Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\ Save\Save.exe Exit Explorer, and reboot as normal afterwards.
If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot
Post back a fresh HijackThis log and we will take another look.
Steve
Message Edited by zbestwun2001 on 10-17-2005 11:32 AM
Well I did it all as instructed, and here is the new log file. I tried to open an mp3 file just to test it, and I still got the Dr.Watson problem.
-thanks
Logfile of HijackThis v1.99.1
Scan saved at 1:05:05 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Since you are now talking about MP3 I suspect your mediafour software is at fault. Appears it has something to do with music and iPods so I would suspect it. There is also a bug that replaces the Windows Media Player. I need to know what program is associated with the mp3 extension. Right click on Start and select Explore then Tools, Folder Options, File Types, then find MP3 and see what it says is being used to open them. If MediaFour's or QuickTime's program then change it back to Windows Media Player. If Windows Media Player, Uninstall it and reinstall.
I have had other problems too, for example ABC (another bit torrent) crashes, and then the whole computer restarts whenever I try to run it. This is all new. Is there any way I can just get rid of this Dr.Watson thing?
Sorry it took me a few days to post this. Here is a part of the log. It's really long, and I can't post the whole thing. Maybe I can attach it if you need the rest of it. Let me know. Thank you
Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> Stack Back Trace ----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\System32\dwwin.exe
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0012fdc8 77d43a09 77d443b5 0012ff44 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0012fdf0 30007759 0012ff44 00000000 00000000 USER32+0x3a09
0012ff64 30007377 30000000 00000000 00000000 dwwin+0x7759
0012ffc0 77e8141a 0012b69c 00130628 7ffdf000 dwwin+0x7377
0012fff0 00000000 30007321 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44
eax=00000001 ebx=3002b0ac ecx=77e9b4d9 edx=0000000d esi=00000104 edi=3002b700
eip=77f767cd esp=009ee6f0 ebp=009ee718 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
function: ntdll!DbgBreakPoint
ntdll!NtWaitForKeyedEvent:
77f767b1 b81a010000 mov eax,0x11a
77f767b6 ba0003fe7f mov edx,0x7ffe0300
77f767bb ffd2 call edx
77f767bd c21000 ret 0x10
ntdll!ZwQueryPortInformationProcess:
77f767c0 b81b010000 mov eax,0x11b
77f767c5 ba0003fe7f mov edx,0x7ffe0300
77f767ca ffd2 call edx
77f767cc c3 ret
FAULT ->ntdll!DbgBreakPoint:
77f767cd cc int 3
77f767ce c3 ret
ntdll!DbgUserBreakPoint:
77f767cf cc int 3
77f767d0 c3 ret
77f767d1 8b442404 mov eax,[esp+0x4]
77f767d5 cc int 3
77f767d6 c20400 ret 0x4
ntdll!NtCurrentTeb:
77f767d9 64a118000000 mov eax,fs:[00000018]
77f767df c3 ret
*----> Stack Back Trace ----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
009ee718 3001c2b9 000007a0 009ee86c 0014b930 ntdll!DbgBreakPoint
009ee74c 3001cce8 000007a0 009ee86c 0014bd80 dwwin+0x1c2b9
009ee814 3001efc7 000007a0 009ee86c 0014bd80 dwwin+0x1cce8
009ee82c 3001f5bb 000007a0 00000021 009ee86c dwwin+0x1efc7
009ee904 3000d17b 000001f8 000002b4 000007a0 dwwin+0x1f5bb
009eed98 300061d5 00860024 009effa8 5ad7381c dwwin+0xd17b
009effb4 77e7d28e 00060222 5ad7381c 5ad9d2ec dwwin+0x61d5
009effec 00000000 300060cb 00060222 00000000 kernel32!RegisterWaitForInputIdle+0x43
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> Stack Back Trace ----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\System32\dwwin.exe
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0012fdc8 77d43a09 77d443b5 0012ff44 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0012fdf0 30007759 0012ff44 00000000 00000000 USER32+0x3a09
0012ff64 30007377 30000000 00000000 00000000 dwwin+0x7759
0012ffc0 77e8141a 0012b6b0 00130628 7ffdf000 dwwin+0x7377
0012fff0 00000000 30007321 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 17th, 2005 17:00
The following items are malware and must be fixed
O4 - HKLM\..\Run: "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k
Click on Fix Checked when finished and exit HijackThis.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\ Save\Save.exe
Exit Explorer, and reboot as normal afterwards.
If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot
Post back a fresh HijackThis log and we will take another look.
Steve
Message Edited by zbestwun2001 on 10-17-2005 11:32 AM
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 17th, 2005 19:00
Steve
spiff31
12 Posts
0
October 17th, 2005 19:00
-thanks
Logfile of HijackThis v1.99.1
Scan saved at 1:05:05 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101600420744
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 18th, 2005 02:00
Steve
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 18th, 2005 02:00
I need that exact error message.
Steve
spiff31
12 Posts
0
October 18th, 2005 19:00
Here is the error report for Dr. Watson.
C:\DOCUME~1\Spike\LOCALS~1\Temp\WERc840.dir00\drwtsn32.exe.mdmp
C:\DOCUME~1\Spike\LOCALS~1\Temp\WERc840.dir00\appcompat.txt
I have had other problems too, for example ABC (another bit torrent) crashes, and then the whole computer restarts whenever I try to run it. This is all new. Is there any way I can just get rid of this Dr.Watson thing?
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 18th, 2005 20:00
1. select " Action | Delete on reboot".
2. copy/paste the following file name(s), one at a time, in the " Paste Path of File to Delete" field:
C:\DOCUME~1\Spike\LOCALS~1\Temp\WERc840.dir00\drwtsn32.exe.mdmp
C:\DOCUME~1\Spike\LOCALS~1\Temp\WERc840.dir00\appcompat.txt
3. click " Kill File".
4. when prompted to " Reboot Now" select " No".
After the last file is deleted when prompted to " Reboot Now" select " Yes".
System will reboot and see if that helps?
Steve
Message Edited by zbestwun2001 on 10-18-2005 02:23 PM
spiff31
12 Posts
0
October 19th, 2005 04:00
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 19th, 2005 13:00
spiff31
12 Posts
0
October 21st, 2005 12:00
Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.
Application exception occurred:
App: C:\WINDOWS\System32\dwwin.exe (pid=548)
When: 12/5/2004 @ 12:39:41.015
Exception number: 80000003 (hardcoded breakpoint)
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> Task List ----*
0 System Process
4 System
608 smss.exe
832 csrss.exe
860 winlogon.exe
904 services.exe
916 lsass.exe
1084 Ati2evxx.exe
1116 svchost.exe
1140 svchost.exe
1272 svchost.exe
1296 svchost.exe
1548 spoolsv.exe
1704 alg.exe
1736 AvidSDMService.exe
1828 svchost.exe
752 Ati2evxx.exe
820 Explorer.EXE
1412 qttask.exe
1444 MACVNTFY.EXE
1496 CTHELPER.EXE
964 Ad-Watch.exe
1860 wlancfg4.EXE
1164 Platinum.exe
700 wuauclt.exe
548 dwwin.exe
1200 drwtsn32.exe
*----> Module List ----*
(0000000030000000 - 0000000030033000: C:\WINDOWS\System32\dwwin.exe
(000000004f510000 - 000000004fd21000: C:\WINDOWS\system32\SHELL32.DLL
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\uxtheme.dll
(0000000063000000 - 0000000063096000: C:\WINDOWS\system32\WININET.DLL
(0000000070a70000 - 0000000070ad9000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
(0000000074e30000 - 0000000074e9a000: C:\WINDOWS\System32\riched20.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\Apphelp.dll
(00000000762a0000 - 00000000762b0000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 000000007634b000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\imm32.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\System32\PSAPI.DLL
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.DLL
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\system32\OLE32.DLL
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\COMCTL32.DLL
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.DLL
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\MSVCRT.DLL
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.DLL
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007f000000 - 000000007f041000: C:\WINDOWS\system32\GDI32.dll
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 21st, 2005 23:00
This log is not complete but it is the right log.
Repost a complete log in this thread
Steve
spiff31
12 Posts
0
October 22nd, 2005 16:00
zbestwun2001
3 Apprentice
•
8.8K Posts
0
October 22nd, 2005 17:00
Take as many boxes as you need this is your thread
steve
spiff31
12 Posts
0
October 24th, 2005 17:00
eip=7ffe0304 esp=01ccfcdc ebp=01ccfd34 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
function:
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd
*----> Stack Back Trace ----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
01ccfcd8 77f75ab4 77e7a2cd 00000000 01ccfd00 *SharedUserSystemCall+0xc (FPO: [0,0,0])
01ccfd34 77e61bf5 00000064 00000000 0040864b ntdll!ZwDelayExecution+0xc
01ccff98 004859ed 01489c08 0000026a fffff29b kernel32!Sleep+0xb
01ccff94 01ccff94 004859ed 01489c08 0000026a DivX Player+0x859ed
*----> Raw Stack Dump ----*
0000000001ccfcdc b4 5a f7 77 cd a2 e7 77 - 00 00 00 00 00 fd cc 01 .Z.w...w........
0000000001ccfcec 04 00 00 00 90 5e 54 01 - 58 45 6f 00 00 00 00 00 .....^T.XEo.....
0000000001ccfcfc 00 fd cc 01 c0 bd f0 ff - ff ff ff ff 14 00 00 00 ................
0000000001ccfd0c 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000001ccfd1c ec fc cc 01 12 c4 40 00 - 8c ff cc 01 e5 b2 e9 77 ......@........w
0000000001ccfd2c 28 3a e8 77 00 00 00 00 - 98 ff cc 01 f5 1b e6 77 (:.w...........w
0000000001ccfd3c 64 00 00 00 00 00 00 00 - 4b 86 40 00 64 00 00 00 d.......K.@.d...
0000000001ccfd4c 24 29 47 00 64 00 00 00 - 0b ea 43 01 30 64 54 01 $)G.d.....C.0dT.
0000000001ccfd5c 0a 00 00 00 78 19 6f 00 - 00 1b 00 00 51 29 0b 01 ....x.o.....Q)..
0000000001ccfd6c 12 00 00 00 1f 00 00 00 - 00 6a 4f 80 00 00 00 00 .........jO.....
0000000001ccfd7c 00 00 00 00 00 00 00 00 - f0 1a 6f 00 77 7b 51 80 ..........o.w{Q.
0000000001ccfd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 77 73 00 c0 ............ws..
0000000001ccfd9c 01 ea 43 01 10 00 00 00 - 1f 00 00 00 77 81 51 80 ..C.........w.Q.
0000000001ccfdac 00 00 00 00 00 00 00 00 - 00 00 00 00 77 ff cc 01 ............w...
0000000001ccfdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 77 00 00 00 ............w...
0000000001ccfdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 ff f2 ff ff ................
0000000001ccfddc 19 7a 66 01 04 00 00 00 - 1f 00 00 00 ff d2 e7 77 .zf............w
0000000001ccfdec 91 cd 18 01 0c 00 00 00 - 1f 00 00 00 00 00 00 00 ................
0000000001ccfdfc 00 00 00 00 00 00 00 00 - f0 1a 6f 00 00 03 1f 00 ..........o.....
0000000001ccfe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 99 9f e1 ................
Application exception occurred:
App: C:\WINDOWS\System32\dwwin.exe (pid=1792)
When: 12/14/2004 @ 23:17:17.125
Exception number: 80000003 (hardcoded breakpoint)
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> Task List ----*
0 System Process
4 System
660 smss.exe
884 csrss.exe
908 winlogon.exe
952 services.exe
964 lsass.exe
1124 Ati2evxx.exe
1152 svchost.exe
1180 svchost.exe
1312 svchost.exe
1336 svchost.exe
1584 spoolsv.exe
1804 alg.exe
1920 AvidSDMService.exe
228 svchost.exe
268 ULCDRSvr.exe
1260 Ati2evxx.exe
1384 Explorer.EXE
1832 qttask.exe
1780 MACVNTFY.EXE
2020 CTHELPER.EXE
2044 Ad-Watch.exe
1496 wuauclt.exe
692 Platinum.exe
1792 dwwin.exe
764 drwtsn32.exe
*----> Module List ----*
(0000000030000000 - 0000000030033000: C:\WINDOWS\System32\dwwin.exe
(000000004f510000 - 000000004fd21000: C:\WINDOWS\system32\SHELL32.DLL
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\uxtheme.dll
(0000000063000000 - 0000000063096000: C:\WINDOWS\system32\WININET.DLL
(0000000070a70000 - 0000000070ad9000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
(0000000074e30000 - 0000000074e9a000: C:\WINDOWS\System32\riched20.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\Apphelp.dll
(00000000762a0000 - 00000000762b0000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 000000007634b000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\imm32.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\System32\PSAPI.DLL
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.DLL
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\system32\OLE32.DLL
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\COMCTL32.DLL
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.DLL
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\MSVCRT.DLL
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.DLL
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007f000000 - 000000007f041000: C:\WINDOWS\system32\GDI32.dll
*----> State Dump for Thread Id 0x1dc ----*
eax=0012fd80 ebx=00000001 ecx=0012fd6c edx=00000000 esi=0012ff44 edi=0012ff44
eip=7ffe0304 esp=0012fdcc ebp=0012fdf0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
function:
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd
*----> Stack Back Trace ----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\System32\dwwin.exe
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0012fdc8 77d43a09 77d443b5 0012ff44 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0012fdf0 30007759 0012ff44 00000000 00000000 USER32+0x3a09
0012ff64 30007377 30000000 00000000 00000000 dwwin+0x7759
0012ffc0 77e8141a 0012b69c 00130628 7ffdf000 dwwin+0x7377
0012fff0 00000000 30007321 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44
*----> Raw Stack Dump ----*
000000000012fdcc 09 3a d4 77 b5 43 d4 77 - 44 ff 12 00 00 00 00 00 .:.w.C.wD.......
000000000012fddc 00 00 00 00 00 00 00 00 - 01 00 00 00 44 ff 12 00 ............D...
000000000012fdec 00 00 00 00 64 ff 12 00 - 59 77 00 30 44 ff 12 00 ....d...Yw.0D...
000000000012fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 9c b6 12 00 ................
000000000012fe0c 28 06 13 00 00 f0 fd 7f - 4f 66 66 69 63 65 57 61 (.......OfficeWa
000000000012fe1c 74 73 6f 6e 00 00 00 00 - 90 16 f5 77 78 bd 14 00 tson.......wx...
000000000012fe2c 4e 16 f5 77 c8 08 14 00 - 6a 16 f5 77 28 ff 12 00 N..w....j..w(...
000000000012fe3c 02 00 00 00 d4 07 00 00 - 01 00 00 00 00 00 00 00 ................
000000000012fe4c b1 69 4f 80 01 00 00 00 - 78 bd 14 00 01 00 00 00 .iO.....x.......
000000000012fe5c 09 00 00 00 94 8b cd ee - d4 69 4f 80 01 00 00 00 .........iO.....
000000000012fe6c 78 bd 14 00 34 00 00 c0 - 28 ff 12 00 6b 11 f5 77 x...4...(...k..w
000000000012fe7c 9a 11 f5 77 9f 11 f5 77 - 34 00 00 c0 28 ff 12 00 ...w...w4...(...
000000000012fe8c 6b 11 f5 77 84 fe 12 00 - 00 00 00 00 f0 fe 12 00 k..w............
000000000012fe9c 05 90 f7 77 a8 d5 f6 77 - ff ff ff ff 9f 11 f5 77 ...w...w.......w
000000000012feac fe 18 dd 77 3b 19 dd 77 - 3a b2 00 30 01 00 00 00 ...w;..w:..0....
000000000012febc 00 01 01 00 1c 00 1e 00 - b8 fd 12 00 0e 00 80 00 ................
000000000012fecc f4 fe 12 00 74 ff 12 00 - 79 a9 00 30 e0 fe 12 00 ....t...y..0....
000000000012fedc 01 00 00 00 94 00 00 00 - 05 00 00 00 01 00 00 00 ................
000000000012feec 28 0a 00 00 02 00 00 00 - 53 65 72 76 69 63 65 20 (.......Service
000000000012fefc 50 61 63 6b 20 31 00 00 - 00 00 00 00 00 00 00 00 Pack 1..........
*----> State Dump for Thread Id 0x150 ----*
eax=00000001 ebx=3002b0ac ecx=77e9b4d9 edx=0000000d esi=00000104 edi=3002b700
eip=77f767cd esp=009ee6f0 ebp=009ee718 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
function: ntdll!DbgBreakPoint
ntdll!NtWaitForKeyedEvent:
77f767b1 b81a010000 mov eax,0x11a
77f767b6 ba0003fe7f mov edx,0x7ffe0300
77f767bb ffd2 call edx
77f767bd c21000 ret 0x10
ntdll!ZwQueryPortInformationProcess:
77f767c0 b81b010000 mov eax,0x11b
77f767c5 ba0003fe7f mov edx,0x7ffe0300
77f767ca ffd2 call edx
77f767cc c3 ret
FAULT ->ntdll!DbgBreakPoint:
77f767cd cc int 3
77f767ce c3 ret
ntdll!DbgUserBreakPoint:
77f767cf cc int 3
77f767d0 c3 ret
77f767d1 8b442404 mov eax,[esp+0x4]
77f767d5 cc int 3
77f767d6 c20400 ret 0x4
ntdll!NtCurrentTeb:
77f767d9 64a118000000 mov eax,fs:[00000018]
77f767df c3 ret
*----> Stack Back Trace ----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
009ee718 3001c2b9 000007a0 009ee86c 0014b930 ntdll!DbgBreakPoint
009ee74c 3001cce8 000007a0 009ee86c 0014bd80 dwwin+0x1c2b9
009ee814 3001efc7 000007a0 009ee86c 0014bd80 dwwin+0x1cce8
009ee82c 3001f5bb 000007a0 00000021 009ee86c dwwin+0x1efc7
009ee904 3000d17b 000001f8 000002b4 000007a0 dwwin+0x1f5bb
009eed98 300061d5 00860024 009effa8 5ad7381c dwwin+0xd17b
009effb4 77e7d28e 00060222 5ad7381c 5ad9d2ec dwwin+0x61d5
009effec 00000000 300060cb 00060222 00000000 kernel32!RegisterWaitForInputIdle+0x43
*----> Raw Stack Dump ----*
00000000009ee6f0 d8 c0 01 30 00 00 00 00 - 01 00 00 00 30 b9 14 00 ...0........0...
00000000009ee700 00 00 14 00 21 62 f7 77 - 71 1a e6 77 f8 01 00 00 ....!b.wq..w....
00000000009ee710 00 b0 91 00 30 b9 14 00 - 4c e7 9e 00 b9 c2 01 30 ....0...L......0
00000000009ee720 a0 07 00 00 6c e8 9e 00 - 30 b9 14 00 00 b0 91 00 ....l...0.......
00000000009ee730 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
00000000009ee740 30 b9 14 00 00 00 00 00 - 00 00 00 00 14 e8 9e 00 0...............
00000000009ee750 e8 cc 01 30 a0 07 00 00 - 6c e8 9e 00 80 bd 14 00 ...0....l.......
00000000009ee760 00 b0 91 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................
00000000009ee770 00 00 00 00 00 b7 02 30 - 04 01 00 00 f4 d7 14 00 .......0........
00000000009ee780 40 df 14 00 01 00 00 00 - 04 00 00 00 76 15 00 00 @...........v...
00000000009ee790 80 d5 14 00 2e 00 00 00 - e4 e1 14 00 6c e8 9e 00 ............l...
00000000009ee7a0 c8 e7 9e 00 30 00 00 00 - 00 00 00 00 18 78 00 00 ....0........x..
00000000009ee7b0 5a 2b 00 00 01 00 00 00 - 00 00 00 00 50 d1 14 00 Z+..........P...
00000000009ee7c0 04 00 00 00 03 00 00 00 - dc 07 00 00 00 00 00 00 ................
00000000009ee7d0 00 00 00 00 00 00 00 00 - 00 c0 fd 7f 00 00 00 00 ................
00000000009ee7e0 84 fe 97 01 00 00 00 00 - 7c 01 00 00 18 78 00 00 ........|....x..
00000000009ee7f0 cc 02 00 00 5a 2b 00 00 - 00 00 00 00 00 00 00 00 ....Z+..........
00000000009ee800 00 00 00 00 00 00 00 00 - 0b 00 00 00 00 00 00 00 ................
00000000009ee810 00 00 00 00 2c e8 9e 00 - c7 ef 01 30 a0 07 00 00 ....,......0....
00000000009ee820 6c e8 9e 00 80 bd 14 00 - 01 00 00 00 04 e9 9e 00 l...............
Application exception occurred:
App: C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator Trial\DVDMF.exe (pid=1636)
When: 12/15/2004 @ 11:11:32.015
Exception number: c0000005 (access violation)
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> Task List ----*
0 System Process
4 System
668 smss.exe
716 csrss.exe
740 winlogon.exe
784 services.exe
796 lsass.exe
972 Ati2evxx.exe
1000 svchost.exe
1048 svchost.exe
1144 svchost.exe
1168 svchost.exe
1352 spoolsv.exe
1552 alg.exe
1656 AvidSDMService.exe
1760 svchost.exe
1832 ULCDRSvr.exe
340 Ati2evxx.exe
468 Explorer.EXE
600 qttask.exe
416 MACVNTFY.EXE
276 CTHELPER.EXE
640 Ad-Watch.exe
1444 wuauclt.exe
1988 Launcher.exe
1636 DVDMF.exe
544 AvidXpressPro.exe
1080 drwtsn32.exe
spiff31
12 Posts
0
October 24th, 2005 17:00
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.
Application exception occurred:
App: C:\WINDOWS\System32\dwwin.exe (pid=548)
When: 12/5/2004 @ 12:39:41.015
Exception number: 80000003 (hardcoded breakpoint)
*----> System Information ----*
Computer Name: BEBOP
User Name: Spike
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Multiprocessor Free
Registered Organization: Bebop
Registered Owner: Spike
*----> Task List ----*
0 System Process
4 System
608 smss.exe
832 csrss.exe
860 winlogon.exe
904 services.exe
916 lsass.exe
1084 Ati2evxx.exe
1116 svchost.exe
1140 svchost.exe
1272 svchost.exe
1296 svchost.exe
1548 spoolsv.exe
1704 alg.exe
1736 AvidSDMService.exe
1828 svchost.exe
752 Ati2evxx.exe
820 Explorer.EXE
1412 qttask.exe
1444 MACVNTFY.EXE
1496 CTHELPER.EXE
964 Ad-Watch.exe
1860 wlancfg4.EXE
1164 Platinum.exe
700 wuauclt.exe
548 dwwin.exe
1200 drwtsn32.exe
*----> Module List ----*
(0000000030000000 - 0000000030033000: C:\WINDOWS\System32\dwwin.exe
(000000004f510000 - 000000004fd21000: C:\WINDOWS\system32\SHELL32.DLL
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\uxtheme.dll
(0000000063000000 - 0000000063096000: C:\WINDOWS\system32\WININET.DLL
(0000000070a70000 - 0000000070ad9000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071950000 - 0000000071a34000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
(0000000074e30000 - 0000000074e9a000: C:\WINDOWS\System32\riched20.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\Apphelp.dll
(00000000762a0000 - 00000000762b0000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 000000007634b000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\imm32.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\System32\PSAPI.DLL
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.DLL
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\system32\OLE32.DLL
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\COMCTL32.DLL
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.DLL
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\MSVCRT.DLL
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.DLL
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007f000000 - 000000007f041000: C:\WINDOWS\system32\GDI32.dll
*----> State Dump for Thread Id 0x7e8 ----*
eax=0012fd80 ebx=00000001 ecx=0012fd6c edx=00000000 esi=0012ff44 edi=0012ff44
eip=7ffe0304 esp=0012fdcc ebp=0012fdf0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
function:
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 9c pushfd
7ffe0306 810c2400010000 or dword ptr [esp],0x100
7ffe030d 9d popfd
7ffe030e c3 ret
7ffe030f 8bd4 mov edx,esp
7ffe0311 0f05 syscall
7ffe0313 c3 ret
7ffe0314 9c pushfd
7ffe0315 810c2400010000 or dword ptr [esp],0x100
7ffe031c 9d popfd
*----> Stack Back Trace ----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\System32\dwwin.exe
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0012fdc8 77d43a09 77d443b5 0012ff44 00000000 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0012fdf0 30007759 0012ff44 00000000 00000000 USER32+0x3a09
0012ff64 30007377 30000000 00000000 00000000 dwwin+0x7759
0012ffc0 77e8141a 0012b6b0 00130628 7ffdf000 dwwin+0x7377
0012fff0 00000000 30007321 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44