ok, I've already read the 'Cleaning Out Malware' forum first...
problem is..most of my anti-virus programs, and other windows applications have dis functioned some how.

Ok when I start up windows I get prompted with:

as soon as a I Click 'ok' I get this:


So far, I removed 'awtqr.exe' & 'awtqr.dll' manually by deleting the file in my system32 folder and a software called VundoFix which deleted the .dll

Even with these both deleted..I'm still prompted with the images which were given previously and still am left with disfunctional windows application..

Vundofix also made a back up of these:


Hijackthis still seems to work..
want a hijackthis log?..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:02 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqr.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bias win] C:\DOCUME~1\yujin\APPLIC~1\MPEGJU~1\close stop.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{546E8723-F5FE-4A01-9602-B06BF4E86EEC}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkkjii - jkkkjii.dll (file missing)
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8728 bytes

__________________________________________________ ____________________________________

I just started using a program called VirtumundoBeGone
It wasn't able to detect anything though
here's my log:


[01/02/2008, 16:47:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\yujin\Desktop\VirtumundoBeGone.exe" )
[01/02/2008, 16:47:16] - Detected System Information:
[01/02/2008, 16:47:16] - Windows Version: 5.1.2600, Service Pack 2
[01/02/2008, 16:47:16] - Current Username: yujin (Admin)
[01/02/2008, 16:47:16] - Windows is in NORMAL mode.
[01/02/2008, 16:47:16] - Searching for Browser Helper Objects:
[01/02/2008, 16:47:16] - Finished Searching Browser Helper Objects
[01/02/2008, 16:47:16] - Finishing up...
[01/02/2008, 16:47:16] - Nothing found! Exiting...

[01/02/2008, 17:17:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\yujin\Desktop\VirtumundoBeGone.exe" )
[01/02/2008, 17:17:37] - Detected System Information:
[01/02/2008, 17:17:37] - Windows Version: 5.1.2600, Service Pack 2
[01/02/2008, 17:17:37] - Current Username: yujin (Admin)
[01/02/2008, 17:17:37] - Windows is in NORMAL mode.
[01/02/2008, 17:17:37] - Searching for Browser Helper Objects:
[01/02/2008, 17:17:37] - Finished Searching Browser Helper Objects
[01/02/2008, 17:17:37] - Finishing up...
[01/02/2008, 17:17:37] - Nothing found! Exiting...

[01/02/2008, 19:53:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\yujin\Desktop\VirtumundoBeGone.exe" )
[01/02/2008, 19:53:52] - Detected System Information:
[01/02/2008, 19:53:52] - Windows Version: 5.1.2600, Service Pack 2
[01/02/2008, 19:53:52] - Current Username: yujin (Admin)
[01/02/2008, 19:53:52] - Windows is in NORMAL mode.
[01/02/2008, 19:53:52] - Searching for Browser Helper Objects:
[01/02/2008, 19:53:52] - Finished Searching Browser Helper Objects
[01/02/2008, 19:53:52] - Finishing up...
[01/02/2008, 19:53:52] - Nothing found! Exiting...

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/

F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqr.exe

O4 - HKCU\..\Run: [bias win] C:\DOCUME~1\yujin\APPLIC~1\MPEGJU~1\close stop.exe

O20 - Winlogon Notify: jkkkjii - jkkkjii.dll (file missing)
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.




You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure ”Run fixit” is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log with any current observations in the forum please.

POSSIBLE ERROR MSG:
C:\WINDOWS\system32\AUTOEXEC.NT not there

You are missing a file which is preventing you from running the wareoutfix tool.

Go to the link below and select your operating system and click the link on that site and follow instructions for obtaining the missing file and try the wareoutfix tool again please.

fixautont.html: http://www.tech-forums.net/computer/topic/29806.html

Thanks VopThis I no longer get those two prompts....
but still a number of my programs are not working - all the programs which usually started up on my toolbar no longer starts up

Report:
__________________________________________________ __________

Username "yujin" - 01/03/2008 16:42:59 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdmod.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
"nameserver"="85.255.114.46 85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{546E8723-F5FE-4A01-9602-B06BF4E86EEC}
"nameserver"="85.255.114.46,85.255.112.210" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{3A444945-C360-46C9-9B17-428927ED575D}
"DhcpNameServer"="85.255.114.46,85.255.112.210 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{546E8723-F5FE-4A01-9602-B06BF4E86EEC}
"DhcpNameServer"="85.255.114.46,85.255.112.210 " <Value cleared.

Could not flush the DNS Resolver Cache: Function failed during execution.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINT LGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT \\TINTSETP.EXE /IMEName"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ ImScInst.exe /SYNC"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG .EXE\" /Spoil /RemAdvDef /Migration32"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTHelper"="CTHELPER.EXE"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE "
"Lexmark X5100 Series"="\"C:\\Program Files\\Lexmark X5100 Series\\lxbabmgr.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwico n.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\""
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

__________________________________________________ ___________
Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:59 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 6999 bytes

DELETE FOLDERS:
(Use <Windows+F KEYS> and paste the following Search PATH lines to locate.
Windows KEY is located between the <Ctrl and Alt KEYS>.)

C:\DOCUME~1\yujin\APPLIC~1\MPEGJU~1




Clean out TEMPORARY FILES procedures:
To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner http://www.ccleaner.com/downloadbuilds.asp

Install Options:

• Don't install any Toolbars, or other programs, should it ask you!
• Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.

Do not run CCleaner until requested later.






Download ComboFix from one of the following links below: Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall






Run CCleaner in SAFE MODE (reboot tapping the F8 key after the beep).

Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’ (often, the latest download traffic could be the bearer of bad content – RESET back to default after this particular cleaning).

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

• Uncheck ‘Cookies’ option (advisable)
• Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
• Click the ‘Analyse’ button.
• Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

ComboFix 08-01-04.1 - yujin 2008-01-04 13:26:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.122 [GMT 0:00]
Running from: C:\Documents and Settings\yujin\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{E079E~1
C:\Program Files\Common Files\{E079E~1\directordll.lzma
C:\Program Files\Common Files\{E079E~1\directorexe.lzma
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-04 13:25 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-04 13:24 . 2008-01-04 13:24 <DIR> d-------- C:\Program Files\CCleaner
2008-01-04 02:53 . 2008-01-04 02:49 720,896 --a--c--- C:\WINDOWS\iun6002ev.exe
2008-01-04 02:49 . 2008-01-04 02:53 <DIR> d-------- C:\Program Files\Silent Hill
2008-01-03 21:24 . 2008-01-03 21:24 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-01-02 00:07 . 2008-01-02 15:06 <DIR> d----c--- C:\VundoFix Backups
2008-01-02 00:01 . 2008-01-02 00:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 23:20 . 2008-01-01 23:20 <DIR> d----c--- C:\Documents and Settings\yujin\Application Data\SUPERAntiSpyware.com
2008-01-01 23:20 . 2008-01-01 23:20 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-01-01 23:13 . 2008-01-03 22:51 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel
2008-01-01 20:09 . 2008-01-01 23:11 <DIR> d----c--- C:\Fraps
2008-01-01 18:02 . 2008-01-01 23:11 <DIR> d-------- C:\Program Files\SFO
2008-01-01 13:13 . 2008-01-01 23:12 <DIR> d-------- C:\Program Files\Toribash-3.06
2008-01-01 11:45 . 2008-01-01 11:45 <DIR> d-------- C:\Program Files\Telltale Games
2008-01-01 10:59 . 2008-01-01 23:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-01 10:58 . 2008-01-03 21:19 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-01-01 00:27 . 2008-01-01 00:28 <DIR> d-------- C:\Program Files\Battleships Forever
2008-01-01 00:19 . 2008-01-01 15:05 <DIR> d----c--- C:\cyc
2007-12-31 12:00 . 2007-12-31 12:00 <DIR> d-------- C:\Program Files\TechSmith
2007-12-31 12:00 . 2007-12-31 12:00 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2007-12-31 02:19 . 2007-12-31 02:19 <DIR> d-------- C:\Program Files\HyCam2
2007-12-30 10:59 . 2007-12-30 10:59 43,698 --a--c--- C:\WINDOWS\system32\xvid-uninstall.exe
2007-12-30 10:58 . 2007-12-30 10:59 <DIR> d-------- C:\Program Files\AutoGK
2007-12-29 17:08 . 2008-01-02 13:15 <DIR> d-------- C:\Program Files\CamStudio
2007-12-25 14:07 . 2008-01-01 12:12 1,289 --a--c--- C:\WINDOWS\kaillera.ini
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-24 00:12 . 2007-12-24 00:16 <DIR> d-------- C:\Program Files\Project64 1.6
2007-12-23 00:09 . 2007-12-24 19:40 <DIR> d----c--- C:\Documents and Settings\yujin\Application Data\DAEMON Tools
2007-12-21 23:49 . 2007-12-21 23:49 163 --a--c--- C:\WINDOWS\system32\temp_0000_65-17.aok
2007-12-21 23:02 . 2007-12-21 23:15 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2007-12-21 23:02 . 2007-04-12 14:19 129,024 --a--c--- C:\WINDOWS\system32\AVERM.dll
2007-12-12 01:23 . 2007-12-12 01:24 <DIR> d-------- C:\Program Files\SubSync
2007-12-10 22:07 . 2007-12-10 22:15 <DIR> d-------- C:\Program Files\Soulseek-Test
2007-12-09 00:44 . 2007-12-09 00:44 <DIR> d-------- C:\Program Files\SopCast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-04 13:07 --------- dc----w C:\Documents and Settings\yujin\Application Data\AVG7
2008-01-04 12:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 04:50 --------- dc----w C:\Documents and Settings\yujin\Application Data\uTorrent
2008-01-03 21:19 --------- d-----w C:\Program Files\Windows Live
2008-01-02 13:14 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-02 10:53 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-01-02 02:11 --------- d-----w C:\Program Files\LimeWire
2008-01-01 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 23:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-01 23:12 --------- d-----w C:\Program Files\MSN Messenger
2008-01-01 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-31 20:08 --------- d-----w C:\Program Files\btbb_wcm
2007-12-31 20:07 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-31 19:41 --------- d-----w C:\Program Files\AVI ReComp
2007-12-31 12:33 --------- d-----w C:\Program Files\QuickTime
2007-12-31 12:33 --------- d-----w C:\Program Files\Lexmark X5100 Series
2007-12-30 10:59 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 10:18 --------- d-----w C:\Program Files\Steam
2007-12-27 10:27 --------- d-----w C:\Program Files\eMule
2007-12-23 00:05 715,248 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-12 01:23 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2007-12-12 01:23 249,856 -c----w C:\WINDOWS\Setup1.exe
2007-12-03 00:41 --------- d-----w C:\Program Files\01-mp3search
2007-12-02 21:15 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-02 21:12 --------- d-----w C:\Program Files\GameShadow
2007-12-02 11:24 --------- d-----w C:\Program Files\uTorrent
2007-11-28 15:28 --------- d-----w C:\Program Files\WinZix
2007-11-28 14:32 --------- d-----w C:\Program Files\Eidos
2007-11-27 00:42 --------- d-----w C:\Program Files\Eidos Interactive
2007-11-19 19:38 --------- d-----w C:\Program Files\EO Video
2007-11-19 19:36 --------- d-----w C:\Program Files\Half-Life 2 - Lost Coast
2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 17:14 --------- d-----w C:\Program Files\DOSBox-0.72
2007-11-11 17:53 --------- d-----w C:\Program Files\Manifesto
2007-11-07 17:08 --------- d-----w C:\Program Files\Narbacular Drop
2007-09-18 15:17 604 ---ha-w C:\Program Files\STLL Notifier
2007-01-14 14:08 87,608 -c--a-w C:\Documents and Settings\yujin\Application Data\ezpinst.exe
2007-01-14 14:08 47,360 -c--a-w C:\Documents and Settings\yujin\Application Data\pcouffin.sys
2003-11-18 13:37 241,664 ----a-w C:\Program Files\npmusicn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-12 13:58 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-12 13:58 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-12 13:58 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-12 13:58 208952]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [ ]
"CTHelper"="CTHELPER.EXE" [2002-09-03 18:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [ ]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-02 11:00 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-02 11:00 219136]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-01-21 15:39]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\driver s\dump_wmimmc.sys []
S3 gsplittm;gsplittm;C:\DOCUME~1\yujin\LOCALS~1\Temp\ gsplittm.sys [2004-11-01 21:29]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ad874d6e-f294-11db-bbb6-0011f59acf9e}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{de55e9d0-57ab-11dc-bcb1-0011f59acf9e}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{de55e9d1-57ab-11dc-bcb1-0011f59acf9e}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 14:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 12:00:00 C:\WINDOWS\Tasks\B1217350906AEB04.job"
- c:\docume~1\yujin\applic~1\mpegju~1\DeafLiveStyle. exe
"2007-05-07 08:58:49 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 13:37:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-04 13:42:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 13:41:57
.
2007-12-12 03:07:21 --- E O F ---

How is your PC now behaving? This feedback (and more details, as necessary) needs to be provided on a consistent basis as we progress.

most things are working...
as I said before...programs which normally startup when windows first starts up..are not functioning...
should I reinstall all of them?
should I specify the programs?

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:17 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7587 bytes

You have potentially serious problems as evidenced by eight (8) separate occurances of:

C:\WINDOWS\system32\drwtsn32.exe
Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool
http://support.microsoft.com/kb/308538

information about your computer when an error (or user-mode fault) occurs with a program

should I reinstall all of them?

Have a look at the error log for the above (Drwtsn32.log). Nevertheless, it might be worthwhile reinstalling a couple of them to test if that might improve matters.

hmm...I'm not sure Im reading the right log...is it located in this folder?:


or am I suppose to be looking at this:


the notepad file shown in the first image is:
__________________________________________________ _________


Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.



Application exception occurred:
App: C:\WINNT\Explorer.EXE (pid=1160)
When: 27/09/2004 @ 13:24:23.703
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: MACHINE
User Name: Wei
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization: -
Registered Owner: Bob

*----> Task List <----*
0 System Process
4 System
436 smss.exe
484 csrss.exe
508 winlogon.exe
552 services.exe
564 lsass.exe
712 svchost.exe
792 svchost.exe
828 svchost.exe
876 svchost.exe
968 svchost.exe
1160 Explorer.EXE
1200 spoolsv.exe
1368 avgserv.exe
1380 CTsvcCDA.exe
1412 CTSysVol.exe
1428 CTDVDDet.EXE
1460 CTHELPER.EXE
1516 avgcc32.exe
1576 iTouch.exe
1632 EM_EXEC.EXE
1660 ctfmon.exe
1692 MsnMsgr.Exe
2016 alg.exe
1944 wuauclt.exe
2000 wmplayer.exe
736 drwtsn32.exe

*----> Module List <----*
(0000000001000000 - 00000000010ff000: C:\WINNT\Explorer.EXE
(0000000001110000 - 0000000001122000: C:\WINNT\system32\browselc.dll
(0000000001130000 - 000000000113c000: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
(0000000001a40000 - 0000000001a47000: C:\Program Files\Logitech\iTouch\kbdhook.dll
(0000000001d40000 - 0000000001d8f000: C:\WINNT\system32\DRMClien.DLL
(0000000001eb0000 - 0000000001f38000: C:\WINNT\system32\shdoclc.dll
(0000000002230000 - 0000000002247000: C:\WINNT\system32\odbcint.dll
(00000000022f0000 - 00000000022fc000: C:\PROGRA~1\Grisoft\AVG6\avgse.dll
(0000000002b10000 - 0000000002dde000: C:\WINNT\system32\wmploc.dll
(0000000003680000 - 00000000036af000: C:\WINNT\system32\xpsp1res.dll
(000000000ffd0000 - 000000000fff8000: C:\WINNT\system32\rsaenh.dll
(0000000010000000 - 0000000010010000: C:\WINNT\system32\ctagent.dll
(0000000020000000 - 00000000202c5000: C:\WINNT\system32\xpsp2res.dll
(000000004b320000 - 000000004b349000: C:\WINNT\system32\wmidx.dll
(000000004b5b0000 - 000000004ba59000: C:\WINNT\system32\wmp.dll
(000000004c4b0000 - 000000004c4c8000: C:\PROGRA~1\WINDOW~2\wmpband.dll
(000000004d4f0000 - 000000004d548000: C:\WINNT\system32\WINHTTP.dll
(000000004ec50000 - 000000004edf3000: C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595 b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
(0000000058340000 - 000000005838d000: C:\WINNT\system32\msaud32.acm
(0000000058390000 - 000000005841a000: C:\WINNT\system32\l3codeca.acm
(00000000592c0000 - 00000000592d9000: C:\WINNT\system32\wmpshell.dll
(0000000059a10000 - 0000000059a4c000: C:\WINNT\system32\WMASF.DLL
(000000005ad70000 - 000000005ada8000: C:\WINNT\system32\UxTheme.dll
(000000005b0a0000 - 000000005b0a7000: C:\WINNT\system32\umdmxfrm.dll
(000000005b860000 - 000000005b8b4000: C:\WINNT\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: C:\WINNT\system32\themeui.dll
(000000005c080000 - 000000005c135000: c:\winnt\srchasst\srchui.dll
(000000005c150000 - 000000005c162000: c:\winnt\srchasst\srchctls.dll
(000000005cad0000 - 000000005caf7000: C:\WINNT\system32\shmedia.dll
(000000005cb70000 - 000000005cb96000: C:\WINNT\system32\ShimEng.dll
(000000005cd70000 - 000000005cd77000: C:\WINNT\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINNT\system32\comctl32.dll
(000000005df10000 - 000000005df6e000: C:\WINNT\system32\wzcdlg.dll
(0000000061680000 - 00000000616b6000: C:\WINNT\system32\mobsync.dll
(000000006c1b0000 - 000000006c1fd000: C:\WINNT\system32\DUSER.dll
(000000006c230000 - 000000006c24e000: C:\WINNT\system32\dsuiext.dll
(000000006c260000 - 000000006c29d000: C:\WINNT\system32\dsquery.dll
(000000006f880000 - 000000006fa4a000: C:\WINNT\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINNT\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINNT\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINNT\system32\WSOCK32.dll
(0000000071b20000 - 0000000071b32000: C:\WINNT\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: C:\WINNT\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: C:\WINNT\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: C:\WINNT\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: C:\WINNT\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: C:\WINNT\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5c000: C:\WINNT\system32\actxprxy.dll
(00000000722b0000 - 00000000722b5000: C:\WINNT\system32\sensapi.dll
(0000000072410000 - 000000007242a000: C:\WINNT\system32\mydocs.dll
(0000000072d10000 - 0000000072d18000: C:\WINNT\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINNT\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINNT\system32\winspool.drv
(0000000073030000 - 0000000073040000: C:\WINNT\system32\WZCSAPI.DLL
(0000000073380000 - 00000000733d7000: C:\WINNT\system32\zipfldr.dll
(00000000736b0000 - 00000000736b7000: C:\WINNT\system32\msdmo.dll
(0000000073b50000 - 0000000073b67000: C:\WINNT\system32\AVIFIL32.dll
(0000000074320000 - 000000007435d000: C:\WINNT\system32\ODBC32.dll
(0000000074720000 - 000000007476b000: C:\WINNT\system32\MSCTF.dll
(0000000074980000 - 0000000074ab0000: C:\WINNT\system32\msxml3.dll
(0000000074ad0000 - 0000000074ad8000: C:\WINNT\system32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: C:\WINNT\system32\BatMeter.dll
(0000000074b30000 - 0000000074b76000: C:\WINNT\system32\webcheck.dll
(0000000074c80000 - 0000000074cac000: C:\WINNT\system32\OLEACC.dll
(00000000754d0000 - 0000000075550000: C:\WINNT\system32\CRYPTUI.dll
(0000000075970000 - 0000000075a67000: C:\WINNT\system32\MSGINA.dll
(0000000075a70000 - 0000000075a91000: C:\WINNT\system32\MSVFW32.dll
(0000000075c50000 - 0000000075cbe000: C:\WINNT\system32\jscript.dll
(0000000075cf0000 - 0000000075d81000: C:\WINNT\system32\MLANG.dll
(0000000075e90000 - 0000000075f40000: C:\WINNT\system32\SXS.DLL
(0000000075f60000 - 0000000075f67000: C:\WINNT\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINNT\System32\davclnt.dll
(0000000075f80000 - 000000007607c000: C:\WINNT\system32\BROWSEUI.dll
(0000000076080000 - 00000000760e5000: C:\WINNT\system32\MSVCP60.dll
(0000000076280000 - 00000000762a1000: C:\WINNT\system32\stobject.dll
(0000000076360000 - 0000000076370000: C:\WINNT\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINNT\system32\MSIMG32.dll
(00000000763b0000 - 00000000763f9000: C:\WINNT\system32\comdlg32.dll
(0000000076400000 - 00000000765a6000: C:\WINNT\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: C:\WINNT\System32\CSCDLL.dll
(00000000767a0000 - 00000000767b3000: C:\WINNT\system32\NTDSAPI.dll
(00000000768d0000 - 0000000076974000: C:\WINNT\system32\RASDLG.dll
(0000000076980000 - 0000000076988000: C:\WINNT\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: C:\WINNT\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINNT\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINNT\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINNT\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: C:\WINNT\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: C:\WINNT\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINNT\system32\IMAGEHLP.dll
(0000000076d40000 - 0000000076d58000: C:\WINNT\system32\MPRAPI.dll
(0000000076d60000 - 0000000076d79000: C:\WINNT\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: C:\WINNT\system32\adsldpc.dll
(0000000076e80000 - 0000000076e8e000: C:\WINNT\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINNT\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINNT\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINNT\system32\RASAPI32.dll
(0000000076f20000 - 0000000076f47000: C:\WINNT\system32\DNSAPI.dll
(0000000076f50000 - 0000000076f58000: C:\WINNT\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINNT\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINNT\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINNT\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINNT\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINNT\system32\WININET.dll
(0000000077260000 - 00000000772fc000: C:\WINNT\system32\urlmon.dll
(00000000773d0000 - 00000000774d2000: C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINNT\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINNT\system32\NTMARTA.DLL
(0000000077760000 - 00000000778cc000: C:\WINNT\system32\SHDOCVW.dll
(0000000077920000 - 0000000077a13000: C:\WINNT\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINNT\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINNT\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINNT\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINNT\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINNT\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINNT\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINNT\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINNT\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINNT\system32\msv1_0.dll
(0000000077cc0000 - 0000000077cf2000: C:\WINNT\system32\ACTIVEDS.dll
(0000000077d40000 - 0000000077dd0000: C:\WINNT\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINNT\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINNT\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINNT\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINNT\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINNT\system32\Secur32.dll
(000000007c800000 - 000000007c8f4000: C:\WINNT\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINNT\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINNT\system32\SHELL32.dll
(000000007d1e0000 - 000000007d492000: C:\WINNT\system32\msi.dll
(000000007d790000 - 000000007d99a000: C:\WINNT\system32\wmvcore.dll

*----> State Dump for Thread Id 0x48c <----*

eax=00000078 ebx=00000003 ecx=00000007 edx=0007eb74 esi=000ea8e8 edi=00000000
eip=7c90eb94 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca32c57 00000000 0007ff5c 01016e95 ntdll!KiFastSystemCallRet
0007ff14 01016e95 000ea8e8 7ffdf000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101e2b6 00000000 00000000 000205be Explorer+0x16e95
0007ffc0 7c816d4f 00000002 5d093c48 7ffdf000 Explorer+0x1e2b6
0007fff0 00000000 0101e24e 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000007fef0 f5 93 d4 77 ee 95 a3 7c - ac 92 80 7c e8 a8 0e 00 ...w...|...|....
000000000007ff00 e8 a8 0e 00 14 ff 07 00 - 14 ff 07 00 57 2c a3 7c ............W,.|
000000000007ff10 00 00 00 00 5c ff 07 00 - 95 6e 01 01 e8 a8 0e 00 ....\....n......
000000000007ff20 00 f0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 ............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 27 e0 90 7c ed aa 80 7c P.......'..|...|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 b3 b5 00 00 ................
000000000007ff50 a0 00 00 00 01 00 00 00 - e8 a8 0e 00 c0 ff 07 00 ................
000000000007ff60 b6 e2 01 01 00 00 00 00 - 00 00 00 00 be 05 02 00 ................
000000000007ff70 01 00 00 00 02 00 00 00 - 48 3c 09 5d 44 00 00 00 ........H<.]D...
000000000007ff80 0c 06 02 00 ec 05 02 00 - c0 05 02 00 00 00 00 00 ................
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 18 00 00 00 ................
000000000007ffa0 8c 1d 9c 76 e8 a8 d4 77 - 01 00 00 00 01 00 00 00 ...v...w........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 4f 6d 81 7c - 02 00 00 00 48 3c 09 5d ....Om.|....H<.]
000000000007ffd0 00 f0 fd 7f 38 b0 54 80 - c8 ff 07 00 20 30 b0 81 ....8.T..... 0..
000000000007ffe0 ff ff ff ff f3 99 83 7c - 58 6d 81 7c 00 00 00 00 .......|Xm.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 4e e2 01 01 00 00 00 00 ........N.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 74 24 00 00 Actx .......t$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> State Dump for Thread Id 0x4a4 <----*

eax=00000001 ebx=77d4b762 ecx=0117f904 edx=7c90eb94 esi=010460d8 edi=00000000
eip=7c90eb94 esp=0117ff14 ebp=0117ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
0117ff44 01011e8b 00000000 0117ffb4 77f7f5de ntdll!KiFastSystemCallRet
0117ff50 77f7f5de 010460d8 0000005c 0007fc04 Explorer+0x11e8b
0117ffb4 7c80b50b 00000000 0000005c 0007fc04 SHLWAPI!Ordinal505+0x369
0117ffec 00000000 77f7f56f 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000117ff14 f5 93 d4 77 40 1a 00 01 - 00 00 00 00 d8 60 04 01 ...w@........`..
000000000117ff24 00 00 00 00 74 00 01 00 - 13 01 00 00 05 00 00 00 ....t...........
000000000117ff34 00 00 00 00 59 3b 3a 00 - 94 02 00 00 d9 01 00 00 ....Y;:.........
000000000117ff44 50 ff 17 01 8b 1e 01 01 - 00 00 00 00 b4 ff 17 01 P...............
000000000117ff54 de f5 f7 77 d8 60 04 01 - 5c 00 00 00 04 fc 07 00 ...w.`..\.......
000000000117ff64 bc fd 07 00 62 1e 01 01 - b1 79 01 01 b0 01 00 00 ....b....y......
000000000117ff74 d8 60 04 01 08 00 00 00 - 00 00 00 00 00 00 00 00 .`..............
000000000117ff84 00 00 00 00 00 00 00 00 - 58 62 b0 81 41 a8 4f 80 ........Xb..A.O.
000000000117ff94 00 00 00 00 00 00 00 00 - 00 00 00 00 21 a8 4f 80 ............!.O.
000000000117ffa4 9c 4c 28 ef 00 00 00 00 - 00 00 00 00 dc e2 90 7c .L(............|
000000000117ffb4 ec ff 17 01 0b b5 80 7c - 00 00 00 00 5c 00 00 00 .......|....\...
000000000117ffc4 04 fc 07 00 bc fd 07 00 - 00 b0 fd 7f 00 46 3c 82 .............F<.
000000000117ffd4 c0 ff 17 01 70 f5 af 81 - ff ff ff ff f3 99 83 7c ....p..........|
000000000117ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ...|............
000000000117fff4 6f f5 f7 77 bc fd 07 00 - 00 00 00 00 00 00 00 00 o..w............
0000000001180004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001180014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001180024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001180034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001180044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x4bc <----*

eax=7c92798d ebx=00000000 ecx=77dd6a51 edx=77dd6a18 esi=ffffffff edi=7c90fb78
eip=7c90eb94 esp=011bff9c ebp=011bffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
011bffb4 7c80b50b 00000000 7c90fb78 ffffffff ntdll!KiFastSystemCallRet
011bffec 00000000 7c92798d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000011bff9c 5c d8 90 7c d4 79 92 7c - 01 00 00 00 ac ff 1b 01 \..|.y.|........
00000000011bffac 00 00 00 00 00 00 00 80 - ec ff 1b 01 0b b5 80 7c ...............|
00000000011bffbc 00 00 00 00 78 fb 90 7c - ff ff ff ff 00 00 00 00 ....x..|........
00000000011bffcc 00 a0 fd 7f 00 46 3c 82 - c0 ff 1b 01 48 b8 1f 82 .....F<.....H...
00000000011bffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00 .......|...|....
00000000011bffec 00 00 00 00 00 00 00 00 - 8d 79 92 7c 00 00 00 00 .........y.|....
00000000011bfffc 00 00 00 00 c8 00 00 00 - 68 01 00 00 ff ee ff ee ........h.......
00000000011c000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00 ................
00000000011c001c 00 20 00 00 00 02 00 00 - 00 20 00 00 2f 02 00 00 . ....... ../...
00000000011c002c ff ef fd 7f 1c 00 08 06 - 00 00 00 00 00 00 00 00 ................
00000000011c003c 00 00 00 00 00 00 00 00 - 98 05 1c 01 0f 00 00 00 ................
00000000011c004c f8 ff ff ff 50 00 1c 01 - 50 00 1c 01 40 06 1c 01 ....P...P...@...
00000000011c005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000011c00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x4c4 <----*

eax=0123fcd0 ebx=00000000 ecx=000c6130 edx=00000000 esi=00000000 edi=00000001
eip=7c90eb94 esp=0123fcec ebp=0123ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0123ffb4 7c80b50b 00000000 00000020 0117fce4 ntdll!KiFastSystemCallRet
0123ffec 00000000 7c929fae 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000123fcec ab e9 90 7c d5 a0 92 7c - 03 00 00 00 30 fd 23 01 ...|...|....0.#.
000000000123fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
000000000123fd0c e4 fc 17 01 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c ...........|...|
000000000123fd1c e0 01 00 00 c4 04 00 00 - 03 00 00 00 03 00 00 00 ................
000000000123fd2c 02 00 00 00 dc 01 00 00 - 30 03 00 00 c4 01 00 00 ........0.......
000000000123fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000123fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x4fc <----*

eax=019a0010 ebx=000d8008 ecx=00001000 edx=7c90eb94 esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=012bfd30 ebp=012bfdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
012bfdcc 77d4bbfe 00000009 012bfdf4 00000000 ntdll!KiFastSystemCallRet
012bfe28 7c9f43d9 00000008 012bfe50 ffffffff USER32!SetWindowTextW+0x120
012bff4c 7ca3114e 77f7f5de 00000000 7c809988 SHELL32!SHCreateShellFolderView+0x3d6b
012bffb4 7c80b50b 00000000 7c809988 00090000 SHELL32!Ordinal753+0x133
012bffec 00000000 77f7f56f 0117f4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000012bfd30 ab e9 90 7c f2 94 80 7c - 09 00 00 00 08 80 0d 00 ...|...|........
00000000012bfd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000012bfd50 09 00 00 00 02 00 00 00 - 70 90 53 00 14 00 00 00 ........p.S.....
00000000012bfd60 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
00000000012bfd70 00 00 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 ....0...........
00000000012bfd80 98 31 0e 00 00 00 00 00 - 00 00 00 00 ec fd 2b 01 .1............+.
00000000012bfd90 94 04 d7 77 08 88 d4 77 - 00 f0 fd 7f 00 70 fd 7f ...w...w.....p..
00000000012bfda0 00 70 fd 7f 00 00 00 00 - 08 80 0d 00 70 00 01 00 .p..........p...
00000000012bfdb0 09 00 00 00 4c fd 2b 01 - 00 00 00 00 dc ff 2b 01 ....L.+.......+.
00000000012bfdc0 f3 99 83 7c 90 95 80 7c - 00 00 00 00 28 fe 2b 01 ...|...|....(.+.
00000000012bfdd0 fe bb d4 77 09 00 00 00 - f4 fd 2b 01 00 00 00 00 ...w......+.....
00000000012bfde0 ff ff ff ff 01 00 00 00 - 68 c1 0d 00 08 00 00 00 ........h.......
00000000012bfdf0 00 00 00 00 40 07 00 00 - e4 03 00 00 bc 03 00 00 ....@...........
00000000012bfe00 b4 03 00 00 10 03 00 00 - 28 02 00 00 2c 02 00 00 ........(...,...
00000000012bfe10 30 02 00 00 04 02 00 00 - 00 00 00 00 01 00 00 00 0...............
00000000012bfe20 00 70 fd 7f 04 02 00 00 - 4c ff 2b 01 d9 43 9f 7c .p......L.+..C.|
00000000012bfe30 08 00 00 00 50 fe 2b 01 - ff ff ff ff ff 04 00 00 ....P.+.........
00000000012bfe40 f4 fd 2b 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..+.............
00000000012bfe50 40 07 00 00 e4 03 00 00 - bc 03 00 00 b4 03 00 00 @...............
00000000012bfe60 10 03 00 00 28 02 00 00 - 2c 02 00 00 30 02 00 00 ....(...,...0...

*----> State Dump for Thread Id 0x71c <----*

eax=77a21740 ebx=00004e20 ecx=005592f0 edx=7c90eb94 esi=014dfd68 edi=77d491a3
eip=7c90eb94 esp=014dfcf8 ebp=014dfd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
014dfd14 76281513 014dfd68 00000000 00000000 ntdll!KiFastSystemCallRet
014dfd8c 76283746 76280000 00000000 0002011a stobject+0x1513
014dffb4 7c80b50b 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x1fa4
014dffec 00000000 762836f7 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000014dfcf8 9b 91 d4 77 ce 91 d4 77 - 68 fd 4d 01 00 00 00 00 ...w...wh.M.....
00000000014dfd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd 4d 01 ..............M.
00000000014dfd18 13 15 28 76 68 fd 4d 01 - 00 00 00 00 00 00 00 00 ..(vh.M.........
00000000014dfd28 00 00 00 00 00 00 00 00 - 00 00 28 76 00 00 00 00 ..........(v....
00000000014dfd38 30 00 00 00 00 40 00 00 - 21 13 28 76 00 00 00 00 0....@..!.(v....
00000000014dfd48 1e 00 00 00 00 00 28 76 - 6f 00 02 00 11 00 01 00 ......(vo.......
00000000014dfd58 10 00 00 00 00 00 00 00 - f4 31 28 76 00 00 00 00 .........1(v....
00000000014dfd68 1a 01 02 00 bc c0 00 00 - 00 00 00 00 00 00 00 00 ................
00000000014dfd78 42 1d 3a 00 0f 01 00 00 - 45 02 00 00 00 00 00 00 B.:.....E.......
00000000014dfd88 00 00 00 00 b4 ff 4d 01 - 46 37 28 76 00 00 28 76 ......M.F7(v..(v
00000000014dfd98 00 00 00 00 1a 01 02 00 - 01 00 00 00 00 00 00 00 ................
00000000014dfda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 4e 00 54 00 C.:.\.W.I.N.N.T.
00000000014dfdb8 5c 00 73 00 79 00 73 00 - 74 00 65 00 6d 00 33 00 \.s.y.s.t.e.m.3.
00000000014dfdc8 32 00 5c 00 73 00 74 00 - 6f 00 62 00 6a 00 65 00 2.\.s.t.o.b.j.e.
00000000014dfdd8 63 00 74 00 2e 00 64 00 - 6c 00 6c 00 00 00 00 00 c.t...d.l.l.....
00000000014dfde8 56 08 81 7c 1b 00 00 00 - 00 02 00 00 fc ff 4d 01 V..|..........M.
00000000014dfdf8 23 00 00 00 74 8b 3f 85 - ff 74 0a 8b 07 56 ff 76 #...t.?..t...V.v
00000000014dfe08 0c 57 ff 50 0c 8b 06 8b - 7e 14 83 66 18 00 56 ff .W.P....~..f..V.
00000000014dfe18 50 08 81 ff fe 0f 0c 00 - 74 04 8b c7 eb 0c b8 0a P.......t.......
00000000014dfe28 00 00 80 eb 05 b8 05 40 - 00 80 5f 5e c3 90 90 90 .......@.._^....

*----> State Dump for Thread Id 0x7fc <----*

eax=e3b36058 ebx=00000000 ecx=0156fcbc edx=7d7ebab2 esi=000b88d0 edi=000c9ef0
eip=7c90eb94 esp=0156fe1c ebp=0156ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0156ff80 77e76c22 0156ffa8 77e76a3b 000b88d0 ntdll!KiFastSystemCallRet
0156ff88 77e76a3b 000b88d0 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
0156ffa8 77e76c0a 000b8788 0156ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0156ffb4 7c80b50b 000f2968 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
0156ffec 00000000 77e76bf0 000f2968 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000156fe1c 99 e3 90 7c 03 67 e7 77 - 98 01 00 00 70 ff 56 01 ...|.g.w....p.V.
000000000156fe2c f0 9e 0c 00 f0 9e 0c 00 - 54 ff 56 01 00 00 00 00 ........T.V.....
000000000156fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fe6c 1b 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156feec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156fefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000156ff0c 00 00 00 00 00 00 00 00 - 44 c8 a0 81 24 7c 78 ee ........D...$|x.
000000000156ff1c 62 c8 4d 80 6a c8 4d 80 - 14 c8 a0 81 a8 c6 a0 81 b.M.j.M.........
000000000156ff2c dc c6 a0 81 80 ff 56 01 - 99 66 e7 77 4c ff 56 01 ......V..f.wL.V.
000000000156ff3c a9 66 e7 77 ed 10 90 7c - 80 95 0f 00 68 29 0f 00 .f.w...|....h)..
000000000156ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xac <----*

eax=00000000 ebx=00000000 ecx=015afe1c edx=7c90eb94 esi=000b88d0 edi=00000100
eip=7c90eb94 esp=015afe1c ebp=015aff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
015aff80 77e76c22 015affa8 77e76a3b 000b88d0 ntdll!KiFastSystemCallRet
015aff88 77e76a3b 000b88d0 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5ea
015affa8 77e76c0a 000b8788 015affec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
015affb4 7c80b50b 000d54f0 00000000 003c0178 RPCRT4!I_RpcBCacheFree+0x5d2
015affec 00000000 77e76bf0 000d54f0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000015afe1c 99 e3 90 7c 03 67 e7 77 - 98 01 00 00 70 ff 5a 01 ...|.g.w....p.Z.
00000000015afe2c 00 00 00 00 50 c5 bb 01 - 54 ff 5a 01 00 00 00 00 ....P...T.Z.....
00000000015afe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afe6c d1 25 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .%..............
00000000015afe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afeac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afebc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afeec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015afefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015aff0c 00 00 00 00 00 00 00 00 - 1c 6d a7 81 24 fc 77 ee .........m..$.w.
00000000015aff1c 62 c8 4d 80 6a c8 4d 80 - ec 6c a7 81 80 6b a7 81 b.M.j.M..l...k..
00000000015aff2c b4 6b a7 81 80 ff 5a 01 - 99 66 e7 77 4c ff 5a 01 .k....Z..f.wL.Z.
00000000015aff3c a9 66 e7 77 ed 10 90 7c - 40 85 11 00 f0 54 0d 00 .f.w...|@....T..
00000000015aff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x72c <----*

eax=0139fce0 ebx=00000000 ecx=0139fccc edx=7c90eb94 esi=000ef268 edi=00000000
eip=7c90eb94 esp=0139fccc ebp=0139ff28 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\BROWSEUI.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0139ff28 75faea19 0010e2f0 00000000 00000000 ntdll!KiFastSystemCallRet
0139ffb4 7c80b50b 0010e2f0 00000000 00000000 BROWSEUI!Ordinal107+0xbf5a
0139ffec 00000000 75fae9d5 0010e2f0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000139fccc f5 93 d4 77 0a e9 fa 75 - 00 00 00 00 00 00 00 00 ...w...u........
000000000139fcdc f0 e2 10 00 ce 07 01 00 - bc c0 00 00 00 00 00 00 ................
000000000139fcec 00 00 00 00 42 1d 3a 00 - 0f 01 00 00 45 02 00 00 ....B.:.....E...
000000000139fcfc 02 00 00 00 01 00 00 00 - 68 f2 0e 00 00 00 00 00 ........h.......
000000000139fd0c 54 07 01 00 d8 54 0d 00 - 01 00 00 00 00 00 00 00 T....T..........
000000000139fd1c 57 00 69 00 6e 00 64 00 - 6f 00 77 00 73 00 20 00 W.i.n.d.o.w.s. .
000000000139fd2c 45 00 78 00 70 00 6c 00 - 6f 00 72 00 65 00 72 00 E.x.p.l.o.r.e.r.
000000000139fd3c 00 00 00 00 00 00 00 00 - f8 e4 13 00 00 00 00 00 ................
000000000139fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000139fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000139fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000139fd7c 00 00 00 00 00 00 00 00 - 08 00 00 00 00 00 00 00 ................
000000000139fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000139fd9c 00 00 00 00 00 00 00 00 - 80 28 13 00 00 00 00 00 .........(......
000000000139fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000139fdbc 00 00 00 00 38 00 00 00 - 44 9e d4 77 80 02 da 77 ....8...D..w...w
000000000139fdcc 00 00 00 00 00 00 00 00 - f0 e2 10 00 00 00 00 00 ................
000000000139fddc 1c 00 fb 7f d5 e9 fa 75 - 00 00 00 00 56 08 81 7c .......u....V..|
000000000139fdec 1b 00 00 00 00 02 00 00 - fc ff 39 01 23 00 00 00 ..........9.#...
000000000139fdfc 00 00 00 00 89 8b 28 ef - 80 e0 af 81 f8 7b 3c 82 ......(......{<.

*----> State Dump for Thread Id 0x73c <----*

eax=00000001 ebx=01cffef8 ecx=01cfffb0 edx=01cfffac esi=00000000 edi=7ffdf000
eip=7c90eb94 esp=01cffed0 ebp=01cfff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
01cfff6c 7c809c86 00000002 01cfffa4 00000000 ntdll!KiFastSystemCallRet
01cfff88 72d2312a 00000002 01cfffa4 00000000 kernel32!WaitForMultipleObjects+0x18
01cfffb4 7c80b50b 00000000 00000000 00090000 wdmaud!midMessage+0x348
01cfffec 00000000 72d230e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001cffed0 ab e9 90 7c f2 94 80 7c - 02 00 00 00 f8 fe cf 01 ...|...|........
0000000001cffee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001cffef0 00 00 00 00 00 00 00 00 - 18 06 00 00 0c 06 00 00 ................
0000000001cfff00 2a 26 80 7c 18 ff cf 01 - 00 26 80 7c 30 25 80 7c *&.|.....&.|0%.|
0000000001cfff10 00 00 00 00 00 00 00 00 - 14 00 00 00 01 00 00 00 ................
0000000001cfff20 00 00 00 00 00 00 00 00 - 10 00 00 00 74 75 ac 81 ............tu..
0000000001cfff30 62 c8 4d 80 00 f0 fd 7f - 00 f0 fd 7f 00 50 fd 7f b.M..........P..
0000000001cfff40 00 00 00 00 00 00 00 00 - f8 fe cf 01 dc ff cf 01 ................
0000000001cfff50 02 00 00 00 ec fe cf 01 - ff ff ff ff dc ff cf 01 ................
0000000001cfff60 f3 99 83 7c 90 95 80 7c - 00 00 00 00 88 ff cf 01 ...|...|........
0000000001cfff70 86 9c 80 7c 02 00 00 00 - a4 ff cf 01 00 00 00 00 ...|............
0000000001cfff80 ff ff ff ff 00 00 00 00 - b4 ff cf 01 2a 31 d2 72 ............*1.r
0000000001cfff90 02 00 00 00 a4 ff cf 01 - 00 00 00 00 ff ff ff ff ................
0000000001cfffa0 00 00 09 00 18 06 00 00 - 0c 06 00 00 01 00 00 00 ................
0000000001cfffb0 01 00 00 00 ec ff cf 01 - 0b b5 80 7c 00 00 00 00 ...........|....
0000000001cfffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 50 fd 7f .............P..
0000000001cfffd0 00 46 3c 82 c0 ff cf 01 - 28 77 99 81 ff ff ff ff .F<.....(w......
0000000001cfffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000001cffff0 00 00 00 00 e8 30 d2 72 - 00 00 00 00 00 00 00 00 .....0.r........
0000000001d00000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x6c8 <----*

eax=c0000000 ebx=00000634 ecx=40000000 edx=000003bd esi=01d3ff98 edi=77d6ea45
eip=7c90eb94 esp=01d3ff54 ebp=01d3ff78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
01d3ff78 76b44e3d 01d3ff98 00000000 00000000 ntdll!KiFastSystemCallRet
01d3ffb4 7c80b50b 00000634 00000200 0000002b WINMM!PlaySoundW+0x7e6
01d3ffec 00000000 76b44dd6 00000634 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001d3ff54 9b 91 d4 77 85 ea d6 77 - 98 ff d3 01 00 00 00 00 ...w...w........
0000000001d3ff64 00 00 00 00 00 00 00 00 - 34 06 00 00 45 ea d6 77 ........4...E..w
0000000001d3ff74 00 00 00 00 b4 ff d3 01 - 3d 4e b4 76 98 ff d3 01 ........=N.v....
0000000001d3ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................
0000000001d3ff94 2b 00 00 00 c4 07 03 00 - bc c0 00 00 00 00 00 00 +...............
0000000001d3ffa4 00 00 00 00 42 1d 3a 00 - 0f 01 00 00 45 02 00 00 ....B.:.....E...
0000000001d3ffb4 ec ff d3 01 0b b5 80 7c - 34 06 00 00 00 02 00 00 .......|4.......
0000000001d3ffc4 2b 00 00 00 34 06 00 00 - 00 f0 fa 7f 00 46 3c 82 +...4........F<.
0000000001d3ffd4 c0 ff d3 01 28 77 99 81 - ff ff ff ff f3 99 83 7c ....(w.........|
0000000001d3ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ...|............
0000000001d3fff4 d6 4d b4 76 34 06 00 00 - 00 00 00 00 4d 5a 90 00 .M.v4.......MZ..
0000000001d40004 03 00 00 00 04 00 00 00 - ff ff 00 00 b8 00 00 00 ................
0000000001d40014 00 00 00 00 40 00 00 00 - 00 00 00 00 00 00 00 00 ....@...........
0000000001d40024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001d40034 00 00 00 00 00 00 00 00 - 18 01 00 00 0e 1f ba 0e ................
0000000001d40044 00 b4 09 cd 21 b8 01 4c - cd 21 54 68 69 73 20 70 ....!..L.!This p
0000000001d40054 72 6f 67 72 61 6d 20 63 - 61 6e 6e 6f 74 20 62 65 rogram cannot be
0000000001d40064 20 72 75 6e 20 69 6e 20 - 44 4f 53 20 6d 6f 64 65 run in DOS mode
0000000001d40074 2e 0d 0d 0a 24 00 00 00 - 00 00 00 00 87 8e a9 25 ....$..........%
0000000001d40084 c3 ef c7 76 c3 ef c7 76 - c3 ef c7 76 40 e7 a7 76 ...v...v...v@..v

*----> State Dump for Thread Id 0x614 <----*

eax=0012da78 ebx=00007530 ecx=000a5440 edx=77531441 esi=00000000 edi=00bbff50
eip=7c90eb94 esp=00bbff20 ebp=00bbff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
ChildEBP RetAddr Args to Child
00bbff78 7c802451 0000ea60 00000000 00bbffb4 ntdll!KiFastSystemCallRet
00bbff88 774f2fcb 0000ea60 000f59c0 774f314d kernel32!Sleep+0xf
00bbffb4 7c80b50b 000f59c0 000a4b90 00000010 ole32!StringFromGUID2+0x2d1
00bbffec 00000000 774f319a 000f59c0 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000bbff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff bb 00 \..|.#.|....P...
0000000000bbff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00 P%.|.V`w0u......
0000000000bbff40 01 00 00 00 90 1c c3 01 - 00 00 00 00 00 00 00 00 ................
0000000000bbff50 00 ba 3c dc ff ff ff ff - fc fe bb 00 50 ff bb 00 ..<.........P...
0000000000bbff60 30 ff bb 00 fc fe bb 00 - dc ff bb 00 f3 99 83 7c 0..............|
0000000000bbff70 58 24 80 7c 00 00 00 00 - 88 ff bb 00 51 24 80 7c X$.|........Q$.|
0000000000bbff80 60 ea 00 00 00 00 00 00 - b4 ff bb 00 cb 2f 4f 77 `............/Ow
0000000000bbff90 60 ea 00 00 c0 59 0f 00 - 4d 31 4f 77 00 00 00 00 `....Y..M1Ow....
0000000000bbffa0 90 4b 0a 00 c0 59 0f 00 - 00 00 4e 77 b5 31 4f 77 .K...Y....Nw.1Ow
0000000000bbffb0 10 00 00 00 ec ff bb 00 - 0b b5 80 7c c0 59 0f 00 ...........|.Y..
0000000000bbffc0 90 4b 0a 00 10 00 00 00 - c0 59 0f 00 00 d0 fd 7f .K.......Y......
0000000000bbffd0 00 46 3c 82 c0 ff bb 00 - 78 65 32 ff ff ff ff ff .F<.....xe2.....
0000000000bbffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000000bbfff0 00 00 00 00 9a 31 4f 77 - c0 59 0f 00 00 00 00 00 .....1Ow.Y......
0000000000bc0000 c8 00 00 00 54 01 00 00 - ff ee ff ee 02 10 00 00 ....T...........
0000000000bc0010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00 ............. ..
0000000000bc0020 00 02 00 00 00 20 00 00 - 14 02 00 00 ff ef fd 7f ..... ..........
0000000000bc0030 19 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000bc0040 00 00 00 00 98 05 bc 00 - 0f 00 00 00 f8 ff ff ff ................
0000000000bc0050 50 00 bc 00 50 00 bc 00 - 40 06 bc 00 00 00 00 00 P...P...@.......

*----> State Dump for Thread Id 0x170 <----*

eax=00c7fce0 ebx=00000000 ecx=00c7fccc edx=7c90eb94 esi=000cbfc8 edi=00000000
eip=7c90eb94 esp=00c7fccc ebp=00c7ff28 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00c7ff28 75faea19 00167c78 0007e7a8 0007e794 ntdll!KiFastSystemCallRet
00c7ffb4 7c80b50b 00167c78 0007e7a8 0007e794 BROWSEUI!Ordinal107+0xbf5a
00c7ffec 00000000 75fae9d5 00167c78 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000c7fccc f5 93 d4 77 0a e9 fa 75 - a8 e7 07 00 00 00 00 00 ...w...u........
0000000000c7fcdc 78 7c 16 00 1a 08 04 00 - bc c0 00 00 00 00 00 00 x|..............
0000000000c7fcec 00 00 00 00 42 1d 3a 00 - 0f 01 00 00 45 02 00 00 ....B.:.....E...
0000000000c7fcfc 02 00 00 00 01 00 00 00 - c8 bf 0c 00 00 00 00 00 ................
0000000000c7fd0c d8 07 10 00 00 ec 16 00 - 01 00 00 00 00 00 00 00 ................
0000000000c7fd1c 57 00 69 00 6e 00 64 00 - 6f 00 77 00 73 00 20 00 W.i.n.d.o.w.s. .
0000000000c7fd2c 45 00 78 00 70 00 6c 00 - 6f 00 72 00 65 00 72 00 E.x.p.l.o.r.e.r.
0000000000c7fd3c 00 00 00 00 00 00 00 00 - 08 90 c1 01 00 00 00 00 ................
0000000000c7fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000c7fd5c 00 00 00 00 08 00 30 c0 - bc 23 00 c0 b9 00 00 00 ......0..#......
0000000000c7fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000c7fd7c 00 00 00 00 10 ab 2f f0 - 08 00 00 00 08 00 30 c0 ....../.......0.
0000000000c7fd8c 10 ab 2f f0 86 bf 4e 80 - 00 f0 8e 00 00 00 00 00 ../...N.........
0000000000c7fd9c 00 00 00 00 ff ff 8e 00 - 10 5b c3 01 01 29 a7 81 .........[...)..
0000000000c7fdac 00 00 00 00 bc 23 00 c0 - 00 00 00 00 01 00 00 00 .....#..........
0000000000c7fdbc 00 00 00 00 38 00 00 00 - 44 9e d4 77 80 02 da 77 ....8...D..w...w
0000000000c7fdcc a8 e7 07 00 00 00 00 00 - 78 7c 16 00 92 d5 90 7c ........x|.....|
0000000000c7fddc cc 6b dd 77 d5 e9 fa 75 - 30 53 b7 01 56 08 81 7c .k.w...u0S..V..|
0000000000c7fdec 1b 00 00 00 00 02 00 00 - fc ff c7 00 23 00 00 00 ............#...
0000000000c7fdfc 00 00 00 00 1b 00 00 00 - 00 02 00 00 fc ff 1f 01 ................

*----> State Dump for Thread Id 0x480 <----*

eax=00000000 ebx=00000000 ecx=77605074 edx=00000000 esi=01bbbd38 edi=00000000
eip=7c90eb94 esp=01f7fccc ebp=01f7ff28 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
01f7ff28 75faea19 0287d338 0007e7a8 0007e794 ntdll!KiFastSystemCallRet
01f7ffb4 7c80b50b 0287d338 0007e7a8 0007e794 BROWSEUI!Ordinal107+0xbf5a
01f7ffec 00000000 75fae9d5 0287d338 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000001f7fccc f5 93 d4 77 0a e9 fa 75 - a8 e7 07 00 00 00 00 00 ...w...u........
0000000001f7fcdc 38 d3 87 02 f0 07 69 00 - bc c0 00 00 00 00 00 00 8.....i.........
0000000001f7fcec 00 00 00 00 42 1d 3a 00 - 0f 01 00 00 45 02 00 00 ....B.:.....E...
0000000001f7fcfc 02 00 00 00 01 00 00 00 - 38 bd bb 01 00 00 00 00 ........8.......
0000000001f7fd0c 5c 01 0d 00 10 d5 8b 02 - 01 00 00 00 00 00 00 00 \...............
0000000001f7fd1c 57 00 69 00 6e 00 64 00 - 6f 00 77 00 73 00 20 00 W.i.n.d.o.w.s. .
0000000001f7fd2c 45 00 78 00 70 00 6c 00 - 6f 00 72 00 65 00 72 00 E.x.p.l.o.r.e.r.
0000000001f7fd3c 00 00 00 00 00 00 00 00 - f0 e1 17 00 00 00 00 00 ................
0000000001f7fd4c 00 00 00 00 70 00 00 00 - 5c 8b 29 ef 00 00 18 00 ....p...\.).....
0000000001f7fd5c 48 8a 29 ef 00 00 34 00 - 08 e8 17 00 00 00 00 00 H.)...4.........
0000000001f7fd6c 68 8a 29 ef 68 8a 29 ef - 00 00 00 00 b8 2d 23 82 h.).h.)......-#.
0000000001f7fd7c d0 26 81 ff 50 8b 29 ef - 08 00 00 00 01 7d 48 e1 .&..P.)......}H.
0000000001f7fd8c e6 46 3a 00 78 02 09 00 - 3b 47 3a f8 10 e8 17 00 .F:.x...;G:.....
0000000001f7fd9c 48 2f 23 82 04 00 00 00 - 28 44 b9 01 78 02 09 00 H/#.....(D..x...
0000000001f7fdac 00 00 00 00 c0 f8 15 e3 - a4 8a 29 ef c9 48 3a f8 ..........)..H:.
0000000001f7fdbc 00 00 00 00 38 00 00 00 - 44 9e d4 77 80 02 da 77 ....8...D..w...w
0000000001f7fdcc a8 e7 07 00 00 00 00 00 - 38 d3 87 02 01 00 00 00 ........8.......
0000000001f7fddc cc 6b dd 77 d5 e9 fa 75 - 28 58 b9 01 56 08 81 7c .k.w...u(X..V..|
0000000001f7fdec 1b 00 00 00 00 02 00 00 - fc ff f7 01 23 00 00 00 ............#...
0000000001f7fdfc 20 00 00 00 89 8b 29 ef - e8 b5 27 82 f8 7b 3c 82 .....)...'..{<.

*----> State Dump for Thread Id 0x274 <----*

eax=00000001 ebx=00000000 ecx=02b0fc60 edx=7c90eb94 esi=000b88d0 edi=00000100
eip=7c90eb94 esp=02b0fe1c ebp=02b0ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
02b0ff80 77e76c22 02b0ffa8 77e76a3b 000b88d0 ntdll!KiFastSystemCallRet
02b0ff88 77e76a3b 000b88d0 7c9106eb 0011cdf0 RPCRT4!I_RpcBCacheFree+0x5ea
02b0ffa8 77e76c0a 000b8788 02b0ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
02b0ffb4 7c80b50b 01c3fd00 7c9106eb 0011cdf0 RPCRT4!I_RpcBCacheFree+0x5d2
02b0ffec 00000000 77e76bf0 01c3fd00 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002b0fe1c 99 e3 90 7c 03 67 e7 77 - 98 01 00 00 70 ff b0 02 ...|.g.w....p...
0000000002b0fe2c 00 00 00 00 50 12 0b 00 - 54 ff b0 02 b8 7b 4e ee ....P...T....{N.
0000000002b0fe3c 00 00 00 00 08 00 02 00 - 34 06 00 00 ec 7b 4e ee ........4....{N.
0000000002b0fe4c 40 5c 27 e1 02 7b 4e ee - 00 00 58 80 10 1c 00 e1 @\'..{N...X.....
0000000002b0fe5c d8 2a 32 e1 ec 7b 4e ee - d0 2a 32 e1 00 00 00 00 .*2..{N..*2.....
0000000002b0fe6c d0 25 00 00 ef c3 56 80 - 02 00 00 00 0c 00 00 00 .%....V.........
0000000002b0fe7c d8 2a 32 e1 00 00 00 00 - 00 00 00 00 38 a4 3b e3 .*2.........8.;.
0000000002b0fe8c ec 7b 4e ee 00 00 00 02 - 14 7c 4e ee 3b c4 56 80 .{N......|N.;.V.
0000000002b0fe9c 38 a4 3b e3 c0 24 1d e3 - b4 2a 32 e1 40 5c 27 e1 8.;..$...*2.@\'.
0000000002b0feac 01 00 00 00 00 00 00 00 - 14 7c 4e ee 41 c4 56 80 .........|N.A.V.
0000000002b0febc 38 a4 3b e3 d0 7c 4e ee - 88 7c 4e ee cf 51 56 80 8.;..|N..|N..QV.
0000000002b0fecc 00 00 00 02 00 00 00 00 - 00 e0 0d 00 00 e0 0d 00 ................
0000000002b0fedc 98 b5 1b ff e4 7b 4e ee - 25 44 56 80 28 6a 28 e3 .....{N.%DV.(j(.
0000000002b0feec 34 06 00 00 98 b5 1b ff - 00 00 00 00 68 ec 0f e1 4...........h...
0000000002b0fefc 20 a4 3b e3 68 ec 0f e1 - 21 a4 3b e3 0c 7c 4e ee .;.h...!.;..|N.
0000000002b0ff0c 36 45 56 80 28 6a 28 e3 - 3c 17 25 ff 24 7c 4e ee 6EV.(j(.<.%.$|N.
0000000002b0ff1c 62 c8 4d 80 6a c8 4d 80 - 0c 17 25 ff a0 15 25 ff b.M.j.M...%...%.
0000000002b0ff2c d4 15 25 ff 80 ff b0 02 - 99 66 e7 77 4c ff b0 02 ..%......f.wL...
0000000002b0ff3c a9 66 e7 77 ed 10 90 7c - f0 26 87 02 00 fd c3 01 .f.w...|.&......
0000000002b0ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x368 <----*

eax=00188b00 ebx=00000000 ecx=7c9cea74 edx=028c0fbc esi=7c97c380 edi=7c97c3a0
eip=7c90eb94 esp=0363ff70 ebp=0363ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0363ffb4 7c80b50b 00000000 00cfe690 00cfe690 ntdll!KiFastSystemCallRet
0363ffec 00000000 7c910760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000363ff70 1b e3 90 7c 9d 07 91 7c - d8 01 00 00 ac ff 63 03 ...|...|......c.
000000000363ff80 b0 ff 63 03 98 ff 63 03 - a0 ff 63 03 90 e6 cf 00 ..c...c...c.....
000000000363ff90 90 e6 cf 00 00 00 00 00 - 00 00 00 00 80 3c bb 01 .............<..
000000000363ffa0 00 7c 28 e8 ff ff ff ff - 35 ec 6e 80 69 75 92 7c .|(.....5.n.iu.|
000000000363ffb0 10 44 b9 01 ec ff 63 03 - 0b b5 80 7c 00 00 00 00 .D....c....|....
000000000363ffc0 90 e6 cf 00 90 e6 cf 00 - 00 00 00 00 00 60 fa 7f .............`..
000000000363ffd0 00 46 3c 82 c0 ff 63 03 - 50 11 23 82 ff ff ff ff .F<...c.P.#.....
000000000363ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
000000000363fff0 00 00 00 00 60 07 91 7c - 00 00 00 00 00 00 00 00 ....`..|........
0000000003640000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003640090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036400a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x35c <----*

eax=00000000 ebx=00030000 ecx=02766028 edx=00030178 esi=02766020 edi=02772460
eip=7c9111de esp=00f5e064 ebp=00f5e284 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!wcsncpy
7c9111bc 04c2 add al,0xc2
7c9111be 8945d8 mov [ebp-0x28],eax
7c9111c1 8b7004 mov esi,[eax+0x4]
7c9111c4 83ee08 sub esi,0x8
7c9111c7 8975c8 mov [ebp-0x38],esi
7c9111ca 8d4e08 lea ecx,[esi+0x8]
7c9111cd 8b39 mov edi,[ecx]
7c9111cf 89bd0cffffff mov [ebp-0xf4],edi
7c9111d5 8b460c mov eax,[esi+0xc]
7c9111d8 898568ffffff mov [ebp-0x98],eax
FAULT ->7c9111de 8b10 mov edx,[eax] ds:0023:00000000=????????
7c9111e0 3b5704 cmp edx,[edi+0x4]
7c9111e3 0f858c310200 jne ntdll!RtlInitializeContext+0x2f4 (7c934375)
7c9111e9 3bd1 cmp edx,ecx
7c9111eb 0f8584310200 jne ntdll!RtlInitializeContext+0x2f4 (7c934375)
7c9111f1 8938 mov [eax],edi
7c9111f3 894704 mov [edi+0x4],eax
7c9111f6 3bf8 cmp edi,eax
7c9111f8 0f8548020000 jne ntdll!wcsncpy+0x9b7 (7c911446)
7c9111fe 0fb70e movzx ecx,word ptr [esi]
7c911201 8bc1 mov eax,ecx

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\msvcrt.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\winnt\srchasst\srchui.dll -
ChildEBP RetAddr Args to Child
00f5e284 77c2c3c9 00030000 00000000 0000007c ntdll!wcsncpy+0x74f
00f5e2c4 77c2c3e7 0000007c 00f5e2e0 77c29cd4 msvcrt!free+0x1ae
00f5e2d0 77c29cd4 0000007c 00000001 00f5e30c msvcrt!free+0x1cc
00f5e2e0 5c0b4c59 0000007c 5c0b4c98 5c0c69b8 msvcrt!operator new+0xf
00f5e30c 5c0b3395 0000000f 00000000 00050000 srchui+0x34c59
00f5e324 77d4ed1a 00000003 0048015a 00f5e36c srchui+0x33395
00f5e340 77d7f60e 00050003 0048015a 00f5e36c USER32!IsCharAlphaW+0x15a
00f5e374 7c90eae3 00f5e384 00000060 00000060 USER32!InsertMenuItemA+0x1de
00f5e884 77d518a4 00000080 00f5e908 00000000 ntdll!KiUserCallbackDispatcher+0x13
00f5e930 77d51b08 00000080 77f7fd4c 00000000 USER32!UserClientDllInitialize+0x9eb
00f5e96c 77f7fd22 00000080 77f7fd4c 00000000 USER32!CreateWindowExW+0x33
00f5e9d4 7ca2db21 7ca38db6 00090138 00000080 SHLWAPI!Ordinal278+0x94
00f5ea28 75fac305 01be9c5c 0011b8d0 00f5ea9c SHELL32!SHGetSetFolderCustomSettingsW+0x2013
00f5ea64 75fb0216 00090138 00000006 00f5eab4 BROWSEUI!Ordinal107+0x9846
00f5eaa0 75fadc9e 01ba8760 00090138 00000006 BROWSEUI!Ordinal103+0x14e5
00f5eacc 77d48709 01ba8760 00000006 00000001 BROWSEUI!Ordinal107+0xb1df
00f5eaf8 77d487eb 75fadc51 00090138 00000006 USER32!GetDC+0x72
00f5eb60 77d4b368 00000000 75fadc51 00090138 USER32!GetDC+0x154
00f5ebb4 77d4b3b4 00574dd0 00000006 00000001 USER32!DefWindowProcW+0x183
00f5ebdc 7c90eae3 00f5ebec 00000018 00574dd0 USER32!DefWindowProcW+0x1cf
00f5ec44 75fae87a 00000000 00f5ef5c 00000000 ntdll!KiUserCallbackDispatcher+0x13
00f5eea4 75faea19 000aea10 00f5ef5c 000aea10 BROWSEUI!Ordinal107+0xbdbb
00f5ef30 75faecbd 000aea10 7c910732 00000005 BROWSEUI!Ordinal107+0xbf5a
00f5ffb4 7c80b50b 000aea10 7c910732 00000005 BROWSEUI!Ordinal102+0x22c
00f5ffec 00000000 77832319 000aea10 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f5e064 5a 01 48 00 7c 00 00 00 - 00 79 6a 02 00 00 00 46 Z.H.|....yj....F
0000000000f5e074 00 00 00 00 00 00 00 00 - 01 00 00 00 01 00 00 00 ................
0000000000f5e084 5e 01 20 00 bc e0 f5 00 - 00 00 09 00 32 07 91 7c ^. .........2..|
0000000000f5e094 03 00 00 00 18 07 09 00 - 00 00 09 00 f0 22 b8 01 ............."..
0000000000f5e0a4 94 e0 f5 00 f0 83 8d 02 - d8 e2 f5 00 18 ee 90 7c ...............|
0000000000f5e0b4 38 07 91 7c ff ff ff ff - 32 07 91 7c ab 06 91 7c 8..|....2..|...|
0000000000f5e0c4 eb 06 91 7c 1c ee 16 00 - c8 ed 16 00 1c ee 16 00 ...|............
0000000000f5e0d4 00 00 00 00 00 00 08 5c - 00 00 00 00 f0 e0 f5 00 .......\........
0000000000f5e0e4 00 00 00 00 c8 05 91 7c - 18 98 c4 01 00 00 0f 02 .......|........
0000000000f5e0f4 51 05 91 7c 78 07 09 00 - 6d 05 91 7c 40 98 c4 01 Q..|x...m..|@...
0000000000f5e104 20 98 c4 01 bc a8 c4 01 - 6d 05 91 7c 00 00 00 00 .......m..|....
0000000000f5e114 00 f1 c6 01 e8 93 11 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5e124 01 00 00 00 00 00 00 00 - 00 00 00 00 c8 05 91 7c ...............|
0000000000f5e134 44 e1 f5 00 00 00 00 00 - c8 05 91 7c 90 a8 c4 01 D..........|....
0000000000f5e144 78 e1 f5 00 00 00 09 00 - 32 07 91 7c 41 00 00 00 x.......2..|A...
0000000000f5e154 b8 12 09 00 00 00 09 00 - c8 08 c3 01 50 e1 f5 00 ............P...
0000000000f5e164 00 00 00 00 94 e3 f5 00 - 18 ee 90 7c 38 07 91 7c ...........|8..|
0000000000f5e174 ff ff ff ff 32 07 91 7c - ab 06 91 7c eb 06 91 7c ....2..|...|...|
0000000000f5e184 00 00 ff ff 00 02 00 00 - 00 00 00 00 60 24 77 02 ............`$w.
0000000000f5e194 70 86 c4 01 64 e2 f5 00 - 51 05 91 7c 78 07 09 00 p...d...Q..|x...

*----> State Dump for Thread Id 0x25c <----*

eax=00000000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c90eb94 esp=00ccffe8 ebp=00000000 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00000000 00000000 00000000 00000000 00000000 ntdll!KiFastSystemCallRet

*----> Raw Stack Dump <----*
0000000000ccffe8 72 84 d4 77 ef fa d6 77 - 01 00 00 00 22 00 00 00 r..w...w...."...
0000000000ccfff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0098 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd00a8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd00b8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd00c8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd00d8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd00e8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd00f8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0108 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000cd0118 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................



Application exception occurred:
App: C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE (pid=352)
When: 27/09/2004 @ 18:27:11.906
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: MACHINE
User Name: Wei
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization: -
Registered Owner: Bob

*----> Task List <----*
0 System Process
4 System
436 smss.exe
484 csrss.exe
508 winlogon.exe
556 services.exe
568 lsass.exe
712 svchost.exe
792 svchost.exe
832 svchost.exe
876 svchost.exe
968 svchost.exe
1124 Explorer.EXE
1228 spoolsv.exe
1356 avgserv.exe
1368 CTsvcCDA.exe
1396 CTSysVol.exe
1404 CTDVDDet.EXE
1412 CTHELPER.EXE
1428 avgcc32.exe
1464 iTouch.exe
1484 EM_EXEC.EXE
1504 ctfmon.exe
1560 MsnMsgr.Exe
344 alg.exe
788 wuauclt.exe
1272 msiexec.exe
352 OUTLOOK.EXE
1860 drwtsn32.exe

*----> Module List <----*
(0000000010000000 - 0000000010010000: C:\WINNT\system32\ctagent.dll
(0000000020000000 - 00000000202c5000: C:\WINNT\system32\xpsp2res.dll
(0000000030000000 - 000000003000a000: C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE
(00000000345f0000 - 0000000034bf6000: C:\PROGRA~1\MI1933~1\Office10\OUTLLIB.DLL
(000000005b0a0000 - 000000005b0a7000: C:\WINNT\system32\umdmxfrm.dll
(000000005cb70000 - 000000005cb96000: C:\WINNT\system32\ShimEng.dll
(000000005cd70000 - 000000005cd77000: C:\WINNT\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINNT\system32\COMCTL32.DLL
(00000000714e0000 - 0000000071521000: C:\WINNT\AppPatch\AcSpecfc.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINNT\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINNT\system32\WS2_32.dll
(0000000071b20000 - 0000000071b32000: C:\WINNT\system32\MPR.dll
(0000000073760000 - 00000000737a9000: C:\WINNT\system32\DDRAW.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINNT\system32\DCIMAN32.dll
(0000000074720000 - 000000007476b000: C:\WINNT\system32\MSCTF.dll
(0000000076390000 - 00000000763ad000: C:\WINNT\system32\IMM32.dll
(00000000763b0000 - 00000000763f9000: C:\WINNT\system32\comdlg32.dll
(00000000769c0000 - 0000000076a73000: C:\WINNT\system32\USERENV.dll
(0000000076b40000 - 0000000076b6d000: C:\WINNT\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINNT\system32\PSAPI.DLL
(0000000076fd0000 - 000000007704f000: C:\WINNT\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINNT\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINNT\system32\OLEAUT32.DLL
(00000000773d0000 - 00000000774d2000: C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINNT\system32\OLE32.DLL
(0000000077b40000 - 0000000077b62000: C:\WINNT\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINNT\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINNT\system32\MSVCRT.DLL
(0000000077d40000 - 0000000077dd0000: C:\WINNT\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINNT\system32\ADVAPI32.DLL
(0000000077e70000 - 0000000077f01000: C:\WINNT\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINNT\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINNT\system32\SHLWAPI.dll
(000000007c800000 - 000000007c8f4000: C:\WINNT\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINNT\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINNT\system32\SHELL32.dll
(000000007d1e0000 - 000000007d492000: C:\WINNT\system32\msi.dll

*----> State Dump for Thread Id 0x7cc <----*

eax=00000000 ebx=00000000 ecx=00000080 edx=34b84e00 esi=34b84df0 edi=00000000
eip=7c918fea esp=0013fe80 ebp=0013fef4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
function: ntdll!RtlpWaitForCriticalSection
7c918fce 57 push edi
7c918fcf 1bc0 sbb eax,eax
7c918fd1 f7d0 not eax
7c918fd3 2540c1977c and eax,0x7c97c140
7c918fd8 8bf8 mov edi,eax
7c918fda 8b4610 mov eax,[esi+0x10]
7c918fdd 3bc3 cmp eax,ebx
7c918fdf 8945fc mov [ebp-0x4],eax
7c918fe2 0f849e000000 je ntdll!RtlpUnWaitCriticalSection+0x2f (7c919086)
7c918fe8 8b06 mov eax,[esi]
FAULT ->7c918fea ff4010 inc dword ptr [eax+0x10] ds:0023:00000010=????????
7c918fed 8b45fc mov eax,[ebp-0x4]
7c918ff0 83e001 and eax,0x1
7c918ff3 8945e8 mov [ebp-0x18],eax
7c918ff6 8b06 mov eax,[esi]
7c918ff8 ff4014 inc dword ptr [eax+0x14]
7c918ffb f605f002fe7f01 test byte ptr [7ffe02f0],0x1
7c919002 0f85e6920200 jne ntdll!RtlInitializeSListHead+0x92de (7c9422ee)
7c919008 395de8 cmp [ebp-0x18],ebx
7c91900b 57 push edi
7c91900c 53 push ebx

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0013fef4 7c90104b 00b84df0 3473092f 34b84df0 ntdll!RtlpWaitForCriticalSection+0x5b
0013ffc0 7c816d4f 00090000 00ceef44 7ffde000 ntdll!RtlEnterCriticalSection+0x46
0013fff0 00000000 3000109c 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000013fe80 f0 4d b8 34 a4 23 15 00 - 00 00 00 00 eb 06 91 7c .M.4.#.........|
000000000013fe90 c9 c3 c2 77 00 00 03 00 - 00 00 00 00 ce c3 c2 77 ...w...........w
000000000013fea0 00 00 09 00 08 00 00 00 - 78 23 15 00 00 00 00 00 ........x#......
000000000013feb0 90 1e 15 00 a0 fe 13 00 - 45 09 91 7c 4e 09 91 7c ........E..|N..|
000000000013fec0 00 00 09 00 00 00 02 00 - 00 00 00 00 ce c3 c2 77 ...............w
000000000013fed0 e7 c3 c2 77 00 e0 fd 7f - 05 10 90 7c c0 fe 13 00 ...w.......|....
000000000013fee0 90 40 03 00 20 ff 13 00 - 18 ee 90 7c 00 00 00 00 .@.. ......|....
000000000013fef0 80 00 00 00 c0 ff 13 00 - 4b 10 90 7c f0 4d b8 00 ........K..|.M..
000000000013ff00 2f 09 73 34 f0 4d b8 34 - 00 00 00 00 a4 23 15 00 /.s4.M.4.....#..
000000000013ff10 b0 99 82 34 ff ff ff ff - dc fb 72 34 00 00 00 00 ...4......r4....
000000000013ff20 8a 10 00 30 00 00 09 00 - bf 11 00 30 00 00 00 30 ...0.......0...0
000000000013ff30 00 00 00 00 a4 23 15 00 - 01 00 00 00 00 00 09 00 .....#..........
000000000013ff40 44 ef ce 00 00 e0 fd 7f - 05 00 00 c0 a4 23 15 00 D............#..
000000000013ff50 90 40 03 00 00 00 00 00 - 08 00 00 00 68 29 03 00 .@..........h)..
000000000013ff60 01 00 00 00 44 00 00 00 - d0 3a 15 00 e0 3a 15 00 ....D....:...:..
000000000013ff70 f8 3a 15 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .:..............
000000000013ff80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013ff90 01 04 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013ffa0 01 00 01 00 00 00 00 00 - 3c ff 13 00 a4 fa 13 00 ........<.......
000000000013ffb0 e0 ff 13 00 a8 12 00 30 - 58 10 00 30 00 00 00 00 .......0X..0....

*----> State Dump for Thread Id 0x33c <----*

eax=00000000 ebx=00000000 ecx=7ffdb000 edx=001531a4 esi=00153168 edi=00000100
eip=7c90eb94 esp=00d6fe1c ebp=00d6ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00d6ff80 77e76c22 00d6ffa8 77e76a3b 00153168 ntdll!KiFastSystemCallRet
00d6ff88 77e76a3b 00153168 00000000 00c5e77c RPCRT4!I_RpcBCacheFree+0x5ea
00d6ffa8 77e76c0a 00157620 00d6ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00d6ffb4 7c80b50b 00167800 00000000 00c5e77c RPCRT4!I_RpcBCacheFree+0x5d2
00d6ffec 00000000 77e76bf0 00167800 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d6fe1c 99 e3 90 7c 03 67 e7 77 - 94 01 00 00 70 ff d6 00 ...|.g.w....p...
0000000000d6fe2c 00 00 00 00 28 4b 17 00 - 54 ff d6 00 b0 cc 57 80 ....(K..T.....W.
0000000000d6fe3c cb cc 57 80 64 ed d3 ed - 28 ec c5 00 27 cc 57 80 ..W.d...(...'.W.
0000000000d6fe4c 37 47 56 80 02 b6 4f ff - 00 00 04 ff f8 38 3c 82 7GV...O......8<.
0000000000d6fe5c 10 47 ab 81 f8 46 ab 81 - 48 ed d3 ed 00 c6 56 80 .G...F..H.....V.
0000000000d6fe6c 00 00 00 00 40 20 56 80 - 40 20 56 80 02 00 00 00 ....@ V.@ V.....
0000000000d6fe7c 00 00 00 00 20 02 04 ff - 4e 00 ee 00 00 00 00 00 .... ...N.......
0000000000d6fe8c 05 00 00 00 05 00 00 00 - 20 02 04 ff 01 00 00 00 ........ .......
0000000000d6fe9c 00 00 00 00 a0 55 c7 e2 - 20 02 04 ff f0 eb d3 ed .....U.. .......
0000000000d6feac e1 b2 54 80 00 00 00 00 - 00 50 cc fe 71 b3 54 80 ..T......P..q.T.
0000000000d6febc 00 90 cc fe 00 00 00 00 - 40 84 32 ff 00 00 00 00 ........@.2.....
0000000000d6fecc 00 30 50 c0 fe 08 00 00 - 65 04 00 00 40 84 32 ff .0P.....e...@.2.
0000000000d6fedc ec eb d3 ed c1 4f 50 80 - fc eb d3 ed 04 00 00 00 .....OP.........
0000000000d6feec 00 00 00 00 40 84 32 ff - 0c bc 2c 82 a1 01 00 00 ....@.2...,.....
0000000000d6fefc 00 00 00 00 10 00 00 00 - ff 00 00 00 00 00 00 00 ................
0000000000d6ff0c 20 ec d3 ed 19 4f 50 80 - 04 6f 0f ff 24 ec d3 ed ....OP..o..$...
0000000000d6ff1c 62 c8 4d 80 6a c8 4d 80 - d4 6e 0f ff 68 6d 0f ff b.M.j.M..n..hm..
0000000000d6ff2c 9c 6d 0f ff 80 ff d6 00 - 99 66 e7 77 4c ff d6 00 .m.......f.wL...
0000000000d6ff3c a9 66 e7 77 ed 10 90 7c - b0 99 16 00 00 78 16 00 .f.w...|.....x..
0000000000d6ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x788 <----*

eax=774f319a ebx=00007530 ecx=7ffde000 edx=00000000 esi=00000000 edi=00e6ff50
eip=7c90eb94 esp=00e6ff20 ebp=00e6ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\OLE32.DLL -
ChildEBP RetAddr Args to Child
00e6ff78 7c802451 0000ea60 00000000 00e6ffb4 ntdll!KiFastSystemCallRet
00e6ff88 774f2fcb 0000ea60 0016c128 774f314d kernel32!Sleep+0xf
00e6ffb4 7c80b50b 0016c128 7c910945 7c91094e OLE32!StringFromGUID2+0x2d1
00e6ffec 00000000 774f319a 0016c128 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e6ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff e6 00 \..|.#.|....P...
0000000000e6ff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00 P%.|.V`w0u......
0000000000e6ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000e6ff50 00 ba 3c dc ff ff ff ff - 08 4f 4e 77 50 ff e6 00 ..<......ONwP...
0000000000e6ff60 30 ff e6 00 18 4b 15 00 - dc ff e6 00 f3 99 83 7c 0....K.........|
0000000000e6ff70 58 24 80 7c 00 00 00 00 - 88 ff e6 00 51 24 80 7c X$.|........Q$.|
0000000000e6ff80 60 ea 00 00 00 00 00 00 - b4 ff e6 00 cb 2f 4f 77 `............/Ow
0000000000e6ff90 60 ea 00 00 28 c1 16 00 - 4d 31 4f 77 00 00 00 00 `...(...M1Ow....
0000000000e6ffa0 45 09 91 7c 28 c1 16 00 - 00 00 4e 77 b5 31 4f 77 E..|(.....Nw.1Ow
0000000000e6ffb0 4e 09 91 7c ec ff e6 00 - 0b b5 80 7c 28 c1 16 00 N..|.......|(...
0000000000e6ffc0 45 09 91 7c 4e 09 91 7c - 28 c1 16 00 00 a0 fd 7f E..|N..|(.......
0000000000e6ffd0 00 46 3c 82 c0 ff e6 00 - c8 ce e6 fe ff ff ff ff .F<.............
0000000000e6ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000000e6fff0 00 00 00 00 9a 31 4f 77 - 28 c1 16 00 00 00 00 00 .....1Ow(.......
0000000000e70000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e70010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e70020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e70030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e70040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e70050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x6f4 <----*

eax=00171e30 ebx=00000000 ecx=7ffd9000 edx=776056f8 esi=00153168 edi=00000100
eip=7c90eb94 esp=00f6fe1c ebp=00f6ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f6ff80 77e76c22 00f6ffa8 77e76a3b 00153168 ntdll!KiFastSystemCallRet
00f6ff88 77e76a3b 00153168 00000000 00470178 RPCRT4!I_RpcBCacheFree+0x5ea
00f6ffa8 77e76c0a 00157620 00f6ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00f6ffb4 7c80b50b 0016c940 00000000 00470178 RPCRT4!I_RpcBCacheFree+0x5d2
00f6ffec 00000000 77e76bf0 0016c940 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f6fe1c 99 e3 90 7c 03 67 e7 77 - 94 01 00 00 70 ff f6 00 ...|.g.w....p...
0000000000f6fe2c 00 00 00 00 f8 4e 17 00 - 54 ff f6 00 98 0c 56 80 .....N..T.....V.
0000000000f6fe3c 90 0c 56 80 c4 47 25 00 - ff ff ff ff 1c 1b 96 f7 ..V..G%.........
0000000000f6fe4c e2 79 56 80 02 5a 26 00 - 00 00 56 80 00 00 00 00 .yV..Z&...V.....
0000000000f6fe5c 88 5b b7 e1 a0 5b b7 e1 - c4 1b 96 f7 88 5b b7 e1 .[...[.......[..
0000000000f6fe6c 16 00 18 00 f8 38 3c 82 - 37 47 56 80 c0 9d ee fe .....8<.7GV.....
0000000000f6fe7c 40 00 00 00 f8 38 3c 82 - 60 fd 10 ff 48 fd 10 ff @....8<.`...H...
0000000000f6fe8c 48 1d 96 f7 00 c6 56 80 - 64 1d 96 f7 b3 03 00 00 H.....V.d.......
0000000000f6fe9c b2 03 00 00 01 00 00 00 - 00 00 00 00 20 20 0b ff ............ ..
0000000000f6feac 88 1b 96 f7 00 00 00 00 - 02 00 00 00 02 00 00 00 ................
0000000000f6febc 20 20 0b ff 03 00 00 00 - 00 00 00 00 88 5b b7 e1 ...........[..
0000000000f6fecc 20 20 0b ff bc 1b 96 f7 - 73 77 56 80 a8 f3 4a e3 ......swV...J.
0000000000f6fedc 60 01 00 00 c0 9d ee fe - a8 f3 4a e3 19 00 02 00 `.........J.....
0000000000f6feec 60 01 00 00 00 00 00 00 - b4 f3 4a e3 c0 f2 1a e1 `.........J.....
0000000000f6fefc 89 5b b7 e1 d8 1b 96 f7 - 9a 78 56 80 a8 f3 4a e3 .[.......xV...J.
0000000000f6ff0c ff ff ff ff 46 02 00 00 - d4 95 35 ff 24 1c 96 f7 ....F.....5.$...
0000000000f6ff1c 62 c8 4d 80 6a c8 4d 80 - a4 95 35 ff 38 94 35 ff b.M.j.M...5.8.5.
0000000000f6ff2c 6c 94 35 ff 80 ff f6 00 - 99 66 e7 77 4c ff f6 00 l.5......f.wL...
0000000000f6ff3c a9 66 e7 77 ed 10 90 7c - 28 c4 16 00 40 c9 16 00 .f.w...|(...@...
0000000000f6ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x350 <----*

eax=00000000 ebx=00000000 ecx=0106fcc4 edx=7c90eb94 esi=00153168 edi=00000100
eip=7c90eb94 esp=0106fe1c ebp=0106ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0106ff80 77e76c22 0106ffa8 77e76a3b 00153168 ntdll!KiFastSystemCallRet
0106ff88 77e76a3b 00153168 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5ea
0106ffa8 77e76c0a 00157620 0106ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0106ffb4 7c80b50b 00175260 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5d2
0106ffec 00000000 77e76bf0 00175260 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000106fe1c 99 e3 90 7c 03 67 e7 77 - 94 01 00 00 70 ff 06 01 ...|.g.w....p...
000000000106fe2c 00 00 00 00 00 59 17 00 - 54 ff 06 01 ff c4 01 00 .....Y..T.......
000000000106fe3c e8 87 2f 81 00 00 00 00 - 9c 36 50 c0 b8 92 e7 fe ../......6P.....
000000000106fe4c 3e 0d 00 00 02 6b d4 ed - 00 00 4e 80 3e 0d 00 00 >....k....N.>...
000000000106fe5c b8 92 e7 fe 00 70 fd 7f - fc 07 30 c0 5c ff 1f c0 .....p....0.\...
000000000106fe6c 3e 0d 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 >...............
000000000106fe7c 00 00 00 00 08 a0 21 82 - 28 6c d4 ed 0e c1 4e 80 ......!.(l....N.
000000000106fe8c fc 07 30 c0 28 6c d4 ed - 86 bf 4e 80 00 70 fd 7f ..0.(l....N..p..
000000000106fe9c 00 00 00 00 00 00 00 00 - 28 14 30 ff c0 90 e7 fe ........(.0.....
000000000106feac 01 91 e7 fe 00 00 00 00 - 5c ff 1f c0 00 00 00 00 ........\.......
000000000106febc 00 5c fc c1 ff ff 77 01 - 00 00 04 00 7f 17 00 00 .\....w.........
000000000106fecc 8c 91 e7 fe c0 90 e7 fe - 00 c1 35 82 00 00 00 00 ..........5.....
000000000106fedc 00 00 78 01 3c 6b d4 ed - 00 00 00 00 ff ff ff ff ..x.<k..........
000000000106feec f1 2a 4e 80 00 70 fd 7f - ff ff ff ff 1f 92 56 80 .*N..p........V.
000000000106fefc 6b f0 4d 80 ff ff ff ff - b8 6c d4 ed bc 6c d4 ed k.M......l...l..
000000000106ff0c 00 80 00 00 14 6d d4 ed - 24 4e ee 81 24 6c d4 ed .....m..$N..$l..
000000000106ff1c 62 c8 4d 80 6a c8 4d 80 - f4 4d ee 81 88 4c ee 81 b.M.j.M..M...L..
000000000106ff2c bc 4c ee 81 80 ff 06 01 - 99 66 e7 77 4c ff 06 01 .L.......f.wL...
000000000106ff3c a9 66 e7 77 ed 10 90 7c - f0 5a 17 00 60 52 17 00 .f.w...|.Z..`R..
000000000106ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......



Application exception occurred:
App: C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE (pid=972)
When: 27/09/2004 @ 23:28:53.328
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: MACHINE
User Name: Wei
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization: -
Registered Owner: Bob

*----> Task List <----*
0 System Process
4 System
420 smss.exe
468 csrss.exe
492 winlogon.exe
536 services.exe
548 lsass.exe
692 svchost.exe
772 svchost.exe
808 svchost.exe
852 svchost.exe
900 svchost.exe
1112 Explorer.EXE
1200 spoolsv.exe
1312 avgserv.exe
1324 CTsvcCDA.exe
1656 CTSysVol.exe
1700 CTDVDDet.EXE
1752 CTHELPER.EXE
1828 avgcc32.exe
1864 alg.exe
1888 iTouch.exe
1900 EM_EXEC.EXE
1916 ctfmon.exe
1924 MsnMsgr.Exe
972 OUTLOOK.EXE
1520 msiexec.exe
1620 MsiExec.exe
976 drwtsn32.exe
384 MsiExec.exe

*----> Module List <----*
(0000000010000000 - 0000000010010000: C:\WINNT\system32\ctagent.dll
(0000000020000000 - 00000000202c5000: C:\WINNT\system32\xpsp2res.dll
(0000000030000000 - 000000003000a000: C:\PROGRA~1\MI1933~1\Office10\OUTLOOK.EXE
(00000000345f0000 - 0000000034bf6000: C:\PROGRA~1\MI1933~1\Office10\OUTLLIB.DLL
(000000005b0a0000 - 000000005b0a7000: C:\WINNT\system32\umdmxfrm.dll
(000000005cb70000 - 000000005cb96000: C:\WINNT\system32\ShimEng.dll
(000000005cd70000 - 000000005cd77000: C:\WINNT\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINNT\system32\COMCTL32.DLL
(00000000714e0000 - 0000000071521000: C:\WINNT\AppPatch\AcSpecfc.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINNT\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINNT\system32\WS2_32.dll
(0000000071b20000 - 0000000071b32000: C:\WINNT\system32\MPR.dll
(0000000073760000 - 00000000737a9000: C:\WINNT\system32\DDRAW.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINNT\system32\DCIMAN32.dll
(0000000074720000 - 000000007476b000: C:\WINNT\system32\MSCTF.dll
(0000000076390000 - 00000000763ad000: C:\WINNT\system32\IMM32.dll
(00000000763b0000 - 00000000763f9000: C:\WINNT\system32\comdlg32.dll
(00000000769c0000 - 0000000076a73000: C:\WINNT\system32\USERENV.dll
(0000000076b40000 - 0000000076b6d000: C:\WINNT\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINNT\system32\PSAPI.DLL
(0000000076fd0000 - 000000007704f000: C:\WINNT\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINNT\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINNT\system32\OLEAUT32.DLL
(00000000773d0000 - 00000000774d2000: C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINNT\system32\OLE32.DLL
(0000000077b40000 - 0000000077b62000: C:\WINNT\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINNT\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINNT\system32\MSVCRT.DLL
(0000000077d40000 - 0000000077dd0000: C:\WINNT\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINNT\system32\ADVAPI32.DLL
(0000000077e70000 - 0000000077f01000: C:\WINNT\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINNT\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINNT\system32\SHLWAPI.dll
(000000007c800000 - 000000007c8f4000: C:\WINNT\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINNT\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINNT\system32\SHELL32.dll
(000000007d1e0000 - 000000007d492000: C:\WINNT\system32\msi.dll

*----> State Dump for Thread Id 0xf8 <----*

eax=00000000 ebx=00000000 ecx=00000080 edx=34b84e00 esi=34b84df0 edi=00000000
eip=7c918fea esp=0013fe80 ebp=0013fef4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
function: ntdll!RtlpWaitForCriticalSection
7c918fce 57 push edi
7c918fcf 1bc0 sbb eax,eax
7c918fd1 f7d0 not eax
7c918fd3 2540c1977c and eax,0x7c97c140
7c918fd8 8bf8 mov edi,eax
7c918fda 8b4610 mov eax,[esi+0x10]
7c918fdd 3bc3 cmp eax,ebx
7c918fdf 8945fc mov [ebp-0x4],eax
7c918fe2 0f849e000000 je ntdll!RtlpUnWaitCriticalSection+0x2f (7c919086)
7c918fe8 8b06 mov eax,[esi]
FAULT ->7c918fea ff4010 inc dword ptr [eax+0x10] ds:0023:00000010=????????
7c918fed 8b45fc mov eax,[ebp-0x4]
7c918ff0 83e001 and eax,0x1
7c918ff3 8945e8 mov [ebp-0x18],eax
7c918ff6 8b06 mov eax,[esi]
7c918ff8 ff4014 inc dword ptr [eax+0x14]
7c918ffb f605f002fe7f01 test byte ptr [7ffe02f0],0x1
7c919002 0f85e6920200 jne ntdll!RtlInitializeSListHead+0x92de (7c9422ee)
7c919008 395de8 cmp [ebp-0x18],ebx
7c91900b 57 push edi
7c91900c 53 push ebx

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0013fef4 7c90104b 00b84df0 3473092f 34b84df0 ntdll!RtlpWaitForCriticalSection+0x5b
0013ffc0 7c816d4f 00090000 001091e4 7ffdb000 ntdll!RtlEnterCriticalSection+0x46
0013fff0 00000000 3000109c 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000013fe80 f0 4d b8 34 a4 23 15 00 - 00 00 00 00 eb 06 91 7c .M.4.#.........|
000000000013fe90 c9 c3 c2 77 00 00 03 00 - 00 00 00 00 ce c3 c2 77 ...w...........w
000000000013fea0 00 00 09 00 08 00 00 00 - 78 23 15 00 00 00 00 00 ........x#......
000000000013feb0 90 1e 15 00 a0 fe 13 00 - 45 09 91 7c 4e 09 91 7c ........E..|N..|
000000000013fec0 00 00 09 00 00 00 02 00 - 00 00 00 00 ce c3 c2 77 ...............w
000000000013fed0 e7 c3 c2 77 00 b0 fd 7f - 05 10 90 7c c0 fe 13 00 ...w.......|....
000000000013fee0 90 40 03 00 20 ff 13 00 - 18 ee 90 7c 00 00 00 00 .@.. ......|....
000000000013fef0 80 00 00 00 c0 ff 13 00 - 4b 10 90 7c f0 4d b8 00 ........K..|.M..
000000000013ff00 2f 09 73 34 f0 4d b8 34 - 00 00 00 00 a4 23 15 00 /.s4.M.4.....#..
000000000013ff10 b0 99 82 34 ff ff ff ff - dc fb 72 34 00 00 00 00 ...4......r4....
000000000013ff20 8a 10 00 30 00 00 09 00 - bf 11 00 30 00 00 00 30 ...0.......0...0
000000000013ff30 00 00 00 00 a4 23 15 00 - 01 00 00 00 00 00 09 00 .....#..........
000000000013ff40 e4 91 10 00 00 b0 fd 7f - 05 00 00 c0 a4 23 15 00 .............#..
000000000013ff50 90 40 03 00 00 00 00 00 - 08 00 00 00 60 29 03 00 .@..........`)..
000000000013ff60 01 00 00 00 44 00 00 00 - d0 3a 15 00 e0 3a 15 00 ....D....:...:..
000000000013ff70 f8 3a 15 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .:..............
000000000013ff80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013ff90 01 04 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013ffa0 01 00 01 00 00 00 00 00 - 3c ff 13 00 a4 fa 13 00 ........<.......
000000000013ffb0 e0 ff 13 00 a8 12 00 30 - 58 10 00 30 00 00 00 00 .......0X..0....

*----> State Dump for Thread Id 0x104 <----*

eax=001725a0 ebx=00000000 ecx=0016d750 edx=00d5fdc8 esi=00153168 edi=00000100
eip=7c90eb94 esp=00d5fe1c ebp=00d5ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00d5ff80 77e76c22 00d5ffa8 77e76a3b 00153168 ntdll!KiFastSystemCallRet
00d5ff88 77e76a3b 00153168 00000000 00c5e77c RPCRT4!I_RpcBCacheFree+0x5ea
00d5ffa8 77e76c0a 00157620 00d5ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00d5ffb4 7c80b50b 00167968 00000000 00c5e77c RPCRT4!I_RpcBCacheFree+0x5d2
00d5ffec 00000000 77e76bf0 00167968 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d5fe1c 99 e3 90 7c 03 67 e7 77 - 88 01 00 00 70 ff d5 00 ...|.g.w....p...
0000000000d5fe2c 00 00 00 00 38 d3 16 00 - 54 ff d5 00 b0 cc 57 80 ....8...T.....W.
0000000000d5fe3c cb cc 57 80 64 cd da ee - 28 ec c5 00 27 cc 57 80 ..W.d...(...'.W.
0000000000d5fe4c 37 47 56 80 02 cc 26 82 - 00 00 a0 81 80 39 3c 82 7GV...&......9<.
0000000000d5fe5c e0 46 a4 81 c8 46 a4 81 - 48 cd da ee 00 c6 56 80 .F...F..H.....V.
0000000000d5fe6c 16 00 18 00 eb 02 00 00 - ea 02 00 00 01 46 a4 81 .............F..
0000000000d5fe7c 00 00 00 00 90 7b a0 81 - 4e 00 ee 00 00 00 00 00 .....{..N.......
0000000000d5fe8c 05 00 00 00 05 00 00 00 - 90 7b a0 81 03 00 00 00 .........{......
0000000000d5fe9c 00 00 00 00 08 bb 17 e1 - 90 7b a0 81 bc cb da ee .........{......
0000000000d5feac 73 77 56 80 38 ad 0c e1 - 78 01 00 00 98 cc 26 82 swV.8...x.....&.
0000000000d5febc 38 ad 0c e1 00 00 00 00 - 78 01 00 00 00 00 00 00 8.......x.......
0000000000d5fecc 00 30 50 c0 b6 01 00 00 - 46 0a 00 00 90 be 35 82 .0P.....F.....5.
0000000000d5fedc ec cb da ee c1 4f 50 80 - fc cb da ee 04 00 00 00 .....OP.........
0000000000d5feec 00 00 00 00 90 be 35 82 - 54 09 31 82 ff ff ff ff ......5.T.1.....
0000000000d5fefc 46 02 00 00 e0 bd 4d 80 - 24 cc da ee 20 90 a7 81 F.....M.$... ...
0000000000d5ff0c 20 f1 df ff 48 ff d5 00 - 00 d0 fd 7f 70 ff d5 00 ...H.......p...
0000000000d5ff1c 3c 24 80 7c 34 ff d5 00 - 0f 24 80 7c 00 00 00 00 <$.|4....$.|....
0000000000d5ff2c 68 79 16 00 80 ff d5 00 - 99 66 e7 77 4c ff d5 00 hy.......f.wL...
0000000000d5ff3c a9 66 e7 77 ed 10 90 7c - 30 99 16 00 68 79 16 00 .f.w...|0...hy..
0000000000d5ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x100 <----*

eax=774f319a ebx=00007530 ecx=7ffdb000 edx=00000000 esi=00000000 edi=00e5ff50
eip=7c90eb94 esp=00e5ff20 ebp=00e5ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\OLE32.DLL -
ChildEBP RetAddr Args to Child
00e5ff78 7c802451 0000ea60 00000000 00e5ffb4 ntdll!KiFastSystemCallRet
00e5ff88 774f2fcb 0000ea60 0016c0c8 774f314d kernel32!Sleep+0xf
00e5ffb4 7c80b50b 0016c0c8 7c910945 7c91094e OLE32!StringFromGUID2+0x2d1
00e5ffec 00000000 774f319a 0016c0c8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e5ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff e5 00 \..|.#.|....P...
0000000000e5ff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00 P%.|.V`w0u......
0000000000e5ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000e5ff50 00 ba 3c dc ff ff ff ff - 08 4f 4e 77 50 ff e5 00 ..<......ONwP...
0000000000e5ff60 30 ff e5 00 18 4b 15 00 - dc ff e5 00 f3 99 83 7c 0....K.........|
0000000000e5ff70 58 24 80 7c 00 00 00 00 - 88 ff e5 00 51 24 80 7c X$.|........Q$.|
0000000000e5ff80 60 ea 00 00 00 00 00 00 - b4 ff e5 00 cb 2f 4f 77 `............/Ow
0000000000e5ff90 60 ea 00 00 c8 c0 16 00 - 4d 31 4f 77 00 00 00 00 `.......M1Ow....
0000000000e5ffa0 45 09 91 7c c8 c0 16 00 - 00 00 4e 77 b5 31 4f 77 E..|......Nw.1Ow
0000000000e5ffb0 4e 09 91 7c ec ff e5 00 - 0b b5 80 7c c8 c0 16 00 N..|.......|....
0000000000e5ffc0 45 09 91 7c 4e 09 91 7c - c8 c0 16 00 00 c0 fd 7f E..|N..|........
0000000000e5ffd0 00 46 3c 82 c0 ff e5 00 - 90 65 7d ff ff ff ff ff .F<......e}.....
0000000000e5ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000000e5fff0 00 00 00 00 9a 31 4f 77 - c8 c0 16 00 00 00 00 00 .....1Ow........
0000000000e60000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0x150 <----*

eax=0016d764 ebx=00000000 ecx=0016d750 edx=00f5fdc8 esi=00153168 edi=00000100
eip=7c90eb94 esp=00f5fe1c ebp=00f5ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f5ff80 77e76c22 00f5ffa8 77e76a3b 00153168 ntdll!KiFastSystemCallRet
00f5ff88 77e76a3b 00153168 00000000 00470178 RPCRT4!I_RpcBCacheFree+0x5ea
00f5ffa8 77e76c0a 00157620 00f5ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00f5ffb4 7c80b50b 0016ea38 00000000 00470178 RPCRT4!I_RpcBCacheFree+0x5d2
00f5ffec 00000000 77e76bf0 0016ea38 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f5fe1c 99 e3 90 7c 03 67 e7 77 - 88 01 00 00 70 ff f5 00 ...|.g.w....p...
0000000000f5fe2c 00 00 00 00 b0 2a 17 00 - 54 ff f5 00 6b e4 90 7c .....*..T...k..|
0000000000f5fe3c e1 07 81 7c 94 00 00 00 - fd 07 81 7c b8 0b 00 00 ...|.......|....
0000000000f5fe4c f0 26 01 01 02 00 00 00 - 00 00 ef 77 7c fb 66 00 .&.........w|.f.
0000000000f5fe5c 00 00 00 00 a8 36 ef 77 - 00 00 00 00 08 27 01 01 .....6.w.....'..
0000000000f5fe6c 16 00 18 00 00 b0 fd 7f - f0 05 00 00 14 01 00 00 ................
0000000000f5fe7c 01 00 00 00 08 00 00 00 - 00 00 00 00 a8 1d de 77 ...............w
0000000000f5fe8c 78 34 3c 00 01 00 00 00 - 00 00 00 00 00 00 00 00 x4<.............
0000000000f5fe9c 00 00 6b 00 00 f0 6a 00 - 00 00 67 00 00 00 00 00 ..k...j...g.....
0000000000f5feac 5c 21 01 01 f0 05 00 00 - 14 01 00 00 ff ff ff ff \!..............
0000000000f5febc 00 00 00 00 00 00 00 00 - 94 00 00 00 00 00 00 00 ................
0000000000f5fecc 07 00 01 00 00 00 00 00 - 00 00 00 00 00 00 88 6f ...............o
0000000000f5fedc 88 00 00 00 00 00 00 00 - 9d 2b de 77 ce 2b de 77 .........+.w.+.w
0000000000f5feec 2c ff 66 00 e0 fb 66 00 - 7e 13 be 77 e0 88 0a 00 ,.f...f.~..w....
0000000000f5fefc 58 1d de 77 00 00 00 00 - 00 00 00 00 00 00 00 00 X..w............
0000000000f5ff0c 30 00 00 00 02 00 00 00 - 34 97 81 ff 24 7c a2 f0 0.......4...$|..
0000000000f5ff1c 62 c8 4d 80 6a c8 4d 80 - 04 97 81 ff 98 95 81 ff b.M.j.M.........
0000000000f5ff2c cc 95 81 ff 80 ff f5 00 - 99 66 e7 77 4c ff f5 00 .........f.wL...
0000000000f5ff3c a9 66 e7 77 ed 10 90 7c - c8 c3 16 00 38 ea 16 00 .f.w...|....8...
0000000000f5ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0x684 <----*

eax=00157620 ebx=00000000 ecx=774f588c edx=00000000 esi=00153168 edi=00000100
eip=7c90eb94 esp=0105fe1c ebp=0105ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0105ff80 77e76c22 0105ffa8 77e76a3b 00153168 ntdll!KiFastSystemCallRet
0105ff88 77e76a3b 00153168 00172918 00000000 RPCRT4!I_RpcBCacheFree+0x5ea
0105ffa8 77e76c0a 00157620 0105ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0105ffb4 7c80b50b 00173180 00172918 00000000 RPCRT4!I_RpcBCacheFree+0x5d2
0105ffec 00000000 77e76bf0 00173180 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000105fe1c 99 e3 90 7c 03 67 e7 77 - 88 01 00 00 70 ff 05 01 ...|.g.w....p...
000000000105fe2c 00 00 00 00 28 29 17 00 - 54 ff 05 01 9a 09 00 00 ....()..T.......
000000000105fe3c 70 f6 05 81 00 00 00 00 - 9c 36 50 c0 50 f6 7b ff p........6P.P.{.
000000000105fe4c 37 0b 00 00 02 bb 83 f1 - 00 00 4e 80 37 0b 00 00 7.........N.7...
000000000105fe5c 50 f6 7b ff 00 70 fd 7f - fc 07 30 c0 5c ff 1f c0 P.{..p....0.\...
000000000105fe6c 37 0b 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 7...............
000000000105fe7c 00 00 00 00 70 bb 83 f1 - 28 bc 83 f1 0e c1 4e 80 ....p...(.....N.
000000000105fe8c fc 07 30 c0 28 bc 83 f1 - 86 bf 4e 80 00 70 fd 7f ..0.(.....N..p..
000000000105fe9c 00 00 00 00 00 00 00 00 - a8 85 78 ff 58 f4 7b ff ..........x.X.{.
000000000105feac 01 f5 7b ff 00 00 00 00 - 5c ff 1f c0 00 00 00 00 ..{.....\.......
000000000105febc 00 00 00 00 ff ff 71 01 - 00 00 04 00 1f 17 00 00 ......q.........
000000000105fecc 24 f5 7b ff 58 f4 7b ff - 00 00 00 00 00 00 00 00 $.{.X.{.........
000000000105fedc 00 00 72 01 3c bb 83 f1 - 02 00 00 00 ff ff ff ff ..r.<...........
000000000105feec f1 2a 4e 80 00 70 fd 7f - ff ff ff ff 1f 92 56 80 .*N..p........V.
000000000105fefc 6b f0 4d 80 ff ff ff ff - b8 bc 83 f1 bc bc 83 f1 k.M.............
000000000105ff0c 00 80 00 00 14 bd 83 f1 - 34 97 77 ff 24 bc 83 f1 ........4.w.$...
000000000105ff1c 62 c8 4d 80 6a c8 4d 80 - 04 97 77 ff 98 95 77 ff b.M.j.M...w...w.
000000000105ff2c cc 95 77 ff 80 ff 05 01 - 99 66 e7 77 4c ff 05 01 ..w......f.wL...
000000000105ff3c a9 66 e7 77 ed 10 90 7c - 60 35 17 00 80 31 17 00 .f.w...|`5...1..
000000000105ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......



Application exception occurred:
App: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE (pid=3476)
When: 28/09/2004 @ 19:35:41.921
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: MACHINE
User Name: Wei
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization: -
Registered Owner: Bob

*----> Task List <----*
0 System Process
4 System
420 smss.exe
468 csrss.exe
492 winlogon.exe
536 services.exe
548 lsass.exe
692 svchost.exe
776 svchost.exe
816 svchost.exe
860 svchost.exe
952 svchost.exe
1116 Explorer.EXE
1200 spoolsv.exe
1304 avgserv.exe
1316 CTsvcCDA.exe
1664 CTSysVol.exe
1672 CTDVDDet.EXE
1680 CTHELPER.EXE
1704 avgcc32.exe
1752 iTouch.exe
1836 EM_EXEC.EXE
1852 alg.exe
1860 ctfmon.exe
1880 MsnMsgr.Exe
204 iexplore.exe
248 wuauclt.exe
1016 msiexec.exe
3232 MsiExec.exe
3388 MsiExec.exe
3476 OUTLOOK.EXE
3612 drwtsn32.exe

*----> Module List <----*
(0000000010000000 - 0000000010010000: C:\WINNT\system32\ctagent.dll
(0000000020000000 - 00000000202c5000: C:\WINNT\system32\xpsp2res.dll
(0000000030000000 - 000000003000a000: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
(00000000345f0000 - 0000000034bf6000: C:\Program Files\Microsoft Office\Office10\OUTLLIB.DLL
(000000005b0a0000 - 000000005b0a7000: C:\WINNT\system32\umdmxfrm.dll
(000000005cb70000 - 000000005cb96000: C:\WINNT\system32\ShimEng.dll
(000000005cd70000 - 000000005cd77000: C:\WINNT\system32\serwvdrv.dll
(000000005d090000 - 000000005d127000: C:\WINNT\system32\COMCTL32.DLL
(00000000714e0000 - 0000000071521000: C:\WINNT\AppPatch\AcSpecfc.DLL
(0000000071aa0000 - 0000000071aa8000: C:\WINNT\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINNT\system32\WS2_32.dll
(0000000071b20000 - 0000000071b32000: C:\WINNT\system32\MPR.dll
(0000000073760000 - 00000000737a9000: C:\WINNT\system32\DDRAW.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINNT\system32\DCIMAN32.dll
(0000000074720000 - 000000007476b000: C:\WINNT\system32\MSCTF.dll
(0000000076390000 - 00000000763ad000: C:\WINNT\system32\IMM32.dll
(00000000763b0000 - 00000000763f9000: C:\WINNT\system32\comdlg32.dll
(00000000769c0000 - 0000000076a73000: C:\WINNT\system32\USERENV.dll
(0000000076b40000 - 0000000076b6d000: C:\WINNT\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINNT\system32\PSAPI.DLL
(0000000076fd0000 - 000000007704f000: C:\WINNT\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINNT\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINNT\system32\OLEAUT32.DLL
(00000000773d0000 - 00000000774d2000: C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(00000000774e0000 - 000000007761c000: C:\WINNT\system32\OLE32.DLL
(0000000077b40000 - 0000000077b62000: C:\WINNT\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINNT\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINNT\system32\MSVCRT.DLL
(0000000077d40000 - 0000000077dd0000: C:\WINNT\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINNT\system32\ADVAPI32.DLL
(0000000077e70000 - 0000000077f01000: C:\WINNT\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINNT\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINNT\system32\SHLWAPI.dll
(000000007c800000 - 000000007c8f4000: C:\WINNT\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINNT\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d4000: C:\WINNT\system32\SHELL32.dll
(000000007d1e0000 - 000000007d492000: C:\WINNT\system32\msi.dll

*----> State Dump for Thread Id 0xd98 <----*

eax=00000000 ebx=00000000 ecx=00000080 edx=34b84e00 esi=34b84df0 edi=00000000
eip=7c918fea esp=0013fe80 ebp=0013fef4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
function: ntdll!RtlpWaitForCriticalSection
7c918fce 57 push edi
7c918fcf 1bc0 sbb eax,eax
7c918fd1 f7d0 not eax
7c918fd3 2540c1977c and eax,0x7c97c140
7c918fd8 8bf8 mov edi,eax
7c918fda 8b4610 mov eax,[esi+0x10]
7c918fdd 3bc3 cmp eax,ebx
7c918fdf 8945fc mov [ebp-0x4],eax
7c918fe2 0f849e000000 je ntdll!RtlpUnWaitCriticalSection+0x2f (7c919086)
7c918fe8 8b06 mov eax,[esi]
FAULT ->7c918fea ff4010 inc dword ptr [eax+0x10] ds:0023:00000010=????????
7c918fed 8b45fc mov eax,[ebp-0x4]
7c918ff0 83e001 and eax,0x1
7c918ff3 8945e8 mov [ebp-0x18],eax
7c918ff6 8b06 mov eax,[esi]
7c918ff8 ff4014 inc dword ptr [eax+0x14]
7c918ffb f605f002fe7f01 test byte ptr [7ffe02f0],0x1
7c919002 0f85e6920200 jne ntdll!RtlInitializeSListHead+0x92de (7c9422ee)
7c919008 395de8 cmp [ebp-0x18],ebx
7c91900b 57 push edi
7c91900c 53 push ebx

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0013fef4 7c90104b 00b84df0 3473092f 34b84df0 ntdll!RtlpWaitForCriticalSection+0x5b
0013ffc0 7c816d4f 0117cecc 7c90e1fe 7ffd7000 ntdll!RtlEnterCriticalSection+0x46
0013fff0 00000000 3000109c 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000013fe80 f0 4d b8 34 d2 23 15 00 - 00 00 00 00 eb 06 91 7c .M.4.#.........|
000000000013fe90 c9 c3 c2 77 00 00 03 00 - 00 00 00 00 ce c3 c2 77 ...w...........w
000000000013fea0 cc ce 17 01 0c 00 00 00 - 98 23 15 00 00 00 00 00 .........#......
000000000013feb0 90 1e 15 00 a0 fe 13 00 - 45 09 91 7c 4e 09 91 7c ........E..|N..|
000000000013fec0 cc ce 17 01 00 00 02 00 - 00 00 00 00 ce c3 c2 77 ...............w
000000000013fed0 e7 c3 c2 77 00 70 fd 7f - 05 10 90 7c c0 fe 13 00 ...w.p.....|....
000000000013fee0 a0 3d 03 00 20 ff 13 00 - 18 ee 90 7c 00 00 00 00 .=.. ......|....
000000000013fef0 80 00 00 00 c0 ff 13 00 - 4b 10 90 7c f0 4d b8 00 ........K..|.M..
000000000013ff00 2f 09 73 34 f0 4d b8 34 - 00 00 00 00 d2 23 15 00 /.s4.M.4.....#..
000000000013ff10 b0 99 82 34 ff ff ff ff - dc fb 72 34 00 00 00 00 ...4......r4....
000000000013ff20 8a 10 00 30 cc ce 17 01 - bf 11 00 30 00 00 00 30 ...0.......0...0
000000000013ff30 00 00 00 00 d2 23 15 00 - 01 00 00 00 cc ce 17 01 .....#..........
000000000013ff40 fe e1 90 7c 00 70 fd 7f - 05 00 00 c0 d2 23 15 00 ...|.p.......#..
000000000013ff50 a0 3d 03 00 00 00 00 00 - 08 00 00 00 60 29 03 00 .=..........`)..
000000000013ff60 02 00 00 00 44 00 00 00 - b0 39 15 00 c0 39 15 00 ....D....9...9..
000000000013ff70 d8 39 15 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .9..............
000000000013ff80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013ff90 01 0c 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000013ffa0 01 00 01 00 00 00 00 00 - 3c ff 13 00 a4 fa 13 00 ........<.......
000000000013ffb0 e0 ff 13 00 a8 12 00 30 - 58 10 00 30 00 00 00 00 .......0X..0....

*----> State Dump for Thread Id 0xda4 <----*

eax=77e76bf0 ebx=00000000 ecx=00000009 edx=7c910732 esi=001531b8 edi=00000100
eip=7c90eb94 esp=00d5fe1c ebp=00d5ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00d5ff80 77e76c22 00d5ffa8 77e76a3b 001531b8 ntdll!KiFastSystemCallRet
00d5ff88 77e76a3b 001531b8 00000000 00c5e77c RPCRT4!I_RpcBCacheFree+0x5ea
00d5ffa8 77e76c0a 00157750 00d5ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00d5ffb4 7c80b50b 001679e8 00000000 00c5e77c RPCRT4!I_RpcBCacheFree+0x5d2
00d5ffec 00000000 77e76bf0 001679e8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000d5fe1c 99 e3 90 7c 03 67 e7 77 - 84 01 00 00 70 ff d5 00 ...|.g.w....p...
0000000000d5fe2c 00 00 00 00 b8 87 15 00 - 54 ff d5 00 01 44 01 00 ........T....D..
0000000000d5fe3c 18 70 23 81 00 00 00 00 - 9c 36 50 c0 80 6d b2 81 .p#......6P..m..
0000000000d5fe4c 56 05 00 00 02 3b c9 ee - 00 00 4e 80 56 05 00 00 V....;....N.V...
0000000000d5fe5c 80 6d b2 81 00 90 fa 7f - fc 07 30 c0 a4 fe 1f c0 .m........0.....
0000000000d5fe6c 56 05 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 V...............
0000000000d5fe7c 00 00 00 00 19 04 00 00 - 28 3c c9 ee 0e c1 4e 80 ........(<....N.
0000000000d5fe8c fc 07 30 c0 28 3c c9 ee - 86 bf 4e 80 00 90 fa 7f ..0.(<....N.....
0000000000d5fe9c 00 00 00 00 00 00 00 00 - 88 ac 24 82 88 6b b2 81 ..........$..k..
0000000000d5feac 01 6c b2 81 00 00 00 00 - a4 fe 1f c0 00 00 00 00 .l..............
0000000000d5febc a0 9d 1f 82 ff ff 04 01 - 00 00 04 00 4f 10 00 00 ............O...
0000000000d5fecc 54 6c b2 81 88 6b b2 81 - ff ff eb 00 00 00 00 00 Tl...k..........
0000000000d5fedc 00 00 05 01 3c 3b c9 ee - a0 9d 1f 82 ff ff ff ff ....<;..........
0000000000d5feec f1 2a 4e 80 00 90 fa 7f - ff ff ff ff 1f 92 56 80 .*N...........V.
0000000000d5fefc 6b f0 4d 80 ff ff ff ff - b8 3c c9 ee bc 3c c9 ee k.M......<...<..
0000000000d5ff0c 00 80 00 00 14 3d c9 ee - 34 b7 67 ff 24 3c c9 ee .....=..4.g.$<..
0000000000d5ff1c 62 c8 4d 80 6a c8 4d 80 - 04 b7 67 ff 98 b5 67 ff b.M.j.M...g...g.
0000000000d5ff2c cc b5 67 ff 80 ff d5 00 - 99 66 e7 77 4c ff d5 00 ..g......f.wL...
0000000000d5ff3c a9 66 e7 77 ed 10 90 7c - 30 9b 16 00 e8 79 16 00 .f.w...|0....y..
0000000000d5ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xda8 <----*

eax=774f319a ebx=00007530 ecx=7ffd7000 edx=00000000 esi=00000000 edi=00e5ff50
eip=7c90eb94 esp=00e5ff20 ebp=00e5ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\OLE32.DLL -
ChildEBP RetAddr Args to Child
00e5ff78 7c802451 0000ea60 00000000 00e5ffb4 ntdll!KiFastSystemCallRet
00e5ff88 774f2fcb 0000ea60 0016c420 774f314d kernel32!Sleep+0xf
00e5ffb4 7c80b50b 0016c420 7c910945 7c91094e OLE32!StringFromGUID2+0x2d1
00e5ffec 00000000 774f319a 0016c420 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000e5ff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff e5 00 \..|.#.|....P...
0000000000e5ff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00 P%.|.V`w0u......
0000000000e5ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000e5ff50 00 ba 3c dc ff ff ff ff - 08 4f 4e 77 50 ff e5 00 ..<......ONwP...
0000000000e5ff60 30 ff e5 00 f0 67 15 00 - dc ff e5 00 f3 99 83 7c 0....g.........|
0000000000e5ff70 58 24 80 7c 00 00 00 00 - 88 ff e5 00 51 24 80 7c X$.|........Q$.|
0000000000e5ff80 60 ea 00 00 00 00 00 00 - b4 ff e5 00 cb 2f 4f 77 `............/Ow
0000000000e5ff90 60 ea 00 00 20 c4 16 00 - 4d 31 4f 77 00 00 00 00 `... ...M1Ow....
0000000000e5ffa0 45 09 91 7c 20 c4 16 00 - 00 00 4e 77 b5 31 4f 77 E..| .....Nw.1Ow
0000000000e5ffb0 4e 09 91 7c ec ff e5 00 - 0b b5 80 7c 20 c4 16 00 N..|.......| ...
0000000000e5ffc0 45 09 91 7c 4e 09 91 7c - 20 c4 16 00 00 c0 fd 7f E..|N..| .......
0000000000e5ffd0 00 46 3c 82 c0 ff e5 00 - a8 f9 a0 81 ff ff ff ff .F<.............
0000000000e5ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00 ...|...|........
0000000000e5fff0 00 00 00 00 9a 31 4f 77 - 20 c4 16 00 00 00 00 00 .....1Ow .......
0000000000e60000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e60050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> State Dump for Thread Id 0xdac <----*

eax=77e76bf0 ebx=00000000 ecx=00000008 edx=00473828 esi=001531b8 edi=00000100
eip=7c90eb94 esp=00f5fe1c ebp=00f5ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f5ff80 77e76c22 00f5ffa8 77e76a3b 001531b8 ntdll!KiFastSystemCallRet
00f5ff88 77e76a3b 001531b8 00000000 00470178 RPCRT4!I_RpcBCacheFree+0x5ea
00f5ffa8 77e76c0a 00157750 00f5ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
00f5ffb4 7c80b50b 0016d468 00000000 00470178 RPCRT4!I_RpcBCacheFree+0x5d2
00f5ffec 00000000 77e76bf0 0016d468 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000f5fe1c 99 e3 90 7c 03 67 e7 77 - 84 01 00 00 70 ff f5 00 ...|.g.w....p...
0000000000f5fe2c 00 00 00 00 58 2a 17 00 - 54 ff f5 00 77 3d 01 00 ....X*..T...w=..
0000000000f5fe3c 28 d3 22 81 00 00 00 00 - 9c 36 50 c0 98 9f 1f 82 (."......6P.....
0000000000f5fe4c 89 02 00 00 02 0b 09 ef - 00 00 4e 80 89 02 00 00 ..........N.....
0000000000f5fe5c 98 9f 1f 82 00 80 fd 7f - fc 07 30 c0 60 ff 1f c0 ..........0.`...
0000000000f5fe6c 16 00 18 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f5fe7c 00 00 00 00 dc b7 7d ff - 28 0c 09 ef 0e c1 4e 80 ......}.(.....N.
0000000000f5fe8c fc 07 30 c0 28 0c 09 ef - 86 bf 4e 80 00 80 fd 7f ..0.(.....N.....
0000000000f5fe9c 00 00 00 00 00 00 00 00 - a8 e0 ae 81 a0 9d 1f 82 ................
0000000000f5feac 01 9e 1f 82 00 00 00 00 - 60 ff 1f c0 00 00 00 00 ........`.......
0000000000f5febc 00 00 00 00 ff ff 9d 00 - 00 00 04 00 df 09 00 00 ................
0000000000f5fecc 6c 9e 1f 82 a0 9d 1f 82 - 00 00 00 00 00 00 00 00 l...............
0000000000f5fedc 00 00 9e 00 3c 0b 09 ef - 00 00 00 00 ff ff ff ff ....<...........
0000000000f5feec f1 2a 4e 80 00 80 fd 7f - ff ff ff ff 1f 92 56 80 .*N...........V.
0000000000f5fefc 6b f0 4d 80 ff ff ff ff - b8 0c 09 ef bc 0c 09 ef k.M.............
0000000000f5ff0c 00 80 00 00 14 0d 09 ef - 34 e7 75 ff 24 0c 09 ef ........4.u.$...
0000000000f5ff1c 62 c8 4d 80 6a c8 4d 80 - 04 e7 75 ff 98 e5 75 ff b.M.j.M...u...u.
0000000000f5ff2c cc e5 75 ff 80 ff f5 00 - 99 66 e7 77 4c ff f5 00 ..u......f.wL...
0000000000f5ff3c a9 66 e7 77 ed 10 90 7c - 70 c6 16 00 68 d4 16 00 .f.w...|p...h...
0000000000f5ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> State Dump for Thread Id 0xdb8 <----*

eax=77e76bf0 ebx=00000000 ecx=00000038 edx=00000000 esi=001531b8 edi=00000100
eip=7c90eb94 esp=0105fe1c ebp=0105ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0105ff80 77e76c22 0105ffa8 77e76a3b 001531b8 ntdll!KiFastSystemCallRet
0105ff88 77e76a3b 001531b8 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5ea
0105ffa8 77e76c0a 00157750 0105ffec 7c80b50b RPCRT4!I_RpcBCacheFree+0x403
0105ffb4 7c80b50b 00158720 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x5d2
0105ffec 00000000 77e76bf0 00158720 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000105fe1c 99 e3 90 7c 03 67 e7 77 - 84 01 00 00 70 ff 05 01 ...|.g.w....p...
000000000105fe2c 00 00 00 00 70 4d 17 00 - 54 ff 05 01 c8 6b bc e2 ....pM..T....k..
000000000105fe3c c4 9b 9c f8 b0 6b bc e2 - b4 6b bc e2 80 39 3c 82 .....k...k...9<.
000000000105fe4c 37 47 56 80 a8 85 77 ff - 40 00 00 00 80 39 3c 82 7GV...w.@....9<.
000000000105fe5c 90 f5 6a ff 78 f5 6a ff - 48 9d 9c f8 00 c6 56 80 ..j.x.j.H.....V.
000000000105fe6c 64 9d 9c f8 14 04 00 00 - 13 04 00 00 01 f5 6a ff d.............j.
000000000105fe7c 00 00 00 00 98 25 68 ff - 4e 00 ee 00 00 00 00 00 .....%h.N.......
000000000105fe8c 05 00 00 00 05 00 00 00 - 98 25 68 ff 03 00 00 00 .........%h.....
000000000105fe9c 00 00 00 00 b0 6b bc e2 - 98 25 68 ff bc 9b 9c f8 .....k...%h.....
000000000105feac 73 77 56 80 98 4e 9b e1 - 74 01 00 00 a8 85 77 ff swV..N..t.....w.
000000000105febc 98 4e 9b e1 19 00 02 00 - 74 01 00 00 00 00 00 00 .N......t.......
000000000105fecc a8 4e 9b e1 e8 e2 aa e1 - b1 6b bc e2 d8 9b 9c f8 .N.......k......
000000000105fedc 9a 78 56 80 98 4e 9b e1 - e8 e2 aa e1 a8 85 77 ff .xV..N........w.
000000000105feec 00 00 00 00 19 00 02 00 - 74 01 00 00 2c 9c 9c f8 ........t...,...
000000000105fefc 38 48 56 80 98 4e 9b e1 - 00 00 00 00 b0 6b bc e2 8HV..N.......k..
000000000105ff0c 4c 86 77 ff a8 85 77 ff - 6c aa 26 82 24 9c 9c f8 L.w...w.l.&.$...
000000000105ff1c 62 c8 4d 80 6a c8 4d 80 - 3c aa 26 82 d0 a8 26 82 b.M.j.M.<.&...&.
000000000105ff2c 04 a9 26 82 80 ff 05 01 - 99 66 e7 77 4c ff 05 01 ..&......f.wL...
000000000105ff3c a9 66 e7 77 ed 10 90 7c - 80 d3 15 00 20 87 15 00 .f.w...|.... ...
000000000105ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

I'm not sure Im reading the right log...is it located in this folder?:

I think you have the right document:

http://support.microsoft.com/kb/246084

Dr. Watson starts automatically and, if configured appropriately, creates User.dmp and DrWtsn32.log files. These files are located in the %SystemRoot% folder. The DrWtsn32.log file is appended each time a program error occurs; the User.dmp file is overwritten.
....
1. Open the DrWtsn32.log file in Notepad.exe.

Unfortunately, it is a very complex log beyond my current analytical expertise:
http://articles.techrepublic.com.com...1-5155880.html


I may have some additional suggestions for you to try, however.


Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.