028fff58 00 00 00 00 00 00 00 00 - 10 00 00 00 2c ff 8f 02 ............,...
00000000028fff68 00 00 00 00 dc ff 8f 02 - 09 48 e9 77 e0 3a e8 77 .........H.w.:.w
00000000028fff78 00 00 00 00 90 56 f7 77 - 21 ac e7 77 58 03 00 00 .....V.w!..wX...
00000000028fff88 c0 27 09 00 00 00 00 00 - d8 b2 1c 02 58 03 00 00 .'..........X...
00000000028fff98 c0 27 09 00 58 18 19 00 - e0 25 3f 02 ec ff 8f 02 .'..X....%?.....
00000000028fffa8 e0 25 3f 02 2f 8a 1a 02 - 00 20 18 00 09 8a 1a 02 .%?./.... ......
00000000028fffb8 3b d3 e7 77 e0 25 3f 02 - 58 18 19 00 00 20 18 00 ;..w.%?.X.... ..
00000000028fffc8 e0 25 3f 02 00 00 00 00 - 00 f0 fa 7f c0 ff 8f 02 .%?.............
00000000028fffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77 .........H.w.=.w
00000000028fffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 8a 1a 02 ................
00000000028ffff8 e0 25 3f 02 00 00 00 00 - 02 02 00 00 00 00 00 00 .%?.............
0000000002900008 00 00 00 00 04 03 02 02 - 02 02 00 08 01 01 01 01 ................
0000000002900018 01 01 01 01 00 00 04 02 - 02 02 00 08 08 08 01 01 ................
0000000002900028 01 01 01 01 01 01 00 04 - 02 02 00 08 08 08 06 05 ................
0000000002900038 05 05 05 01 05 05 05 00 - 02 02 00 08 08 08 06 05 ................
0000000002900048 05 05 05 01 05 05 05 00 - 02 02 00 08 08 08 06 05 ................

*----> State Dump for Thread Id 0x734 <----*

eax=02df1a68 ebx=77f755de ecx=02df1668 edx=00000000 esi=000003c8 edi=00000000
eip=7ffe0304 esp=0327ff18 ebp=0327ff7c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0327ff14 77f7671a 77e7a62d 000003c8 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0327ff7c 77e7ac21 000003c8 000927c0 00000000 ntdll!NtWaitForSingleObject+0xc
77f75690 4affc033 89177508 fff00c42 037d044a kernel32!WaitForSingleObject+0xf
0424548b 00000000 00000000 00000000 00000000 0x4affc033

*----> Raw Stack Dump <----*
000000000327ff18 1a 67 f7 77 2d a6 e7 77 - c8 03 00 00 00 00 00 00 .g.w-..w........
000000000327ff28 40 ff 27 03 00 00 00 00 - 60 ca 44 02 de 55 f7 77 @.'.....`.D..U.w
000000000327ff38 00 00 00 00 40 ff 27 03 - 00 44 5f 9a fe ff ff ff ....@.'..D_.....
000000000327ff48 00 f0 fd 7f 00 d0 fa 7f - 14 00 00 00 01 00 00 00 ................
000000000327ff58 00 00 00 00 00 00 00 00 - 10 00 00 00 2c ff 27 03 ............,.'.
000000000327ff68 74 92 3a 02 dc ff 27 03 - 09 48 e9 77 e0 3a e8 77 t.:...'..H.w.:.w
000000000327ff78 00 00 00 00 90 56 f7 77 - 21 ac e7 77 c8 03 00 00 .....V.w!..w....
000000000327ff88 c0 27 09 00 00 00 00 00 - d8 b2 1c 02 c8 03 00 00 .'..............
000000000327ff98 c0 27 09 00 ff ff ff ff - 60 ca 44 02 ec ff 27 03 .'......`.D...'.
000000000327ffa8 60 ca 44 02 2f 8a 1a 02 - b2 17 f5 77 09 8a 1a 02 `.D./......w....
000000000327ffb8 3b d3 e7 77 60 ca 44 02 - ff ff ff ff b2 17 f5 77 ;..w`.D........w
000000000327ffc8 60 ca 44 02 00 00 00 00 - 00 d0 fa 7f c0 ff 27 03 `.D...........'.
000000000327ffd8 07 00 00 00 ff ff ff ff - 09 48 e9 77 b8 3d e8 77 .........H.w.=.w
000000000327ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 8a 1a 02 ................
000000000327fff8 60 ca 44 02 00 00 00 00 - 00 00 00 00 00 00 00 00 `.D.............
0000000003280008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003280018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003280028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003280038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003280048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x4f4 <----*

eax=00000000 ebx=046803ec ecx=05080000 edx=00000000 esi=00000000 edi=046803ec
eip=7ffe0304 esp=04f7ff30 ebp=04f7ff5c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\dxtrans.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
04f7ff2c 77f7625d 77e7594a 00000534 04f7ff8c *SharedUserSystemCall+0xc (FPO: [0,0,0])
04f7ff5c 6bdd3042 00000534 04f7ff88 04f7ff8c ntdll!ZwRemoveIoCompletion+0xc
04f7ffb4 77e7d33b 046803ec ffffffff 77f517e6 dxtrans!DllGetClassObject+0xd08
04f7ffec 00000000 6bdd3006 046803ec 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000004f7ff30 5d 62 f7 77 4a 59 e7 77 - 34 05 00 00 8c ff f7 04 ]b.wJY.w4.......
0000000004f7ff40 74 ff f7 04 54 ff f7 04 - 00 00 00 00 00 00 00 00 t...T...........
0000000004f7ff50 e6 17 f5 77 ec 03 68 04 - ec 03 68 04 b4 ff f7 04 ...w..h...h.....
0000000004f7ff60 42 30 dd 6b 34 05 00 00 - 88 ff f7 04 8c ff f7 04 B0.k4...........
0000000004f7ff70 90 ff f7 04 ff ff ff ff - ff ff ff ff e6 17 f5 77 ...............w
0000000004f7ff80 ec 03 68 04 00 00 00 00 - 98 41 d8 80 01 00 00 00 ..h......A......
0000000004f7ff90 00 00 00 00 00 00 00 00 - ec 03 68 04 78 ff f7 04 ..........h.x...
0000000004f7ffa0 00 00 00 00 dc ff f7 04 - cc 22 df 6b d0 73 dd 6b .........".k.s.k
0000000004f7ffb0 ff ff ff ff ec ff f7 04 - 3b d3 e7 77 ec 03 68 04 ........;..w..h.
0000000004f7ffc0 ff ff ff ff e6 17 f5 77 - ec 03 68 04 00 00 00 00 .......w..h.....
0000000004f7ffd0 00 b0 fa 7f c0 ff f7 04 - 07 00 00 00 ff ff ff ff ................
0000000004f7ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
0000000004f7fff0 00 00 00 00 06 30 dd 6b - ec 03 68 04 00 00 00 00 .....0.k..h.....
0000000004f80000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f80010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f80020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f80030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f80040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f80050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f80060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x30c <----*

eax=00000000 ebx=046803ec ecx=05080000 edx=00000000 esi=00000000 edi=046803ec
eip=7ffe0304 esp=0507ff30 ebp=0507ff5c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0507ff2c 77f7625d 77e7594a 00000534 0507ff8c *SharedUserSystemCall+0xc (FPO: [0,0,0])
0507ff5c 6bdd3042 00000534 0507ff88 0507ff8c ntdll!ZwRemoveIoCompletion+0xc
0507ffb4 77e7d33b 046803ec ffffffff 77f517e6 dxtrans!DllGetClassObject+0xd08
0507ffec 00000000 6bdd3006 046803ec 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
000000000507ff30 5d 62 f7 77 4a 59 e7 77 - 34 05 00 00 8c ff 07 05 ]b.wJY.w4.......
000000000507ff40 74 ff 07 05 54 ff 07 05 - 00 00 00 00 00 00 00 00 t...T...........
000000000507ff50 e6 17 f5 77 ec 03 68 04 - ec 03 68 04 b4 ff 07 05 ...w..h...h.....
000000000507ff60 42 30 dd 6b 34 05 00 00 - 88 ff 07 05 8c ff 07 05 B0.k4...........
000000000507ff70 90 ff 07 05 ff ff ff ff - ff ff ff ff e6 17 f5 77 ...............w
000000000507ff80 ec 03 68 04 00 00 00 00 - f0 82 bd ff 01 00 00 00 ..h.............
000000000507ff90 00 00 00 00 00 00 00 00 - ec 03 68 04 78 ff 07 05 ..........h.x...
000000000507ffa0 00 00 00 00 dc ff 07 05 - cc 22 df 6b d0 73 dd 6b .........".k.s.k
000000000507ffb0 ff ff ff ff ec ff 07 05 - 3b d3 e7 77 ec 03 68 04 ........;..w..h.
000000000507ffc0 ff ff ff ff e6 17 f5 77 - ec 03 68 04 00 00 00 00 .......w..h.....
000000000507ffd0 00 a0 fa 7f c0 ff 07 05 - 07 00 00 00 ff ff ff ff ................
000000000507ffe0 09 48 e9 77 b8 3d e8 77 - 00 00 00 00 00 00 00 00 .H.w.=.w........
000000000507fff0 00 00 00 00 06 30 dd 6b - ec 03 68 04 00 00 00 00 .....0.k..h.....
0000000005080000 80 03 00 00 00 10 00 00 - 60 54 0d 7f 00 00 00 00 ........`T......
0000000005080010 36 0b 00 00 00 00 00 00 - 78 0a 00 00 00 00 00 00 6.......x.......
0000000005080020 c2 61 0f 00 00 00 00 00 - 80 fa 02 00 00 00 00 00 .a..............
0000000005080030 ef 52 03 00 00 00 00 00 - 4a 00 00 00 4d 00 00 00 .R......J...M...
0000000005080040 19 00 00 00 1c 00 00 00 - 09 00 00 00 fb 01 00 00 ................
0000000005080050 fb 04 00 00 43 01 00 00 - 4f 00 00 00 33 00 00 00 ....C...O...3...
0000000005080060 68 0e 08 05 68 00 08 05 - 18 97 e4 02 00 f0 e1 02 h...h...........

*----> State Dump for Thread Id 0x370 <----*

eax=72d22ecc ebx=051dff1c ecx=000000fa edx=00000000 esi=00000000 edi=7ffdf000
eip=7ffe0304 esp=051dfed4 ebp=051dff70 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
051dfed0 77f7670b 77e75ee0 00000002 051dff1c *SharedUserSystemCall+0xc (FPO: [0,0,0])
051dff70 77e75faa 00000002 051dffa4 00000000 ntdll!ZwWaitForMultipleObjects+0xc
051dffb4 77e7d33b 00000000 00000021 41f5166a kernel32!WaitForMultipleObjects+0x17
051dffec 00000000 72d22ecc 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000051dfed4 0b 67 f7 77 e0 5e e7 77 - 02 00 00 00 1c ff 1d 05 .g.w.^.w........
00000000051dfee4 01 00 00 00 00 00 00 00 - 00 00 00 00 21 00 00 00 ............!...
00000000051dfef4 00 00 00 00 00 00 00 00 - d0 01 15 00 40 00 00 00 ............@...
00000000051dff04 00 00 00 00 a8 01 15 00 - a8 01 15 00 02 00 00 00 ................
00000000051dff14 00 f0 fd 7f 00 90 fa 7f - 7c 05 00 00 68 05 00 00 ........|...h...
00000000051dff24 00 95 d5 80 58 64 4f 80 - 24 97 d5 80 b8 95 d5 80 ....XdO.$.......
00000000051dff34 5d c3 61 80 20 90 af ff - 1c ff 1d 05 00 90 fa 7f ].a. ...........
00000000051dff44 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000051dff54 10 00 00 00 f0 fe 1d 05 - 00 00 00 00 dc ff 1d 05 ................
00000000051dff64 09 48 e9 77 78 32 e8 77 - 00 00 00 00 b4 ff 1d 05 .H.wx2.w........
00000000051dff74 aa 5f e7 77 02 00 00 00 - a4 ff 1d 05 00 00 00 00 ._.w............
00000000051dff84 ff ff ff ff 00 00 00 00 - 0c 2f d2 72 02 00 00 00 ........./.r....
00000000051dff94 a4 ff 1d 05 00 00 00 00 - ff ff ff ff 6a 16 f5 41 ............j..A
00000000051dffa4 7c 05 00 00 68 05 00 00 - a8 5c 90 f4 30 62 f7 77 |...h....\..0b.w
00000000051dffb4 ec ff 1d 05 3b d3 e7 77 - 00 00 00 00 21 00 00 00 ....;..w....!...
00000000051dffc4 6a 16 f5 41 00 00 00 00 - 00 00 00 00 00 90 fa 7f j..A............
00000000051dffd4 c0 ff 1d 05 07 00 00 00 - ff ff ff ff 09 48 e9 77 .............H.w
00000000051dffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .=.w............
00000000051dfff4 cc 2e d2 72 00 00 00 00 - 00 00 00 00 00 00 00 00 ...r............
00000000051e0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x4ec <----*

eax=00000000 ebx=000005ac ecx=00000070 edx=00000000 esi=052dff98 edi=77d4438f
eip=7ffe0304 esp=052dff54 ebp=052dff78 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
052dff50 77d43a21 77d443cd 052dff98 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
052dff78 76b41c79 052dff98 00000000 00000000 USER32+0x3a21
052dffb4 77e7d33b 000005ac 00010003 00150000 WINMM!timeGetTime+0x1a1
052dffec 00000000 76b41c14 000005ac 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
00000000052dff54 21 3a d4 77 cd 43 d4 77 - 98 ff 2d 05 00 00 00 00 !:.w.C.w..-.....
00000000052dff64 00 00 00 00 00 00 00 00 - ac 05 00 00 8f 43 d4 77 .............C.w
00000000052dff74 00 00 00 00 b4 ff 2d 05 - 79 1c b4 76 98 ff 2d 05 ......-.y..v..-.
00000000052dff84 00 00 00 00 00 00 00 00 - 00 00 00 00 03 00 01 00 ................
00000000052dff94 00 00 15 00 1c 01 06 00 - bc 03 00 00 90 1d fd 02 ................
00000000052dffa4 00 00 00 00 21 b5 71 00 - 90 03 00 00 9c 00 00 00 ....!.q.........
00000000052dffb4 ec ff 2d 05 3b d3 e7 77 - ac 05 00 00 03 00 01 00 ..-.;..w........
00000000052dffc4 00 00 15 00 ac 05 00 00 - 00 00 00 00 00 80 fa 7f ................
00000000052dffd4 c0 ff 2d 05 07 00 00 00 - ff ff ff ff 09 48 e9 77 ..-..........H.w
00000000052dffe4 b8 3d e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .=.w............
00000000052dfff4 14 1c b4 76 ac 05 00 00 - 00 00 00 00 0d 00 af 6f ...v...........o
00000000052e0004 01 00 3f 00 3f 00 3f 00 - 3f 00 00 00 00 00 00 00 ..?.?.?.?.......
00000000052e0014 00 00 00 00 00 00 03 01 - 00 00 01 00 02 00 03 00 ................
00000000052e0024 04 00 05 00 06 00 07 00 - 08 00 09 00 0a 00 0b 00 ................
00000000052e0034 0c 00 0d 00 0e 00 0f 00 - 10 00 11 00 12 00 13 00 ................
00000000052e0044 14 00 15 00 16 00 17 00 - 18 00 19 00 1a 00 1b 00 ................
00000000052e0054 1c 00 1d 00 1e 00 1f 00 - 20 00 21 00 22 00 23 00 ........ .!.".#.
00000000052e0064 24 00 25 00 26 00 27 00 - 28 00 29 00 2a 00 2b 00 $.%.&.'.(.).*.+.
00000000052e0074 2c 00 2d 00 2e 00 2f 00 - 30 00 31 00 32 00 33 00 ,.-.../.0.1.2.3.
00000000052e0084 34 00 35 00 36 00 37 00 - 38 00 39 00 3a 00 3b 00 4.5.6.7.8.9.:.;.

*----> State Dump for Thread Id 0x3cc <----*

eax=000000c0 ebx=00000000 ecx=00630070 edx=00000000 esi=00000000 edi=00000001
eip=7ffe0304 esp=05d9fcec ebp=05d9ffb4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
05d9fce8 77f7670b 77f6b5f4 00000019 05d9fd30 *SharedUserSystemCall+0xc (FPO: [0,0,0])
05d9ffb4 77e7d33b 00000000 000000a0 006d005c ntdll!ZwWaitForMultipleObjects+0xc
05d9ffec 00000000 77f6b4bf 00000000 00000000 kernel32!RegisterWaitForInputIdle+0x43

*----> Raw Stack Dump <----*
0000000005d9fcec 0b 67 f7 77 f4 b5 f6 77 - 19 00 00 00 30 fd d9 05 .g.w...w....0...
0000000005d9fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 a0 00 00 00 ................
0000000005d9fd0c 5c 00 6d 00 00 00 00 00 - e8 49 fc 77 e8 49 fc 77 \.m......I.w.I.w
0000000005d9fd1c 20 07 00 00 cc 03 00 00 - 19 00 00 00 19 00 00 00 ...............
0000000005d9fd2c 18 00 00 00 1c 07 00 00 - dc 06 00 00 f0 00 00 00 ................
0000000005d9fd3c 64 07 00 00 6c 07 00 00 - 74 07 00 00 80 07 00 00 d...l...t.......
0000000005d9fd4c 98 07 00 00 a0 07 00 00 - ac 07 00 00 bc 07 00 00 ................
0000000005d9fd5c c8 07 00 00 d0 07 00 00 - dc 07 00 00 e8 07 00 00 ................
0000000005d9fd6c f4 07 00 00 fc 07 00 00 - 9c 09 00 00 c8 09 00 00 ................
0000000005d9fd7c 00 09 00 00 c4 09 00 00 - 30 08 00 00 e4 06 00 00 ........0.......


#13 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 01:49 PM

Mountainskies

Nice Job, :thumbsup:

Lets skip #2 and post #3 please

thanks bamajim
IPB Image

#14 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 02:02 PM

The posts in this thread? Do I need to edit them??

#15 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 02:07 PM

The posts in this thread? Do I need to edit them??


If your question is do I need to edit the existing posts, then no.

What I would like is for you to higlite the 3rd error in Dr Watson->>View and post that log.

If you have posted all 3 errors then please reply.

thanks bamajim
IPB Image

#16 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 03:44 PM

(removed)

Edited by mountainskies, 16 July 2006 - 09:19 PM.


#17 bamajim

bamajim

    Member

  • Security Colleague
  • Pip
  • 92 posts

Posted 11 July 2006 - 06:31 PM

mountainskies

Thanks for the logs, good job ;D

After looking at your logs
We have a few issues to deal with. I appreciate your patience, but I'm going to ask you to be
a little more patient.

You may want to print out these instructions so they will be easier to follow,
If at any time you have any questions please ask

Here's what we have so far:
  • Your description of your problems, while related need to be addressed indivdually
  • The Dr. Watson logs show signs of infection, most likely from an e-mail
  • The logs also show that the faults happened in Internet Explorer (which is different than your description)
  • The logs also show you are running SP1 (service pack 1) which has some security issues
  • The device failures you mentioned could be related but not likely
Here's what we need to do:

1. After you get these instructions, disconnect any accessories on your pcLeaving only the basics attached (mouse, keyboard, and monitor)
Then sign off the Internet (If you have an always on Internet connection, such as a DSL, physically disconnect it)
2. We need to verify that the Windows Files are in tact;To do this (and you may need your operating system disk that came with your PC)
Click Start->>Run and type in sfc /scannow (there is a space between sfc and /) ->> Enter
If it prompts you to install your OS disc during the operation, do so
This will take a while to run, once complete (the window will close automatically)
3. You indicated you had HijackthisRe run Hijackthis
and post a fresh log in the Malware Removal forum (naturally you will need to reconnect to the Internet to do this)
And post that log at the link provided below
http://forums.spywar...hp?showforum=18

Please keep me posted as to your progress as a reply to this thread (but do not post your Hijackthis log here)

After we get a clean bill of health, then we will take another look at your driver issues

Only one caution- Do Not attempt to install SP2 (service pack 2) untill instructed to do so

thanks bamajim
IPB Image

#18 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 08:21 PM

bamajim, Thank you :D ... I have the instructions printed and ready... small problem is that I do not have the OS disc handy. I will follow your instructions accordingly and see if I am able to continue without the disc.

I will run HJT regardless and post it in the correct forum, should be within the hour.

I tried to reinstall SP2 after I restored the computer a few weeks ago, but have had little luck with it.

I will update this evening. Thanks!

Edited by mountainskies, 11 July 2006 - 08:24 PM.


#19 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 July 2006 - 09:13 PM

bamajim, I ran sfc /scannow with out needing the OS disc, only problem is that the computer shut off half way through the scan. Did that twice. I went ahead and ran HJT quickly, the log is on the other forum. I may not have saved it properly as I was trying to hurry through before the computer shut off again. If I need to re-do the scan, please let me know. Thanks.

#20 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 12 July 2006 - 03:44 PM

I see others posting their HJT log in this forum, may I do the same?? I posted the log in the other forum as suggested but it has gone unanswered as it appears it's a very busy forum/posting area.

If I can post my log here, that would be great.

#21 mountainskies

mountainskies

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 16 July 2006 - 09:21 PM

bamajim, Thank you very much for the help you offered in this thread. I am still having major issues with this computer and I did as you suggested but for some odd reason, my HiJackThis Log Log posts continue to be removed. I will search elsewhere to find the help needed to get my computer back on track. Thanks again. mountainskies




Member of UNITE
Support SpywareInfo Forum - click the button