Computer Freezes - Symbols not found

---

• From: "dban1957@xxxxxxx" <dban1957@xxxxxxx>
• Date: 11 Jan 2007 18:36:13 -0800

---

Hey, I get this message in Doctor Watson. Basically my computer freezes
at times using Mcafee security edition. Seems like its referring to
symbols
not being found for certain files. I downloaded Microsoft Service Pack
2
for symbols but that didn't seem to help much. Can anyone provide
some help or additional information for me.




Application exception occurred:
App: C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (pid=1716)
When: 12/26/2006 @ 22:31:54.508
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name:
User Name: SYSTEM
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 10
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization:
Registered Owner:

*----> Task List <----*
0 System Process
4 System
308 smss.exe
376 csrss.exe
400 winlogon.exe
540 services.exe
552 lsass.exe
700 svchost.exe
756 svchost.exe
820 svchost.exe
876 svchost.exe
1008 svchost.exe
1204 spoolsv.exe
1376 Explorer.EXE
1448 mcvsescn.exe
1456 MPfTray.exe
1464 FreeRAM XP Pro.exe
1484 waol.exe
1564 AOLAcsd.exe
1608 aoltsmon.exe
1628 aolavupd.exe
1640 SSCEvtHdlr.exe
1676 aoltpspd.exe
1684 ITMRTSVC.exe
1716 mcshield.exe
1848 MPFService.exe
3076 alg.exe
3916 shellmon.exe
3412 AcroRd32.exe
2616 moviemk.exe
2692 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000437000:
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
(0000000003510000 - 0000000003524000:
c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll
(0000000003540000 - 0000000003547000: c:\program
files\mcafee.com\antivirus\naiannps.dll
(0000000003550000 - 0000000003573000:
c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 000000001002e000:
C:\PROGRA~1\mcafee.com\ANTIVI~1\naiann.dll
(0000000012000000 - 00000000122d3000: C:\Program
Files\mcafee.com\antivirus\MCSCAN32.DLL
(0000000012580000 - 0000000012585000:
C:\PROGRA~1\mcafee.com\ANTIVI~1\RES00\McShield.DLL
(0000000020000000 - 00000000202c5000: C:\WINDOWS\system32\xpsp2res.dll
(0000000022500000 - 000000002250f000:
C:\PROGRA~1\mcafee.com\ANTIVI~1\FTL.Dll
(0000000039000000 - 000000003903a000:
C:\PROGRA~1\mcafee.com\ANTIVI~1\EntSrv.Dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000073dc0000 - 0000000073dc3000: C:\WINDOWS\system32\LZ32.dll
(0000000076080000 - 00000000760e5000: C:\WINDOWS\system32\MSVCP60.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\userenv.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\psapi.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\wtsapi32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000774e0000 - 000000007761c000: C:\WINDOWS\system32\ole32.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll

*----> State Dump for Thread Id 0x6b8 <----*

eax=00000074 ebx=00000000 ecx=0012fa48 edx=00180000 esi=00000000
edi=00000074
eip=7c90eb94 esp=0012f99c ebp=0012fa04 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** WARNING: Unable to verify checksum for
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
*** ERROR: Module load completed but symbols could not be loaded for
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
App: C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (pid=1716)
When: 12/26/2006 @ 22:31:54.508
Exception number: c0000005 (access violation Defaulted to
export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0012fa04 77deb3cb 00000074 0012fad0 00000216 ntdll!KiFastSystemCallRet
0012fa30 77deb25f 00000074 0012fad0 00000216
ADVAPI32!SetServiceStatus+0x238
0012faa4 77deb568 00000074 0012fad0 00000216
ADVAPI32!SetServiceStatus+0xcc
0012fd04 0040346c 0012fd18 7c910738 00620020
ADVAPI32!StartServiceCtrlDispatcherW+0x8b
0012fd28 0040353e 00000000 004102e8 ffffffff mcshield+0x346c
0012ff44 0041ea21 00000001 003235d0 00322860 mcshield+0x353e
0012ffc0 7c816d4f 7c910738 ffffffff 7ffdf000 mcshield+0x1ea21
0012fff0 00000000 0041e8f2 00000000 78746341
kernel32!RegisterWaitForInputIdle+0x49

*----> Raw Stack Dump <----*
000000000012f99c 88 e2 90 7c 75 18 80 7c - 74 00 00 00 00 00 00 00
....|u..|t.......
000000000012f9ac 00 00 00 00 00 00 00 00 - dc f9 12 00 d0 fa 12 00
.................
000000000012f9bc 16 02 00 00 00 00 00 00 - 00 00 00 00 6c fa 12 00
.............l...
000000000012f9cc 0e 18 80 7c d0 fa 12 00 - 00 00 00 00 2e 10 81 7c
....|...........|
000000000012f9dc 50 68 14 00 88 a0 14 00 - d0 fa 12 00 de e4 00 00
Ph..............
000000000012f9ec c8 f9 12 00 00 00 00 00 - 94 fa 12 00 f3 99 83 7c
................|
000000000012f9fc d8 9b 80 7c ff ff ff ff - 30 fa 12 00 cb b3 de 77
....|....0......w
000000000012fa0c 74 00 00 00 d0 fa 12 00 - 16 02 00 00 2c fa 12 00
t...........,...
000000000012fa1c 00 00 00 00 50 68 14 00 - 88 a0 14 00 d0 fa 12 00
.....Ph..........
000000000012fa2c 00 00 00 00 a4 fa 12 00 - 5f b2 de 77 74 00 00 00
........._..wt...
000000000012fa3c d0 fa 12 00 16 02 00 00 - 6c fa 12 00 00 00 00 00
.........l.......
000000000012fa4c 00 00 00 00 00 f0 fd 7f - 01 00 00 00 00 00 00 00
.................
000000000012fa5c 01 00 00 00 79 b4 de 77 - 50 68 14 00 70 00 65 00
.....y..wPh..p.e.
000000000012fa6c 00 00 00 00 88 a0 14 00 - 34 07 00 00 00 00 00 00
.........4.......
000000000012fa7c 00 00 00 00 e4 fa 12 00 - 6f 00 6c 00 00 00 00 00
.........o.l.....
000000000012fa8c 48 fa 12 00 31 00 32 00 - f4 fc 12 00 55 56 df 77
H...1.2.....UV.w
000000000012fa9c 90 b3 de 77 ff ff ff ff - 04 fd 12 00 68 b5 de 77
....w........h..w
000000000012faac 74 00 00 00 d0 fa 12 00 - 16 02 00 00 00 00 00 00
t...............
000000000012fabc 20 00 62 00 00 f0 fd 7f - 00 00 00 00 38 07 91 7c
..b.........8..|
000000000012facc 74 00 00 00 2a 00 00 00 - 51 00 00 00 00 00 00 00
t...*...Q.......

*----> State Dump for Thread Id 0x6e8 <----*

eax=00000d00 ebx=007cfeec ecx=007c0fa0 edx=7c90eb94 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=007cfec4 ebp=007cff60 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
007cff60 7c809c86 00000003 007cffa0 00000000 ntdll!KiFastSystemCallRet
007cff7c 0041888f 00000003 007cffa0 00000000
kernel32!WaitForMultipleObjects+0x18
007cffac 00418b2e 007cffec 7c80b50b 00622da4 mcshield+0x1888f
007cffb4 7c80b50b 00622da4 7c910738 ffffffff mcshield+0x18b2e
007cffec 00000000 00418b00 00622da4 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000007cfec4 ab e9 90 7c f2 94 80 7c - 03 00 00 00 ec fe 7c 00
....|...|......|.
00000000007cfed4 01 00 00 00 00 00 00 00 - 00 00 00 00 99 a6 80 7c
................|
00000000007cfee4 a4 2d 62 00 66 d9 dd 77 - c0 02 00 00 c4 02 00 00
..-b.f..w........
00000000007cfef4 c8 02 00 00 86 60 01 00 - 00 80 38 4c 75 03 c6 00
......`....8Lu...
00000000007cff04 1d 56 e8 b5 6c fb ff eb - 14 00 00 00 01 00 00 00
..V..l...........
00000000007cff14 00 00 00 00 00 00 00 00 - 10 00 00 00 5c 4a 20 82
.............\J .
00000000007cff24 f0 48 20 82 24 49 20 82 - 00 f0 fd 7f 00 d0 fd 7f .H
..$I .........
00000000007cff34 da a6 80 7c 00 00 00 00 - ec fe 7c 00 a0 dc 90 7c
....|......|....|
00000000007cff44 03 00 00 00 e0 fe 7c 00 - c8 02 00 00 dc ff 7c 00
.......|.......|.
00000000007cff54 f3 99 83 7c 90 95 80 7c - 00 00 00 00 7c ff 7c 00
....|...|....|.|.
00000000007cff64 86 9c 80 7c 03 00 00 00 - a0 ff 7c 00 00 00 00 00
....|......|.....
00000000007cff74 ff ff ff ff 00 00 00 00 - ac ff 7c 00 8f 88 41 00
...........|...A.
00000000007cff84 03 00 00 00 a0 ff 7c 00 - 00 00 00 00 ff ff ff ff
.......|.........
00000000007cff94 38 07 91 7c ff ff ff ff - a4 2d 62 00 c0 02 00 00
8..|.....-b.....
00000000007cffa4 c4 02 00 00 c8 02 00 00 - b4 ff 7c 00 2e 8b 41 00
...........|...A.
00000000007cffb4 ec ff 7c 00 0b b5 80 7c - a4 2d 62 00 38 07 91 7c
...|....|.-b.8..|
00000000007cffc4 ff ff ff ff a4 2d 62 00 - 00 d0 fd 7f 00 26 3c 82
......-b......&<.
00000000007cffd4 c0 ff 7c 00 98 74 0e 82 - ff ff ff ff f3 99 83 7c
...|..t.........|
00000000007cffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............
00000000007cfff4 00 8b 41 00 a4 2d 62 00 - 00 00 00 00 00 00 00 00
...A..-b.........

*----> State Dump for Thread Id 0x734 <----*

eax=008cfa2c ebx=00146850 ecx=0032fa80 edx=00320608 esi=00000204
edi=00000000
eip=7c90eb94 esp=008cff10 ebp=008cff74 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
008cff74 7c802542 00000204 ffffffff 00000000 ntdll!KiFastSystemCallRet
008cff88 004034f8 00000204 ffffffff 00620020
kernel32!WaitForSingleObject+0x12
008cffb4 7c80b50b 00146850 00000000 0012e5ec mcshield+0x34f8
008cffec 00000000 77deb479 00146850 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000008cff10 c0 e9 90 7c db 25 80 7c - 04 02 00 00 00 00 00 00
....|.%.|........
00000000008cff20 00 00 00 00 00 00 00 00 - 20 00 62 00 50 68 14 00
......... .b.Ph..
00000000008cff30 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000008cff40 10 00 00 00 ff ff ff ff - fd 07 81 7c 00 f0 fd 7f
............|....
00000000008cff50 00 c0 fd 7f 00 00 00 00 - 00 00 01 00 24 ff 8c 00
.............$...
00000000008cff60 20 00 62 00 dc ff 8c 00 - f3 99 83 7c 08 26 80 7c
..b........|.&.|
00000000008cff70 00 00 00 00 88 ff 8c 00 - 42 25 80 7c 04 02 00 00
.........B%.|....
00000000008cff80 ff ff ff ff 00 00 00 00 - b4 ff 8c 00 f8 34 40 00
..............4@.
00000000008cff90 04 02 00 00 ff ff ff ff - 20 00 62 00 1e 32 40 00
......... .b..2@.
00000000008cffa0 50 68 14 00 8b b4 de 77 - 01 00 00 00 58 68 14 00
Ph.....w....Xh..
00000000008cffb0 ec e5 12 00 ec ff 8c 00 - 0b b5 80 7c 50 68 14 00
............|Ph..
00000000008cffc0 00 00 00 00 ec e5 12 00 - 50 68 14 00 00 c0 fd 7f
.........Ph......
00000000008cffd0 00 26 3c 82 c0 ff 8c 00 - a8 9e f5 81 ff ff ff ff
..&<.............
00000000008cffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
00000000008cfff0 00 00 00 00 79 b4 de 77 - 50 68 14 00 00 00 00 00
.....y..wPh......
00000000008d0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000008d0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000008d0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000008d0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000008d0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x75c <----*

eax=00000000 ebx=77d489d9 ecx=0000010f edx=00501658 esi=00fcff90
edi=00000000
eip=7c90eb94 esp=00fcff28 ebp=00fcff44 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00fcff44 0040547f 00fcff90 00000000 00000000 ntdll!KiFastSystemCallRet
00fcffac 0040549b 00fcffec 7c80b50b 00620020 mcshield+0x547f
00fcffb4 7c80b50b 00620020 00428610 ffffffff mcshield+0x549b
00fcffec 00000000 00405490 00620020 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000fcff28 9b 91 d4 77 ce 91 d4 77 - 90 ff fc 00 00 00 00 00
....w...w........
0000000000fcff38 00 00 00 00 00 00 00 00 - a3 91 d4 77 ac ff fc 00
............w....
0000000000fcff48 7f 54 40 00 90 ff fc 00 - 00 00 00 00 00 00 00 00
..T@.............
0000000000fcff58 00 00 00 00 10 86 42 00 - ff ff ff ff 20 00 62 00
.......B..... .b.
0000000000fcff68 00 00 00 00 50 52 40 00 - 00 00 00 00 04 00 00 00
.....PR@.........
0000000000fcff78 00 00 40 00 00 00 00 00 - 00 00 00 00 00 00 00 00
...@.............
0000000000fcff88 00 00 00 00 5c 21 42 00 - d8 00 01 00 19 02 00 00
.....\!B.........
0000000000fcff98 07 00 00 00 00 00 00 00 - 17 12 69 00 42 00 00 00
...........i.B...
0000000000fcffa8 a7 00 00 00 b4 ff fc 00 - 9b 54 40 00 ec ff fc 00
..........T@.....
0000000000fcffb8 0b b5 80 7c 20 00 62 00 - 10 86 42 00 ff ff ff ff
....| .b...B.....
0000000000fcffc8 20 00 62 00 00 60 fd 7f - 00 26 3c 82 c0 ff fc 00
..b..`...&<.....
0000000000fcffd8 d8 3c f2 81 ff ff ff ff - f3 99 83 7c 18 b5 80 7c
..<.........|...|
0000000000fcffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 90 54 40 00
..............T@.
0000000000fcfff8 20 00 62 00 00 00 00 00 - 00 00 00 00 00 00 00 00
..b.............
0000000000fd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd0038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000000fd0058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x770 <----*

eax=00000000 ebx=00000000 ecx=00fe0000 edx=00000063 esi=00000000
edi=0000010c
eip=7c90eb94 esp=02bfcce0 ebp=02bfcd48 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** WARNING: Unable to verify checksum for C:\Program
Files\mcafee.com\antivirus\MCSCAN32.DLL
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\Program Files\mcafee.com\antivirus\MCSCAN32.DLL -
ChildEBP RetAddr Args to Child
02bfcd48 0040e23d 0000010c 00ce8a68 00002000 ntdll!KiFastSystemCallRet
02bfcd64 0040f5b3 00ce8a68 00000000 00ce0148 mcshield+0xe23d
02bfcdb8 00401d6e 00ce0148 0000041a 00620020 mcshield+0xf5b3
02bfcdcc 004018b7 00ce0148 0000041a 00ce0028 mcshield+0x1d6e
02bfcef8 004019ba 0000041a 00000000 00ce0148 mcshield+0x18b7
02bfcf0c 1220fe58 00ce0184 0000041a 00000000 mcshield+0x19ba
02bfcf48 1220ff2b 0000041a 00000000 00ce4644 MCSCAN32+0x20fe58
02bfcf68 12170ab5 0000041a 00000000 00ce4644 MCSCAN32+0x20ff2b
02bfcf8c 1216dca2 00010000 00000000 00ce8a68 MCSCAN32+0x170ab5
02bfcfa8 121f7973 00010000 00000000 00ce8a68 MCSCAN32+0x16dca2
02bfcfc8 12205d4e 00010000 00000000 00ce8a68 MCSCAN32+0x1f7973
02bfd004 12206617 00010000 00000000 02bfd058 MCSCAN32+0x205d4e
02bfd060 12206133 00010000 01000000 02bfd0ac MCSCAN32+0x206617
02bfd0b4 1220288f 00010000 00000000 02bfe670 MCSCAN32+0x206133
02bfd0e0 1220721e 00000000 00000000 02bfe670 MCSCAN32+0x20288f
02bfd100 122033df 00010000 00000000 02bfe670 MCSCAN32+0x20721e
02bfd124 120c7e4b 00010000 00000000 02bfe670 MCSCAN32+0x2033df
02bfea88 120c2a73 00d28d18 00ce0680 00000008 MCSCAN32+0xc7e4b
02bfeb64 1203c281 000030c5 00000006 00ce0550 MCSCAN32+0xc2a73
02bfeb90 1203bdd3 00000000 00000000 00ce0550 MCSCAN32+0x3c281
02bfebbc 1203a87a 02bfec54 03409970 00000000 MCSCAN32+0x3bdd3
02bfebe0 1203abaf 02bfec54 02bfec58 02bfec5a MCSCAN32+0x3a87a
02bfebfc 120c0d25 02bfec54 02bfec58 02bfec5a MCSCAN32+0x3abaf
02bfec38 120c0945 00000000 0029c3f0 00ce0380 MCSCAN32+0xc0d25
02bfec8c 120c0822 00ce4601 02bfecef 1229c3f0 MCSCAN32+0xc0945
02bfece0 120bfbed 00ce4674 00000001 00000000 MCSCAN32+0xc0822
02bfed2c 120bd803 00ce4674 00ce4814 00000007 MCSCAN32+0xbfbed
02bfedb0 120b7ed0 02bffe50 00000004 02bfedcc MCSCAN32+0xbd803
02bfedc0 120b794f 02bffe50 02bfee0c 1208e14a MCSCAN32+0xb7ed0
02bfedcc 1208e14a 02bffe50 0016ed94 00ce002c MCSCAN32+0xb794f
02bfee0c 1208d2f3 02bffe40 02bffe50 02bffe64 MCSCAN32+0x8e14a
02bffeb8 1208e2b7 00ce0028 0019cc60 00228160 MCSCAN32+0x8d2f3
02bffecc 120024be 0019ccbc 0019cc60 00228160 MCSCAN32+0x8e2b7
02bffef0 00415028 00169df0 0019ccbc 0019cc60 MCSCAN32!AVScanObject+0x7e
02bfff84 00418133 00000003 00000000 00000000 mcshield+0x15028
02bfffb4 7c80b50b 00620020 00000000 00000000 mcshield+0x18133
02bfffec 00000000 004180f0 00620020 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002bfcce0 88 e2 90 7c 75 18 80 7c - 0c 01 00 00 00 00 00 00
....|u..|........
0000000002bfccf0 00 00 00 00 00 00 00 00 - 20 cd bf 02 68 8a ce 00
......... ...h...
0000000002bfcd00 00 20 00 00 00 00 00 00 - 00 00 00 00 20 00 62 00 .
........... .b.
0000000002bfcd10 48 01 ce 00 00 00 00 00 - 70 c6 19 00 00 00 00 00
H.......p.......
0000000002bfcd20 74 86 d2 00 00 00 00 00 - 00 00 00 00 1c 4a ce 00
t............J..
0000000002bfcd30 0c cd bf 02 5e 27 20 12 - a8 cd bf 02 f3 99 83 7c
.....^' ........|
0000000002bfcd40 d8 9b 80 7c ff ff ff ff - 64 cd bf 02 3d e2 40 00
....|....d...=.@.
0000000002bfcd50 0c 01 00 00 68 8a ce 00 - 00 20 00 00 70 cd bf 02
.....h.... ..p...
0000000002bfcd60 00 00 00 00 b8 cd bf 02 - b3 f5 40 00 68 8a ce 00
...........@.h...
0000000002bfcd70 00 00 00 00 48 01 ce 00 - 20 00 62 00 00 00 00 00
.....H... .b.....
0000000002bfcd80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002bfcd90 a0 cd bf 02 92 93 80 7c - 17 00 00 00 20 00 62 00
........|.... .b.
0000000002bfcda0 74 cd bf 02 7a c0 40 00 - 7c ea bf 02 00 e8 41 00
t...z.@.|.....A.
0000000002bfcdb0 d0 83 42 00 00 00 00 00 - cc cd bf 02 6e 1d 40 00
...B.........n.@.
0000000002bfcdc0 48 01 ce 00 1a 04 00 00 - 20 00 62 00 f8 ce bf 02
H....... .b.....
0000000002bfcdd0 b7 18 40 00 48 01 ce 00 - 1a 04 00 00 28 00 ce 00
...@.H.......(...
0000000002bfcde0 00 00 00 00 ff ff ff ff - 98 18 80 7c 3d e2 40 00
............|=.@.
0000000002bfcdf0 0c 01 00 00 68 8a ce 00 - 00 20 00 00 10 ce bf 02
.....h.... ......
0000000002bfce00 00 00 00 00 58 ce bf 02 - b3 f5 40 00 68 8a ce 00
.....X.....@.h...
0000000002bfce10 00 00 00 00 48 01 ce 00 - 20 00 62 00 00 00 00 00
.....H... .b.....

*----> State Dump for Thread Id 0x774 <----*

eax=00000d00 ebx=7c809608 ecx=02d00f74 edx=7c90eb94 esi=00000168
edi=00000000
eip=7c90eb94 esp=02d0ff00 ebp=02d0ff64 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
02d0ff64 7c802542 00000168 ffffffff 00000000 ntdll!KiFastSystemCallRet
02d0ff78 0040d124 00000168 ffffffff 0000008c
kernel32!WaitForSingleObject+0x12
02d0ffb4 7c80b50b 028fff2c 0000008c 00000000 mcshield+0xd124
02d0ffec 00000000 0040d0a0 028fff2c 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002d0ff00 c0 e9 90 7c db 25 80 7c - 68 01 00 00 00 00 00 00
....|.%.|h.......
0000000002d0ff10 00 00 00 00 6e 9c 80 7c - 2c ff 8f 02 08 96 80 7c
.....n..|,......|
0000000002d0ff20 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d0ff30 10 00 00 00 00 00 00 00 - 04 00 00 00 00 f0 fd 7f
.................
0000000002d0ff40 00 d0 fa 7f 00 00 00 00 - f3 99 83 7c 14 ff d0 02
............|....
0000000002d0ff50 ff ff ff ff dc ff d0 02 - f3 99 83 7c 08 26 80 7c
............|.&.|
0000000002d0ff60 00 00 00 00 78 ff d0 02 - 42 25 80 7c 68 01 00 00
.....x...B%.|h...
0000000002d0ff70 ff ff ff ff 00 00 00 00 - b4 ff d0 02 24 d1 40 00
.............$.@.
0000000002d0ff80 68 01 00 00 ff ff ff ff - 8c 00 00 00 00 00 00 00
h...............
0000000002d0ff90 2c ff 8f 02 70 01 00 00 - 78 01 00 00 7c 01 00 00
,...p...x...|...
0000000002d0ffa0 80 01 00 00 00 5d 1e ee - ff ff ff ff 00 3e 14 f4
......].......>..
0000000002d0ffb0 ff ff ff ff ec ff d0 02 - 0b b5 80 7c 2c ff 8f 02
............|,...
0000000002d0ffc0 8c 00 00 00 00 00 00 00 - 2c ff 8f 02 00 d0 fa 7f
.........,.......
0000000002d0ffd0 00 26 3c 82 c0 ff d0 02 - d8 79 f1 81 ff ff ff ff
..&<......y......
0000000002d0ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000002d0fff0 00 00 00 00 a0 d0 40 00 - 2c ff 8f 02 00 00 00 00
.......@.,.......
0000000002d10000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002d10030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x778 <----*

eax=00000d00 ebx=7c809608 ecx=02e10f74 edx=7c90eb94 esi=00000190
edi=00000000
eip=7c90eb94 esp=02e1ff00 ebp=02e1ff64 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
02e1ff64 7c802542 00000190 ffffffff 00000000 ntdll!KiFastSystemCallRet
02e1ff78 0040d124 00000190 ffffffff 0000008c
kernel32!WaitForSingleObject+0x12
02e1ffb4 7c80b50b 029fff2c 0000008c 00000000 mcshield+0xd124
02e1ffec 00000000 0040d0a0 029fff2c 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002e1ff00 c0 e9 90 7c db 25 80 7c - 90 01 00 00 00 00 00 00
....|.%.|........
0000000002e1ff10 00 00 00 00 6e 9c 80 7c - 2c ff 9f 02 08 96 80 7c
.....n..|,......|
0000000002e1ff20 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002e1ff30 10 00 00 00 00 00 00 00 - 04 00 00 00 00 f0 fd 7f
.................
0000000002e1ff40 00 c0 fa 7f 00 00 00 00 - f3 99 83 7c 14 ff e1 02
............|....
0000000002e1ff50 ff ff ff ff dc ff e1 02 - f3 99 83 7c 08 26 80 7c
............|.&.|
0000000002e1ff60 00 00 00 00 78 ff e1 02 - 42 25 80 7c 90 01 00 00
.....x...B%.|....
0000000002e1ff70 ff ff ff ff 00 00 00 00 - b4 ff e1 02 24 d1 40 00
.............$.@.
0000000002e1ff80 90 01 00 00 ff ff ff ff - 8c 00 00 00 00 00 00 00
.................
0000000002e1ff90 2c ff 9f 02 98 01 00 00 - a0 01 00 00 a4 01 00 00
,...............
0000000002e1ffa0 a8 01 00 00 00 5d 1e ee - ff ff ff ff 00 3e 14 f4
......].......>..
0000000002e1ffb0 ff ff ff ff ec ff e1 02 - 0b b5 80 7c 2c ff 9f 02
............|,...
0000000002e1ffc0 8c 00 00 00 00 00 00 00 - 2c ff 9f 02 00 c0 fa 7f
.........,.......
0000000002e1ffd0 00 26 3c 82 c0 ff e1 02 - a0 8d f1 81 ff ff ff ff
..&<.............
0000000002e1ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000002e1fff0 00 00 00 00 a0 d0 40 00 - 2c ff 9f 02 00 00 00 00
.......@.,.......
0000000002e20000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002e20010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002e20020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002e20030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x77c <----*

eax=00000d00 ebx=7c809608 ecx=02f20f74 edx=7c90eb94 esi=000001b4
edi=00000000
eip=7c90eb94 esp=02f2ff00 ebp=02f2ff64 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
02f2ff64 7c802542 000001b4 ffffffff 00000000 ntdll!KiFastSystemCallRet
02f2ff78 0040d124 000001b4 ffffffff 0000008c
kernel32!WaitForSingleObject+0x12
02f2ffb4 7c80b50b 02afff2c 0000008c 00000000 mcshield+0xd124
02f2ffec 00000000 0040d0a0 02afff2c 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000002f2ff00 c0 e9 90 7c db 25 80 7c - b4 01 00 00 00 00 00 00
....|.%.|........
0000000002f2ff10 00 00 00 00 6e 9c 80 7c - 2c ff af 02 08 96 80 7c
.....n..|,......|
0000000002f2ff20 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002f2ff30 10 00 00 00 00 00 00 00 - 04 00 00 00 00 f0 fd 7f
.................
0000000002f2ff40 00 b0 fa 7f 00 00 00 00 - f3 99 83 7c 14 ff f2 02
............|....
0000000002f2ff50 ff ff ff ff dc ff f2 02 - f3 99 83 7c 08 26 80 7c
............|.&.|
0000000002f2ff60 00 00 00 00 78 ff f2 02 - 42 25 80 7c b4 01 00 00
.....x...B%.|....
0000000002f2ff70 ff ff ff ff 00 00 00 00 - b4 ff f2 02 24 d1 40 00
.............$.@.
0000000002f2ff80 b4 01 00 00 ff ff ff ff - 8c 00 00 00 00 00 00 00
.................
0000000002f2ff90 2c ff af 02 bc 01 00 00 - c4 01 00 00 c8 01 00 00
,...............
0000000002f2ffa0 cc 01 00 00 00 5d 1e ee - ff ff ff ff 00 3e 14 f4
......].......>..
0000000002f2ffb0 ff ff ff ff ec ff f2 02 - 0b b5 80 7c 2c ff af 02
............|,...
0000000002f2ffc0 8c 00 00 00 00 00 00 00 - 2c ff af 02 00 b0 fa 7f
.........,.......
0000000002f2ffd0 00 26 3c 82 c0 ff f2 02 - a0 8d f1 81 ff ff ff ff
..&<.............
0000000002f2ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
0000000002f2fff0 00 00 00 00 a0 d0 40 00 - 2c ff af 02 00 00 00 00
.......@.,.......
0000000002f30000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002f30010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002f30020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000002f30030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x780 <----*

eax=00420070 ebx=0000071a ecx=00000000 edx=00000000 esi=00000169
edi=00000000
eip=7c90eb94 esp=0303e460 ebp=0303e4c4 iopl=0 nv up ei ng nz ac
pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000293

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0303e4c4 77e80acb 00000169 000dbba0 00000001 ntdll!KiFastSystemCallRet
0303e4e0 77e80a81 0017577c 00000001 000dbba0
RPCRT4!I_RpcTransGetThreadEvent+0x1c6
0303e504 77e852c7 00175748 0017577c 0303e534
RPCRT4!I_RpcTransGetThreadEvent+0x17c
0303e52c 77e8520d 00175748 0303e698 0303e694
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0x12d6
0303e54c 77e8565f 0344aff8 00000048 0303e698
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0x121c
0303e654 77e853ed 00000001 00155838 00000000
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0x166e
0303e69c 77e84cf6 00155838 00000000 00000001
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0x13fc
0303e6ec 77e84e0d 0344cc98 000dbba0 00000000
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0xd05
0303e730 77e84d5c 00000000 0303e81c 0344cc98
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0xe1c
0303e794 77e800ac 0303e7b8 00000000 00000000
RPCRT4!NdrNonEncapsulatedUnionMemorySize+0xd6b
0303e7c4 77e78dc9 00000000 0303e848 00000001
RPCRT4!NdrConformantStructUnmarshall+0x763
0303e7dc 77e78e00 0303e81c 00000000 0303e7fc
RPCRT4!I_RpcGetBufferWithObject+0x48
0303e7ec 77e7942d 0303e81c 0303ebf8 0303ebdc RPCRT4!I_RpcGetBuffer+0xf
0303e7fc 77ef360b 0303e848 0000002c 0344cc98 RPCRT4!NdrGetBuffer+0x28
0303ebdc 77de1cd0 77ddf370 77de1374 0303ebf8
RPCRT4!NdrClientCall2+0x13b
0303ebf0 77de1c52 00000000 0303ec64 00000800
ADVAPI32!LsaOpenPolicy+0xc1
0303ec44 77df9202 00000000 0303ec64 00000800
ADVAPI32!LsaOpenPolicy+0x43
0303ecac 77df9195 00000000 0303ef0c 00c31828
ADVAPI32!LookupAccountNameW+0x8e
0303ecd4 0041b3e7 00000000 0303ef0c 00c31828
ADVAPI32!LookupAccountNameW+0x21
0303f128 00408dbd c00013bb 00000000 00000005 mcshield+0x1b3e7
0303f158 0040d04a 0303fc4c 0303fe98 0303fe58 mcshield+0x8dbd
0303ff7c 0040d189 02bfff2c 0000008c 00000000 mcshield+0xd04a
0303ffb4 7c80b50b 02bfff2c 0000008c 00000000 mcshield+0xd189
0303ffec 00000000 0040d0a0 02bfff2c 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000303e460 c0 e9 90 7c db 25 80 7c - 69 01 00 00 01 00 00 00
....|.%.|i.......
000000000303e470 94 e4 03 03 03 01 00 00 - 7c 57 17 00 1a 07 00 00
.........|W......
000000000303e480 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000303e490 10 00 00 00 00 e6 8e e7 - fd ff ff ff 00 f0 fd 7f
.................
000000000303e4a0 00 a0 fa 7f 94 e4 03 03 - ff ff ff ff 74 e4 03 03
.............t...
000000000303e4b0 4a 0b e8 77 cc eb 03 03 - f3 99 83 7c 08 26 80 7c
J..w.......|.&.|
000000000303e4c0 00 00 00 00 e0 e4 03 03 - cb 0a e8 77 69 01 00 00
............wi...
000000000303e4d0 a0 bb 0d 00 01 00 00 00 - a0 bb 0d 00 7c 57 17 00
.............|W..
000000000303e4e0 04 e5 03 03 81 0a e8 77 - 7c 57 17 00 01 00 00 00
........w|W......
000000000303e4f0 a0 bb 0d 00 18 00 02 c0 - 48 57 17 00 1a 07 00 00
.........HW......
000000000303e500 00 00 00 00 2c e5 03 03 - c7 52 e8 77 48 57 17 00
.....,....R.wHW..
000000000303e510 7c 57 17 00 34 e5 03 03 - 01 00 00 00 a0 bb 0d 00
|W..4...........
000000000303e520 48 57 17 00 c8 55 17 00 - c8 55 17 00 4c e5 03 03
HW...U...U..L...
000000000303e530 0d 52 e8 77 48 57 17 00 - 98 e6 03 03 94 e6 03 03
..R.wHW..........
000000000303e540 a0 bb 0d 00 48 00 00 00 - f8 af 44 03 54 e6 03 03
.....H.....D.T...
000000000303e550 5f 56 e8 77 f8 af 44 03 - 48 00 00 00 98 e6 03 03
_V.w..D.H.......
000000000303e560 94 e6 03 03 a0 bb 0d 00 - d8 e6 03 03 c8 55 17 00
..............U..
000000000303e570 05 10 90 7c 3d 04 91 7c - e8 e5 03 03 75 0b 81 7c
....|=..|....u..|
000000000303e580 00 00 00 00 0c e6 03 03 - 2c e6 03 03 ac 92 80 7c
.........,......|
000000000303e590 18 00 00 00 00 00 00 00 - d0 e5 03 03 40 00 00 00
.............@...

*----> State Dump for Thread Id 0x784 <----*

eax=00000894 ebx=7c8097ad ecx=00000000 edx=00000037 esi=00620020
edi=00000000
eip=00402c60 esp=0313ff8c ebp=0313ffac iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: mcshield
00402c3d ffff ???
00402c3f ff8b0d182d43 dec dword ptr [ebx+0x432d180d]
00402c45 0039 add [ecx],bh
00402c47 be60200000 mov esi,0x2060
00402c4c 7561 jnz mcshield+0x2caf (00402caf)
00402c4e b894080000 mov eax,0x894
00402c53 eb0b jmp mcshield+0x2c60 (00402c60)
00402c55 8b0d182d4300 mov ecx,[mcshield+0x32d18
(00432d18)]
00402c5b eb03 jmp mcshield+0x2c60 (00402c60)
00402c5d 8d4900 lea ecx,[ecx]
FAULT ->00402c60 8b5408fc mov edx,[eax+ecx-0x4]
ds:0023:00000890=????????
00402c64 891408 mov [eax+ecx],edx
00402c67 8b0d182d4300 mov ecx,[mcshield+0x32d18
(00432d18)]
00402c6d 8b94084c010000 mov edx,[eax+ecx+0x14c]
00402c74 89940850010000 mov [eax+ecx+0x150],edx
00402c7b 83c0fc add eax,0xfffffffc
00402c7e 3dac070000 cmp eax,0x7ac
00402c83 7dd0 jge mcshield+0x2c55 (00402c55)
00402c85 a1182d4300 mov eax,[mcshield+0x32d18
(00432d18)]
00402c8a 57 push edi
00402c8b 05a8070000 add eax,0x7a8

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0313ffac 00402ccb 0313ffec 7c80b50b 00620020 mcshield+0x2c60
0313ffb4 7c80b50b 00620020 008cfa04 00000001 mcshield+0x2ccb
0313ffec 00000000 00402cc0 00620020 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000313ff8c 20 00 62 00 04 fa 8c 00 - 01 00 00 00 00 00 00 00
..b.............
000000000313ff9c 81 a8 4f 80 98 4c f3 f2 - 00 00 00 00 37 00 00 00
...O..L......7...
000000000313ffac b4 ff 13 03 cb 2c 40 00 - ec ff 13 03 0b b5 80 7c
......,@........|
000000000313ffbc 20 00 62 00 04 fa 8c 00 - 01 00 00 00 20 00 62 00
..b......... .b.
000000000313ffcc 00 90 fa 7f 05 00 00 c0 - c0 ff 13 03 b0 fb 13 03
.................
000000000313ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
........|...|....
000000000313ffec 00 00 00 00 00 00 00 00 - c0 2c 40 00 20 00 62 00
..........,@. .b.
000000000313fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000314009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000031400ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000031400bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x7fc <----*

eax=00000d00 ebx=0323fedc ecx=03230f8c edx=7c90eb94 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=0323feb4 ebp=0323ff50 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0323ff50 7c809c86 00000002 0032fb70 00000000 ntdll!KiFastSystemCallRet
0323ff6c 00417ff2 00000002 0032fb70 00000000
kernel32!WaitForMultipleObjects+0x18
0323ff98 0041823a 00000000 00620020 00000000 mcshield+0x17ff2
0323ffac 0041825b 0323ffec 7c80b50b 00620020 mcshield+0x1823a
0323ffb4 7c80b50b 00620020 9edba488 00000000 mcshield+0x1825b
0323ffec 00000000 00418250 00620020 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000323feb4 ab e9 90 7c f2 94 80 7c - 02 00 00 00 dc fe 23 03
....|...|......#.
000000000323fec4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 06 00 00
.................
000000000323fed4 20 00 62 00 20 00 00 00 - a8 00 00 00 30 01 00 00
..b. .......0...
000000000323fee4 6c fb 90 7c 71 fb 90 7c - 00 02 00 00 f0 17 c3 00
l..|q..|........
000000000323fef4 03 01 00 00 ec fe 23 03 - 14 00 00 00 01 00 00 00
.......#.........
000000000323ff04 00 00 00 00 00 00 00 00 - 10 00 00 00 20 ff 23 03
............. .#.
000000000323ff14 92 93 80 7c e5 03 00 00 - 00 f0 fd 7f 00 80 fa 7f
....|............
000000000323ff24 18 1a 80 7c 00 00 00 00 - dc fe 23 03 20 00 62 00
....|......#. .b.
000000000323ff34 02 00 00 00 d0 fe 23 03 - 00 00 00 00 dc ff 23 03
.......#.......#.
000000000323ff44 f3 99 83 7c 90 95 80 7c - 00 00 00 00 6c ff 23 03
....|...|....l.#.
000000000323ff54 86 9c 80 7c 02 00 00 00 - 70 fb 32 00 00 00 00 00
....|....p.2.....
000000000323ff64 ff ff ff ff 00 00 00 00 - 98 ff 23 03 f2 7f 41 00
...........#...A.
000000000323ff74 02 00 00 00 70 fb 32 00 - 00 00 00 00 ff ff ff ff
.....p.2.........
000000000323ff84 88 a4 db 9e 20 00 62 00 - 20 00 00 00 00 00 00 00
..... .b. .......
000000000323ff94 70 fb 32 00 ac ff 23 03 - 3a 82 41 00 00 00 00 00
p.2...#.:.A.....
000000000323ffa4 20 00 62 00 00 00 00 00 - b4 ff 23 03 5b 82 41 00
..b.......#.[.A.
000000000323ffb4 ec ff 23 03 0b b5 80 7c - 20 00 62 00 88 a4 db 9e
...#....| .b.....
000000000323ffc4 00 00 00 00 20 00 62 00 - 00 80 fa 7f 00 26 3c 82
..... .b......&<.
000000000323ffd4 c0 ff 23 03 68 17 f1 81 - ff ff ff ff f3 99 83 7c
...#.h..........|
000000000323ffe4 18 b5 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00
....|............

*----> State Dump for Thread Id 0x74 <----*

eax=0335fb54 ebx=00620020 ecx=0334fe5c edx=00000000 esi=000000a8
edi=00000000
eip=7c90eb94 esp=0335ff20 ebp=0335ff84 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0335ff84 7c802542 000000a8 ffffffff 00000000 ntdll!KiFastSystemCallRet
0335ff98 004180e1 000000a8 ffffffff 00000000
kernel32!WaitForSingleObject+0x12
0335ffb4 7c80b50b 00620020 00000000 00000000 mcshield+0x180e1
0335ffec 00000000 00403240 00620020 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000335ff20 c0 e9 90 7c db 25 80 7c - a8 00 00 00 00 00 00 00
....|.%.|........
000000000335ff30 00 00 00 00 00 00 00 00 - 20 00 62 00 20 00 62 00
......... .b. .b.
000000000335ff40 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000335ff50 10 00 00 00 ed c7 41 00 - 00 02 00 00 00 f0 fd 7f
.......A.........
000000000335ff60 00 70 fa 7f 00 00 00 00 - 00 00 00 00 34 ff 35 03
..p..........4.5.
000000000335ff70 0d 48 40 00 dc ff 35 03 - f3 99 83 7c 08 26 80 7c
..H@...5....|.&.|
000000000335ff80 00 00 00 00 98 ff 35 03 - 42 25 80 7c a8 00 00 00
.......5.B%.|....
000000000335ff90 ff ff ff ff 00 00 00 00 - b4 ff 35 03 e1 80 41 00
...........5...A.
000000000335ffa0 a8 00 00 00 ff ff ff ff - 00 00 00 00 45 82 41 00
.............E.A.
000000000335ffb0 4b 32 40 00 ec ff 35 03 - 0b b5 80 7c 20 00 62 00
K2@...5....| .b.
000000000335ffc0 00 00 00 00 00 00 00 00 - 20 00 62 00 00 70 fa 7f
......... .b..p..
000000000335ffd0 00 26 3c 82 c0 ff 35 03 - 98 65 f2 81 ff ff ff ff
..&<...5..e......
000000000335ffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
000000000335fff0 00 00 00 00 40 32 40 00 - 20 00 62 00 00 00 00 00
.....@2@. .b.....
0000000003360000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003360010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003360020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003360030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003360040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003360050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xf8 <----*

eax=ffffffff ebx=00000000 ecx=003e4d1c edx=00010001 esi=0015b960
edi=0015ba04
eip=7c90eb94 esp=0370fe1c ebp=0370ff80 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
0370ff80 77e76c22 0370ffa8 77e76a3b 0015b960 ntdll!KiFastSystemCallRet
0370ff88 77e76a3b 0015b960 00000000 00000000
RPCRT4!I_RpcBCacheFree+0x5ea
0370ffa8 77e76c0a 00146240 0370ffec 7c80b50b
RPCRT4!I_RpcBCacheFree+0x403
0370ffb4 7c80b50b 00194220 00000000 00000000
RPCRT4!I_RpcBCacheFree+0x5d2
0370ffec 00000000 77e76bf0 00194220 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
000000000370fe1c 99 e3 90 7c 03 67 e7 77 - 04 01 00 00 70 ff 70 03
....|.g.w....p.p.
000000000370fe2c 00 00 00 00 58 56 44 03 - 4c ff 70 03 30 00 48 00
.....XVD.L.p.0.H.
000000000370fe3c 00 00 00 00 d1 ef 3b f9 - 75 ea a8 01 00 00 00 00
.......;.u.......
000000000370fe4c 00 00 00 00 02 e4 c7 05 - 01 00 5b 00 01 00 00 00
...........[.....
000000000370fe5c eb d8 33 c0 a3 88 67 5b - 00 89 1d 8c 67 5b 00 eb
...3...g[....g[..
000000000370fe6c 07 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00
.................
000000000370fe7c 00 00 02 04 00 00 00 00 - 00 00 02 04 00 00 00 00
.................
000000000370fe8c 05 00 00 00 e5 a3 2e b8 - 4d d2 9f 86 da b2 a2 5f
.........M......_
000000000370fe9c d3 d7 10 ef 02 e0 00 00 - b4 06 00 00 a4 5f 3b 71
.............._;q
000000000370feac f7 93 6b 9a 00 00 00 00 - 37 e9 ff 8d 45 d0 89 45
...k.....7...E..E
000000000370febc e8 8d 45 e0 50 68 1f 00 - 02 00 8d 45 08 50 c7 45
...E.Ph.....E.P.E
000000000370fecc e0 18 00 00 00 89 5d e4 - c7 45 ec 40 00 00 00 89
.......]..E.@....
000000000370fedc 5d f0 89 5d f4 e8 51 1f - f2 ff 85 c0 0f 8c 0e 01
]..]..Q.........
000000000370feec 00 00 68 68 ee 56 00 8d - 45 d8 50 e8 e7 36 e9 ff
...hh.V..E.P..6..
000000000370fefc 6a 08 8d 45 f8 50 6a 03 - 53 8d 45 d8 50 ff 75 08
j..E.Pj.S.E.P.u.
000000000370ff0c e8 48 f0 f2 cc fc ed 81 - 20 cc ee f2 46 02 00 00
..H...... ...F...
000000000370ff1c ba c2 4d 80 9c fc ed 81 - 30 fb ed 81 64 fb ed 81
...M.....0...d...
000000000370ff2c 5c 34 e9 ff 80 ff 70 03 - 99 66 e7 77 4c ff 70 03
\4....p..f.wL.p.
000000000370ff3c a9 66 e7 77 ed 10 90 7c - 50 41 19 00 20 42 19 00
..f.w...|PA.. B..
000000000370ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

*----> State Dump for Thread Id 0x174 <----*

eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000
edi=00000001
eip=7c90eb94 esp=03a0fcec ebp=03a0ffb4 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
03a0ffb4 7c80b50b 00000000 00140000 00000000 ntdll!KiFastSystemCallRet
03a0ffec 00000000 7c929fae 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000003a0fcec ab e9 90 7c d5 a0 92 7c - 14 00 00 00 30 fd a0 03
....|...|....0...
0000000003a0fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 14 00
.................
0000000003a0fd0c 00 00 00 00 00 00 00 00 - 08 e5 97 7c 08 e5 97 7c
............|...|
0000000003a0fd1c e0 02 00 00 74 01 00 00 - 14 00 00 00 14 00 00 00
.....t...........
0000000003a0fd2c 13 00 00 00 d8 02 00 00 - a4 02 00 00 20 03 00 00
............. ...
0000000003a0fd3c 30 03 00 00 4c 03 00 00 - 58 03 00 00 64 03 00 00
0...L...X...d...
0000000003a0fd4c 80 03 00 00 8c 03 00 00 - 94 03 00 00 a0 03 00 00
.................
0000000003a0fd5c a8 03 00 00 b4 03 00 00 - c0 03 00 00 cc 03 00 00
.................
0000000003a0fd6c d4 03 00 00 e0 03 00 00 - ec 03 00 00 f8 03 00 00
.................
0000000003a0fd7c 00 04 00 00 38 04 00 00 - 18 04 00 00 48 04 00 00
.....8.......H...
0000000003a0fd8c 50 04 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
P...............
0000000003a0fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003a0fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0x17c <----*

eax=769c8831 ebx=03b0fef4 ecx=0370e8d4 edx=0370eb88 esi=00000000
edi=7ffdf000
eip=7c90eb94 esp=03b0fecc ebp=03b0ff68 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\userenv.dll -
ChildEBP RetAddr Args to Child
03b0ff68 7c809c86 00000003 76a60310 00000000 ntdll!KiFastSystemCallRet
03b0ff84 769c888d 00000003 76a60310 00000000
kernel32!WaitForMultipleObjects+0x18
03b0ffb4 7c80b50b 00000000 00000000 00000000
userenv!UnregisterGPNotification+0x15c
03b0ffec 00000000 769c8831 00000000 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000003b0fecc ab e9 90 7c f2 94 80 7c - 03 00 00 00 f4 fe b0 03
....|...|........
0000000003b0fedc 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003b0feec b8 03 a6 76 77 9b 80 7c - 34 03 00 00 38 03 00 00
....vw..|4...8...
0000000003b0fefc 3c 03 00 00 5c fe b0 03 - 6c ff b0 03 6c ff b0 03
<...\...l...l...
0000000003b0ff0c 18 ee 90 7c 70 05 91 7c - 14 00 00 00 01 00 00 00
....|p..|........
0000000003b0ff1c 00 00 00 00 00 00 00 00 - 10 00 00 00 f6 1b 80 7c
................|
0000000003b0ff2c 00 00 00 00 00 00 00 00 - 00 f0 fd 7f 00 30 fa 7f
..............0..
0000000003b0ff3c d8 66 14 00 00 00 00 00 - f4 fe b0 03 00 00 00 00
..f..............
0000000003b0ff4c 03 00 00 00 e8 fe b0 03 - 00 00 00 00 dc ff b0 03
.................
0000000003b0ff5c f3 99 83 7c 90 95 80 7c - 00 00 00 00 84 ff b0 03
....|...|........
0000000003b0ff6c 86 9c 80 7c 03 00 00 00 - 10 03 a6 76 00 00 00 00
....|.......v....
0000000003b0ff7c ff ff ff ff 00 00 00 00 - b4 ff b0 03 8d 88 9c 76
................v
0000000003b0ff8c 03 00 00 00 10 03 a6 76 - 00 00 00 00 ff ff ff ff
........v........
0000000003b0ff9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 9c 76
................v
0000000003b0ffac 03 00 00 00 00 00 00 00 - ec ff b0 03 0b b5 80 7c
................|
0000000003b0ffbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0000000003b0ffcc 00 30 fa 7f 00 26 3c 82 - c0 ff b0 03 10 4b 27 82
..0...&<......K'.
0000000003b0ffdc ff ff ff ff f3 99 83 7c - 18 b5 80 7c 00 00 00 00
........|...|....
0000000003b0ffec 00 00 00 00 00 00 00 00 - 31 88 9c 76 00 00 00 00
.........1..v....
0000000003b0fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xae4 <----*

eax=774f319a ebx=00007530 ecx=0344c148 edx=77e7c691 esi=00000000
edi=009cff50
eip=7c90eb94 esp=009cff20 ebp=009cff78 iopl=0 nv up ei pl nz na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
009cff78 7c802451 0000ea60 00000000 009cffb4 ntdll!KiFastSystemCallRet
009cff88 774f2fcb 0000ea60 034658e0 774f314d kernel32!Sleep+0xf
009cffb4 7c80b50b 034658e0 77e782dc 00154acc
ole32!StringFromGUID2+0x2d1
009cffec 00000000 774f319a 034658e0 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
00000000009cff20 5c d8 90 7c ed 23 80 7c - 00 00 00 00 50 ff 9c 00
\..|.#.|....P...
00000000009cff30 50 25 80 7c f0 56 60 77 - 30 75 00 00 14 00 00 00
P%.|.V`w0u......
00000000009cff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00
.................
00000000009cff50 00 ba 3c dc ff ff ff ff - 08 4f 4e 77 50 ff 9c 00
...<......ONwP...
00000000009cff60 30 ff 9c 00 d8 66 14 00 - dc ff 9c 00 f3 99 83 7c
0....f.........|
00000000009cff70 58 24 80 7c 00 00 00 00 - 88 ff 9c 00 51 24 80 7c
X$.|........Q$.|
00000000009cff80 60 ea 00 00 00 00 00 00 - b4 ff 9c 00 cb 2f 4f 77
`............/Ow
00000000009cff90 60 ea 00 00 e0 58 46 03 - 4d 31 4f 77 00 00 00 00
`....XF.M1Ow....
00000000009cffa0 dc 82 e7 77 e0 58 46 03 - 00 00 4e 77 b5 31 4f 77
....w.XF...Nw.1Ow
00000000009cffb0 cc 4a 15 00 ec ff 9c 00 - 0b b5 80 7c e0 58 46 03
..J.........|.XF.
00000000009cffc0 dc 82 e7 77 cc 4a 15 00 - e0 58 46 03 00 b0 fd 7f
....w.J...XF.....
00000000009cffd0 70 e2 19 82 c0 ff 9c 00 - 70 2d b4 81 ff ff ff ff
p.......p-......
00000000009cffe0 f3 99 83 7c 18 b5 80 7c - 00 00 00 00 00 00 00 00
....|...|........
00000000009cfff0 00 00 00 00 9a 31 4f 77 - e0 58 46 03 00 00 00 00
......1Ow.XF.....
00000000009d0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000009d0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000009d0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000009d0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000009d0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
00000000009d0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

*----> State Dump for Thread Id 0xb4c <----*

eax=77e76bf0 ebx=00000000 ecx=ffffffff edx=7c910738 esi=0015b960
edi=0015ba04
eip=7c90eb94 esp=00acfe1c ebp=00acff80 iopl=0 nv up ei pl zr na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246

function: ntdll!KiFastSystemCallRet
7c90eb89 90 nop
7c90eb8a 90 nop
ntdll!KiFastSystemCall:
7c90eb8b 8bd4 mov edx,esp
7c90eb8d 0f34 sysenter
7c90eb8f 90 nop
7c90eb90 90 nop
7c90eb91 90 nop
7c90eb92 90 nop
7c90eb93 90 nop
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
7c90eb95 8da42400000000 lea esp,[esp]
7c90eb9c 8d642400 lea esp,[esp]
7c90eba0 90 nop
7c90eba1 90 nop
7c90eba2 90 nop
7c90eba3 90 nop
7c90eba4 90 nop
ntdll!KiIntSystemCall:
7c90eba5 8d542408 lea edx,[esp+0x8]
7c90eba9 cd2e int 2e

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may
be wrong.
ChildEBP RetAddr Args to Child
00acff80 77e76c22 00acffa8 77e76a3b 0015b960 ntdll!KiFastSystemCallRet
00acff88 77e76a3b 0015b960 0370fbe0 0370fc98
RPCRT4!I_RpcBCacheFree+0x5ea
00acffa8 77e76c0a 00146240 00acffec 7c80b50b
RPCRT4!I_RpcBCacheFree+0x403
00acffb4 7c80b50b 03449c48 0370fbe0 0370fc98
RPCRT4!I_RpcBCacheFree+0x5d2
00acffec 00000000 77e76bf0 03449c48 00000000
kernel32!GetModuleFileNameA+0x1b4

*----> Raw Stack Dump <----*
0000000000acfe1c 99 e3 90 7c 03 67 e7 77 - 04 01 00 00 70 ff ac 00
....|.g.w....p...
0000000000acfe2c 00 00 00 00 e0 b3 15 00 - 4c ff ac 00 d8 65 31 e2
.........L....e1.
0000000000acfe3c 08 00 02 00 c0 01 00 00 - 00 00 00 00 ec 9b 3b f3
...............;.
0000000000acfe4c 28 73 61 e1 4c 9b 3b f3 - f3 70 58 80 08 0d 00 e1
(sa.L.;..pX.....
0000000000acfe5c 98 65 a2 e2 ec 9b 3b f3 - 90 65 a2 e2 00 00 00 02
..e....;..e......
0000000000acfe6c 74 9b 3b f3 2b fb 5f 80 - 02 00 00 00 0c 00 00 00
t.;.+._.........
0000000000acfe7c 98 65 a2 e2 00 00 00 00 - 00 00 00 00 48 7d 76 e2
..e..........H}v.
0000000000acfe8c ec 9b 3b f3 00 00 00 02 - 14 9c 3b f3 38 bb 56 80
...;.......;.8.V.
0000000000acfe9c 48 7d 76 e2 38 55 88 e2 - 74 65 a2 e2 28 73 61 e1
H}v.8U..te..(sa.
0000000000acfeac 01 00 00 00 00 00 00 00 - 14 9c 3b f3 3e bb 56 80
...........;.>.V.
0000000000acfebc 48 7d 76 e2 d0 9c 3b f3 - 88 9c 3b f3 cf 4a 56 80
H}v...;...;..JV.
0000000000acfecc 00 00 00 02 00 00 00 00 - 00 06 15 00 00 06 15 00
.................
0000000000acfedc 00 00 00 00 00 00 00 00 - d0 9c 3b f3 88 9c 3b f3
...........;...;.
0000000000acfeec 48 7d 76 e2 28 73 61 e1 - ff ff ff ff 46 02 00 00
H}v.(sa.....F...
0000000000acfefc 56 b8 4d 80 20 9c 3b f3 - a8 fd c4 81 20 f1 df ff
V.M. .;..... ...
0000000000acff0c 46 02 00 00 0d c1 4d 80 - 18 fe c4 81 a8 fd c4 81
F.....M.........
0000000000acff1c 43 c1 4d 80 14 ff c4 81 - a8 fd c4 81 dc fd c4 81
C.M.............
0000000000acff2c 00 00 06 00 80 ff ac 00 - 99 66 e7 77 4c ff ac 00
..........f.wL...
0000000000acff3c a9 66 e7 77 ed 10 90 7c - 38 65 15 00 48 9c 44 03
..f.w...|8e..H.D.
0000000000acff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff
.../M.....]......

.

---

• Prev by Date: Re: Scanreg/restore incompatability with XP
• Next by Date: Certain EXE files will not run
• Previous by thread: Re: Scanreg/restore incompatability with XP
• Next by thread: Certain EXE files will not run
• Index(es):
  • Date
  • Thread

---

Relevant Pages Microsoft Symbols and Windows Debugger ... Stack unwind information not available. ... Following frames may ... ChildEBP RetAddr Args to Child ... (microsoft.public.windowsxp.help_and_support) OE Errors ... Stack unwind information not available. ... Following frames may be ... >ChildEBP RetAddr Args to Child ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) ntdll crash and allocateheap problem ... Stack unwind information not available. ... Following frames may be ... ChildEBP RetAddr Args to Child ... (microsoft.public.windowsxp.general) Application exception causing blue screens ... Stack unwind information not available. ... Following frames may ... ChildEBP RetAddr Args to Child ... (microsoft.public.windowsxp.help_and_support) blue screen with c0000005 (access violation) on Winlogon.exe ... Stack unwind information not available. ... Following frames may ... ChildEBP RetAddr Args to Child ... (microsoft.public.windowsxp.help_and_support)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.accessibility  > 2007-01