Gjest Slettet+oiasdf79 Skrevet 10. mars 2009 Del Skrevet 10. mars 2009 Heisann Jeg har den siste tiden oftere og oftere fått bsod på min server. Det er installert Windows Server 2003 på den. Her er crashdump filen. Microsoft ® Windows Debugger Version 6.11.0001.404 X86Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Documents and Settings\Felles\Local Settings\Application Data\Microsoft\Dr Watson\user.dmp] User Mini Dump File: Only registers, stack and portions of memory are available Comment: 'Dr. Watson generated MiniDump' Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: Windows Server 2003 Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible Product: Server, suite: TerminalServer SingleUserTS Machine Name: Debug session time: Fri Mar 6 15:58:45.000 2009 (GMT+1) System Uptime: not available Process Uptime: 5 days 22:15:43.000 ................................................ This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (f0c.f4c): Access violation - code c0000005 (first/second chance not available) eax=00000000 ebx=01da51e4 ecx=fffffffc edx=00000000 esi=01da51e0 edi=00000004 eip=7c84afb2 esp=019bfdcc ebp=019bfdf4 iopl=0 nv up ei pl nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213 *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - ntdll!RtlIpv4StringToAddressExW+0x9634: 7c84afb2 ff4014 inc dword ptr [eax+14h] ds:0023:00000014=???????? Håper noen kan hjelpe, på forhånd takk. Lenke til kommentar
Gjest Slettet-t8fn5F Skrevet 11. mars 2009 Del Skrevet 11. mars 2009 Hva sier eventloggen? Lenke til kommentar
Gjest Slettet+oiasdf79 Skrevet 11. mars 2009 Del Skrevet 11. mars 2009 Drwtsn32: Microsoft ® DrWtsn32 Copyright © 1985-2002 Microsoft Corp. All rights reserved. Application exception occurred: App: C:\Program Files\NetLimiter\NetLimiter.exe (pid=2932) When: 31.01.2009 @ 01:00:02.312 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 2 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 312 smss.exe 360 csrss.exe 384 winlogon.exe 432 services.exe 444 lsass.exe 636 svchost.exe 704 svchost.exe 772 svchost.exe 788 svchost.exe 832 svchost.exe 888 ccSetMgr.exe 920 ccEvtMgr.exe 1028 SPBBCSvc.exe 1252 msdtc.exe 1348 DefWatch.exe 1376 svchost.exe 1412 svchost.exe 1492 Rtvscan.exe 1608 tssdis.exe 1768 svchost.exe 2348 wmiprvse.exe 2552 csrss.exe 2580 winlogon.exe 2780 rdpclip.exe 2876 Explorer.EXE 2944 NetLimiter.exe 2956 ccApp.exe 3000 VPTray.exe 3016 ctfmon.exe 3052 uTorrent.exe 3124 G6FTPSrv.exe 3220 svchost.exe 3812 logon.scr 1724 spoolsv.exe 3364 NRPG-RatioMaster.exe 2332 csrss.exe 1476 winlogon.exe 2308 rdpclip.exe 2500 Explorer.EXE 2932 NetLimiter.exe 820 ccApp.exe 3116 VPTray.exe 3092 ctfmon.exe 336 uTorrent.exe 2736 G6FTPSrv.exe 476 drwtsn32.exe *----> Module List <----* 0000000000400000 - 00000000004d2000: C:\Program Files\NetLimiter\NetLimiter.exe 0000000010000000 - 000000001000d000: C:\WINDOWS\system32\nl_msgs.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 0000000067510000 - 00000000676b5000: C:\Program Files\NetLimiter\SPORDER.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV 0000000074b40000 - 0000000074b63000: C:\WINDOWS\system32\oledlg.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\SHFOLDER.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076b80000 - 0000000076bae000: C:\WINDOWS\system32\credui.dll 0000000076cd0000 - 0000000076ce9000: C:\WINDOWS\system32\MPRAPI.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076dc0000 - 0000000076de8000: C:\WINDOWS\system32\adsldpc.dll 0000000076df0000 - 0000000076e24000: C:\WINDOWS\system32\ACTIVEDS.dll 0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll *----> State Dump for Thread Id 0x954 <----* eax=0111fa18 ebx=7c81a306 ecx=0110c9f0 edx=00d04838 esi=01065368 edi=0110c9f0 eip=00000000 esp=0012fbd4 ebp=00d04850 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> No prior disassembly possible : 00000000 ?? ??? 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? FAULT ->: *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\NetLimiter.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\NetLimiter\NetLimiter.exe 00000000 ?? ??? Error 0x00000001 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? 00000010 ?? ??? 00000012 ?? ??? 00000014 ?? ??? *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - ChildEBP RetAddr Args to Child 0012fbd0 0041d76c 0012fbe8 01065368 00d04780 0x0 WARNING: Stack unwind information not available. Following frames may be wrong. 00d04850 ffffffff 00000000 00000000 0000020c NetLimiter+0x1d76c 001430e0 00d04850 00143110 001430c0 00000000 0xffffffff 00000000 00000000 00000000 00000000 00000000 0xd04850 *----> Raw Stack Dump <----* 000000000012fbd4 6c d7 41 00 e8 fb 12 00 - 68 53 06 01 80 47 d0 00 l.A.....hS...G.. 000000000012fbe4 55 f3 41 00 00 00 06 01 - 80 47 d0 00 68 53 06 01 U.A......G..hS.. 000000000012fbf4 60 a3 81 7c 1a f8 41 00 - 68 53 06 01 80 47 d0 00 `..|..A.hS...G.. 000000000012fc04 00 00 00 00 a0 fc 12 00 - 40 f8 41 00 45 f8 41 00 [email protected]. 000000000012fc14 19 62 45 00 00 00 00 00 - 00 00 00 00 80 47 d0 00 .bE..........G.. 000000000012fc24 80 47 d0 00 98 7b 17 00 - 50 fc 12 00 a8 74 d0 00 .G...{..P....t.. 000000000012fc34 a8 74 d0 00 85 2b 45 00 - ce c0 00 00 ca 00 00 00 .t...+E......... 000000000012fc44 00 02 00 00 01 00 00 00 - e8 2e 4b 00 00 00 00 00 ..........K..... 000000000012fc54 00 00 00 00 2f 4b 45 00 - 00 f0 fd 7f ca 00 00 00 ..../KE......... 000000000012fc64 00 00 00 00 4c fd 12 00 - 00 00 00 00 90 fc 12 00 ....L........... 000000000012fc74 81 d2 83 7c 08 02 00 00 - 04 00 00 00 e4 2e 4b 00 ...|..........K. 000000000012fc84 c8 2e 4b 00 e4 2e 4b 00 - dc f2 47 00 00 00 00 00 ..K...K...G..... 000000000012fc94 14 fd 12 00 e7 4d 47 00 - ff ff ff ff c0 fc 12 00 .....MG......... 000000000012fca4 85 2b 45 00 64 04 00 00 - 00 00 00 00 78 ff 47 00 .+E.d.......x.G. 000000000012fcb4 bc fc 12 00 64 04 00 00 - 00 00 00 00 20 fd 12 00 ....d....... ... 000000000012fcc4 2f 4b 45 00 64 04 00 00 - 00 00 00 00 00 00 00 00 /KE.d........... 000000000012fcd4 b8 fd 12 00 7e 00 01 00 - 00 00 00 00 00 00 00 00 ....~........... 000000000012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fcf4 00 00 00 00 00 00 00 00 - 1c fd 12 00 eb 5a 47 00 .............ZG. 000000000012fd04 ff ff ff ff 28 fd 12 00 - 98 7b 17 00 d4 fc 12 00 ....(....{...... *----> State Dump for Thread Id 0xda8 <----* eax=00000008 ebx=7c81a360 ecx=00d04ec0 edx=00d06ed8 esi=000000e8 edi=00000000 eip=7c8285ec esp=00fcfed8 ebp=00fcff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00fcff48 77e61c8d 000000e8 ffffffff 00000000 ntdll!KiFastSystemCallRet 00fcff5c 0042ad6d 000000e8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 77e61c7b ff006aec 75ff0c75 0009e808 c25d0000 NetLimiter+0x2ad6d 8b55ff8b 00000000 00000000 00000000 00000000 0xff006aec *----> Raw Stack Dump <----* 0000000000fcfed8 0b 7d 82 7c 1e 1d e6 77 - e8 00 00 00 00 00 00 00 .}.|...w........ 0000000000fcfee8 00 00 00 00 40 55 d0 00 - e8 4c d0 00 60 a3 81 7c [email protected]..`..| 0000000000fcfef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000000fcff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000fcff18 00 00 00 00 66 bc 45 00 - 48 48 04 01 00 c0 fd 7f ....f.E.HH...... 0000000000fcff28 00 00 00 00 2f 4e 47 00 - ec fe fc 00 7b 1c e6 77 ..../NG.....{..w 0000000000fcff38 7c ff fc 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 |...`..wH..w.... 0000000000fcff48 5c ff fc 00 8d 1c e6 77 - e8 00 00 00 ff ff ff ff \......w........ 0000000000fcff58 00 00 00 00 7b 1c e6 77 - 6d ad 42 00 e8 00 00 00 ....{..wm.B..... 0000000000fcff68 ff ff ff ff 00 00 00 00 - 10 6e d0 00 b8 ff fc 00 .........n...... 0000000000fcff78 10 6e d0 00 a8 ff fc 00 - 38 48 47 00 ff ff ff ff .n......8HG..... 0000000000fcff88 64 f2 43 00 e8 4c d0 00 - 00 00 00 00 00 00 00 00 d.C..L.......... 0000000000fcff98 10 6e d0 00 01 00 00 00 - 90 ff fc 00 5e 00 85 80 .n..........^... 0000000000fcffa8 dc ff fc 00 18 e6 43 00 - 28 89 48 00 00 00 00 00 ......C.(.H..... 0000000000fcffb8 ec ff fc 00 29 48 e6 77 - 10 6e d0 00 00 00 00 00 ....)H.w.n...... 0000000000fcffc8 00 00 00 00 10 6e d0 00 - 00 00 00 00 c4 ff fc 00 .....n.......... 0000000000fcffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000000fcffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f5 f1 43 00 ..............C. 0000000000fcfff8 10 6e d0 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .n.............. 0000000000fd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf18 <----* eax=000099fc ebx=00000003 ecx=00000000 edx=00000270 esi=0000010c edi=00000000 eip=7c8285ec esp=012dfec0 ebp=012dff30 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 012dff30 77e61c8d 0000010c 000003e8 00000000 ntdll!KiFastSystemCallRet 012dff44 0040786c 0000010c 000003e8 00000000 kernel32!WaitForSingleObject+0x12 012dff84 0043f264 004abd50 00000000 00000000 NetLimiter+0x786c 012dffb8 77e64829 00d0fb88 00000000 00000000 NetLimiter+0x3f264 012dffec 00000000 0043f1f5 00d0fb88 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000012dfec0 0b 7d 82 7c 1e 1d e6 77 - 0c 01 00 00 00 00 00 00 .}.|...w........ 00000000012dfed0 04 ff 2d 01 1c 00 00 00 - 50 bd 4a 00 03 00 00 00 ..-.....P.J..... 00000000012dfee0 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000012dfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000012dff00 00 00 00 00 80 69 67 ff - ff ff ff ff 00 c0 fd 7f .....ig......... 00000000012dff10 04 ff 2d 01 54 06 00 00 - d4 fe 2d 01 50 01 00 00 ..-.T.....-.P... 00000000012dff20 74 ff 2d 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 t.-.`..wH..w.... 00000000012dff30 44 ff 2d 01 8d 1c e6 77 - 0c 01 00 00 e8 03 00 00 D.-....w........ 00000000012dff40 00 00 00 00 84 ff 2d 01 - 6c 78 40 00 0c 01 00 00 ......-.lx@..... 00000000012dff50 e8 03 00 00 00 00 00 00 - 88 fb d0 00 88 fb d0 00 ................ 00000000012dff60 50 bd 4a 00 03 00 00 00 - 1c 00 00 00 00 00 00 00 P.J............. 00000000012dff70 a8 ff 2d 01 a8 ff 2d 01 - 18 e6 43 00 58 a3 47 00 ..-...-...C.X.G. 00000000012dff80 ff ff ff ff b8 ff 2d 01 - 64 f2 43 00 50 bd 4a 00 ......-.d.C.P.J. 00000000012dff90 00 00 00 00 00 00 00 00 - 88 fb d0 00 01 00 00 00 ................ 00000000012dffa0 90 ff 2d 01 5e 00 85 80 - dc ff 2d 01 18 e6 43 00 ..-.^.....-...C. 00000000012dffb0 28 89 48 00 00 00 00 00 - ec ff 2d 01 29 48 e6 77 (.H.......-.)H.w 00000000012dffc0 88 fb d0 00 00 00 00 00 - 00 00 00 00 88 fb d0 00 ................ 00000000012dffd0 00 00 00 00 c4 ff 2d 01 - 5d 06 85 80 ff ff ff ff ......-.]....... 00000000012dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000012dfff0 00 00 00 00 f5 f1 43 00 - 88 fb d0 00 00 00 00 00 ......C......... *----> State Dump for Thread Id 0x1f4 <----* eax=0043f1f5 ebx=77e424de ecx=00000000 edx=00000000 esi=004abc34 edi=00000000 eip=7c8285ec esp=013dff20 ebp=013dff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 013dff4c 0043028e 00000170 013dff84 013dff78 ntdll!KiFastSystemCallRet 77e5bedd 10ec83ec 0c758b56 7589f685 8337740c NetLimiter+0x3028e 8b55ff8b 00000000 00000000 00000000 00000000 0x10ec83ec *----> Raw Stack Dump <----* 00000000013dff20 db 77 82 7c a2 be e5 77 - 70 01 00 00 78 ff 3d 01 .w.|...wp...x.=. 00000000013dff30 64 ff 3d 01 44 ff 3d 01 - 00 00 00 00 00 00 00 00 d.=.D.=......... 00000000013dff40 f8 b7 83 88 30 25 a8 80 - 12 55 e6 77 dd be e5 77 ....0%...U.w...w 00000000013dff50 8e 02 43 00 70 01 00 00 - 84 ff 3d 01 78 ff 3d 01 ..C.p.....=.x.=. 00000000013dff60 80 ff 3d 01 ff ff ff ff - 00 00 00 00 68 cf 04 01 ..=.........h... 00000000013dff70 b8 ff 3d 01 68 cf 04 01 - 18 55 e6 77 ff ff ff ff ..=.h....U.w.... 00000000013dff80 12 55 e6 77 23 f2 43 00 - 64 f2 43 00 34 bc 4a 00 .U.w#.C.d.C.4.J. 00000000013dff90 00 00 00 00 00 00 00 00 - 68 cf 04 01 01 00 00 00 ........h....... 00000000013dffa0 90 ff 3d 01 5e 00 85 80 - dc ff 3d 01 18 e6 43 00 ..=.^.....=...C. 00000000013dffb0 28 89 48 00 00 00 00 00 - ec ff 3d 01 29 48 e6 77 (.H.......=.)H.w 00000000013dffc0 68 cf 04 01 00 00 00 00 - 00 00 00 00 68 cf 04 01 h...........h... 00000000013dffd0 00 00 00 00 c4 ff 3d 01 - 5d 06 85 80 ff ff ff ff ......=.]....... 00000000013dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000013dfff0 00 00 00 00 f5 f1 43 00 - 68 cf 04 01 00 00 00 00 ......C.h....... 00000000013e0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xdcc <----* eax=00000000 ebx=003f3248 ecx=00169088 edx=00168fe0 esi=000000c8 edi=00000000 eip=7c8285ec esp=0154fec8 ebp=0154ff38 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgs.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgs.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0154ff38 77e61c8d 000000c8 ffffffff 00000000 ntdll!KiFastSystemCallRet 0154ff4c 77cb07d6 000000c8 ffffffff 00168fe0 kernel32!WaitForSingleObject+0x12 0154ff60 77ca6ce9 ffffffff 003f3220 003f3248 RPCRT4!RpcMgmtSetAuthorizationFn+0x27a5 0154ff78 1000124c 00000000 003f32e0 10001b1e RPCRT4!I_RpcServerCheckClientRestriction+0x3a4 0154ffb8 77e64829 003f3248 00000000 00000000 nl_msgs!CreateNLMsgServer+0x15c 0154ffec 00000000 10001aaf 003f3248 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000154fec8 0b 7d 82 7c 1e 1d e6 77 - c8 00 00 00 00 00 00 00 .}.|...w........ 000000000154fed8 00 00 00 00 00 00 00 00 - 88 90 16 00 48 32 3f 00 ............H2?. 000000000154fee8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000154fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff08 00 00 00 00 24 ff 54 01 - b3 41 c7 77 00 c0 fd 7f ....$.T..A.w.... 000000000154ff18 00 00 00 00 e0 8f 16 00 - dc fe 54 01 d0 7d 18 00 ..........T..}.. 000000000154ff28 a8 ff 54 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..T.`..wH..w.... 000000000154ff38 4c ff 54 01 8d 1c e6 77 - c8 00 00 00 ff ff ff ff L.T....w........ 000000000154ff48 00 00 00 00 60 ff 54 01 - d6 07 cb 77 c8 00 00 00 ....`.T....w.... 000000000154ff58 ff ff ff ff e0 8f 16 00 - 78 ff 54 01 e9 6c ca 77 ........x.T..l.w 000000000154ff68 ff ff ff ff 20 32 3f 00 - 48 32 3f 00 e0 8f 16 00 .... 2?.H2?..... 000000000154ff78 b8 ff 54 01 4c 12 00 10 - 00 00 00 00 e0 32 3f 00 ..T.L........2?. 000000000154ff88 1e 1b 00 10 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff98 48 32 3f 00 01 00 00 00 - 90 ff 54 01 5e 00 85 80 H2?.......T.^... 000000000154ffa8 dc ff 54 01 6c 20 00 10 - e0 83 00 10 00 00 00 00 ..T.l .......... 000000000154ffb8 ec ff 54 01 29 48 e6 77 - 48 32 3f 00 00 00 00 00 ..T.)H.wH2?..... 000000000154ffc8 00 00 00 00 48 32 3f 00 - 00 00 00 00 c4 ff 54 01 ....H2?.......T. 000000000154ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000154ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 af 1a 00 10 ................ 000000000154fff8 48 32 3f 00 00 00 00 00 - da da 01 00 00 00 05 00 H2?............. *----> State Dump for Thread Id 0xc0c <----* eax=00000000 ebx=0018cb08 ecx=010447d0 edx=01380002 esi=001966e8 edi=00000000 eip=7c8285ec esp=0165fe1c ebp=0165ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0165ff84 77c88792 0165ffac 77c8872d 001966e8 ntdll!KiFastSystemCallRet 0165ff8c 77c8872d 001966e8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0165ffac 77c7b110 00168fe0 0165ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0165ffb8 77e64829 00194f38 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0165ffec 00000000 77c7b0f5 00194f38 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000165fe1c 3b 78 82 7c ac 85 c8 77 - 84 01 00 00 74 ff 65 01 ;x.|...w....t.e. 000000000165fe2c 38 fe 65 01 08 cb 18 00 - 54 ff 65 01 58 00 70 00 8.e.....T.e.X.p. 000000000165fe3c 00 00 00 00 50 01 00 00 - b8 0e 00 00 5f 89 1c 02 ....P......._... 000000000165fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000165fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fe6c 00 00 00 00 34 00 00 00 - 50 01 00 00 b8 0e 00 00 ....4...P....... 000000000165fe7c e8 07 00 00 da 24 b2 71 - 44 ee 64 01 90 37 07 01 .....$.qD.d..7.. 000000000165fe8c c8 72 47 00 08 9c 6c dd - 36 83 c9 01 b4 05 00 00 .rG...l.6....... 000000000165fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fecc 00 00 00 00 20 f1 df ff - 00 00 00 00 00 f1 df ff .... ........... 000000000165fedc 00 00 00 00 00 00 00 00 - 00 f1 df ff 00 00 00 00 ................ 000000000165feec e4 bb 01 b7 56 44 a8 80 - 20 f1 df ff 00 00 00 00 ....VD.. ....... 000000000165fefc 00 bc 01 b7 0c d6 83 80 - 01 00 00 00 7c fa df ff ............|... 000000000165ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 bc 01 b7 ................ 000000000165ff1c 5c e5 83 80 00 00 00 00 - a0 c7 7d 89 48 c8 7d 89 \.........}.H.}. 000000000165ff2c 80 93 8b 80 84 ff 65 01 - a6 84 c8 77 4c ff 65 01 ......e....wL.e. 000000000165ff3c b6 84 c8 77 ab a3 81 7c - c8 6a 19 00 38 4f 19 00 ...w...|.j..8O.. 000000000165ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xd44 <----* eax=0000059e ebx=7c81a360 ecx=00000000 edx=00000001 esi=000001c8 edi=00000000 eip=7c8285ec esp=0175fed4 ebp=0175ff44 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0175ff44 77e61c8d 000001c8 00002710 00000000 ntdll!KiFastSystemCallRet 0175ff58 00414ddf 000001c8 00002710 0175ffb8 kernel32!WaitForSingleObject+0x12 7c81a3ab 7d8b57ec 084fff08 56532175 000c47c7 NetLimiter+0x14ddf 8b55ff8b 00000000 00000000 00000000 00000000 0x7d8b57ec *----> Raw Stack Dump <----* 000000000175fed4 0b 7d 82 7c 1e 1d e6 77 - c8 01 00 00 00 00 00 00 .}.|...w........ 000000000175fee4 18 ff 75 01 00 00 00 00 - 94 bc 4a 00 60 a3 81 7c ..u.......J.`..| 000000000175fef4 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000175ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000175ff14 00 00 00 00 00 1f 0a fa - ff ff ff ff 00 c0 fd 7f ................ 000000000175ff24 18 ff 75 01 3f 83 c9 01 - e8 fe 75 01 52 4c 41 00 ..u.?.....u.RLA. 000000000175ff34 a8 ff 75 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..u.`..wH..w.... 000000000175ff44 58 ff 75 01 8d 1c e6 77 - c8 01 00 00 10 27 00 00 X.u....w.....'.. 000000000175ff54 00 00 00 00 ab a3 81 7c - df 4d 41 00 c8 01 00 00 .......|.MA..... 000000000175ff64 10 27 00 00 b8 ff 75 01 - 40 02 05 01 00 00 00 00 .'....u.@....... 000000000175ff74 40 02 05 01 d9 07 01 00 - 06 00 1f 00 00 00 00 00 @............... 000000000175ff84 01 00 9f 02 64 f2 43 00 - 94 bc 4a 00 00 00 00 00 ....d.C...J..... 000000000175ff94 00 00 00 00 40 02 05 01 - 01 00 00 00 90 ff 75 01 [email protected]. 000000000175ffa4 5e 00 85 80 dc ff 75 01 - 18 e6 43 00 28 89 48 00 ^.....u...C.(.H. 000000000175ffb4 00 00 00 00 ec ff 75 01 - 29 48 e6 77 40 02 05 01 ......u.)H.w@... 000000000175ffc4 00 00 00 00 00 00 00 00 - 40 02 05 01 00 00 00 00 ........@....... 000000000175ffd4 c4 ff 75 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..u.].......`..w 000000000175ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000175fff4 f5 f1 43 00 40 02 05 01 - 00 00 00 00 00 00 00 00 ..C.@........... 0000000001760004 00 00 01 00 00 10 00 00 - 00 00 00 00 60 01 76 01 ............`.v. *----> State Dump for Thread Id 0x87c <----* eax=00000000 ebx=00195620 ecx=010447d0 edx=01380002 esi=001966e8 edi=00000000 eip=7c8285ec esp=019efe1c ebp=019eff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 019eff84 77c88792 019effac 77c8872d 001966e8 ntdll!KiFastSystemCallRet 019eff8c 77c8872d 001966e8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 019effac 77c7b110 00168fe0 019effec 77e64829 RPCRT4!I_RpcFree+0xb6b 019effb8 77e64829 00192080 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 019effec 00000000 77c7b0f5 00192080 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000019efe1c 3b 78 82 7c ac 85 c8 77 - 84 01 00 00 74 ff 9e 01 ;x.|...w....t... 00000000019efe2c 38 fe 9e 01 20 56 19 00 - 54 ff 9e 01 58 00 70 00 8... V..T...X.p. 00000000019efe3c 00 00 00 00 50 01 00 00 - b8 0e 00 00 67 89 1c 02 ....P.......g... 00000000019efe4c 00 00 00 00 02 00 eb 00 - 01 00 53 80 50 89 03 00 ..........S.P... 00000000019efe5c eb 00 00 00 53 80 67 89 - 03 00 eb 00 00 00 53 80 ....S.g.......S. 00000000019efe6c 76 89 03 00 34 00 00 00 - 50 01 00 00 b8 0e 00 00 v...4...P....... 00000000019efe7c 98 08 00 00 da 24 b2 71 - 44 ee 64 01 e8 45 07 01 .....$.qD.d..E.. 00000000019efe8c c8 72 47 00 08 9c 6c dd - 36 83 c9 01 a0 05 00 00 .rG...l.6....... 00000000019efe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 ee 89 03 00 ................ 00000000019efeac 4c 89 02 00 01 00 06 8a - 03 00 51 89 02 00 01 00 L.........Q..... 00000000019efebc 1e 8a 03 00 56 89 02 00 - 01 00 2c 8a 03 00 4c 89 ....V.....,...L. 00000000019efecc 02 00 01 00 20 f1 df ff - 00 00 00 00 00 f1 df ff .... ........... 00000000019efedc 03 00 5b 89 00 00 00 00 - 00 f1 df ff 00 00 00 00 ..[............. 00000000019efeec e4 5b 95 b4 56 44 a8 80 - 20 f1 df ff 00 00 00 00 .[..VD.. ....... 00000000019efefc 00 5c 95 b4 0c d6 83 80 - 01 00 00 00 7c fa df ff .\..........|... 00000000019eff0c a2 8a 03 00 6a 89 02 00 - 00 00 ae 8a 18 5c 95 b4 ....j........\.. 00000000019eff1c 5c e5 83 80 00 00 00 00 - 40 24 6e 88 e8 24 6e 88 \.......@$n..$n. 00000000019eff2c 80 93 8b 80 84 ff 9e 01 - a6 84 c8 77 4c ff 9e 01 ...........wL... 00000000019eff3c b6 84 c8 77 ab a3 81 7c - f0 f3 18 00 80 20 19 00 ...w...|..... .. 00000000019eff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... Application exception occurred: App: C:\Program Files\NetLimiter\NetLimiter.exe (pid=2944) When: 31.01.2009 @ 02:40:46.281 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 312 smss.exe 360 csrss.exe 384 winlogon.exe 432 services.exe 444 lsass.exe 636 svchost.exe 704 svchost.exe 772 svchost.exe 788 svchost.exe 832 svchost.exe 888 ccSetMgr.exe 920 ccEvtMgr.exe 1028 SPBBCSvc.exe 1252 msdtc.exe 1348 DefWatch.exe 1376 svchost.exe 1412 svchost.exe 1492 Rtvscan.exe 1608 tssdis.exe 1768 svchost.exe 2348 wmiprvse.exe 2552 csrss.exe 2580 winlogon.exe 2780 rdpclip.exe 2876 Explorer.EXE 2944 NetLimiter.exe 2956 ccApp.exe 3000 VPTray.exe 3016 ctfmon.exe 3052 uTorrent.exe 3124 G6FTPSrv.exe 3220 svchost.exe 3812 logon.scr 1724 spoolsv.exe 3364 NRPG-RatioMaster.exe 2332 csrss.exe 1476 winlogon.exe 2308 rdpclip.exe 2500 Explorer.EXE 820 ccApp.exe 3116 VPTray.exe 3092 ctfmon.exe 336 uTorrent.exe 2736 G6FTPSrv.exe 3600 df.exe 3956 drwtsn32.exe *----> Module List <----* 0000000000400000 - 00000000004d2000: C:\Program Files\NetLimiter\NetLimiter.exe 0000000010000000 - 000000001000d000: C:\WINDOWS\system32\nl_msgs.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 0000000067510000 - 00000000676b5000: C:\Program Files\NetLimiter\SPORDER.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV 0000000074b40000 - 0000000074b63000: C:\WINDOWS\system32\oledlg.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\SHFOLDER.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076b80000 - 0000000076bae000: C:\WINDOWS\system32\credui.dll 0000000076cd0000 - 0000000076ce9000: C:\WINDOWS\system32\MPRAPI.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076dc0000 - 0000000076de8000: C:\WINDOWS\system32\adsldpc.dll 0000000076df0000 - 0000000076e24000: C:\WINDOWS\system32\ACTIVEDS.dll 0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll *----> State Dump for Thread Id 0xb84 <----* eax=01a38008 ebx=7c81a306 ecx=01db1880 edx=00d04830 esi=01a8ae98 edi=01db1880 eip=00000000 esp=0012fbd4 ebp=00d04848 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> No prior disassembly possible : 00000000 ?? ??? 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? FAULT ->: *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\NetLimiter.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\NetLimiter\NetLimiter.exe 00000000 ?? ??? Error 0x00000001 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? 00000010 ?? ??? 00000012 ?? ??? 00000014 ?? ??? *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - ChildEBP RetAddr Args to Child 0012fbd0 0041d76c 0012fbe8 01a8ae98 00d04778 0x0 WARNING: Stack unwind information not available. Following frames may be wrong. 00d04848 ffffffff 00000000 00000000 000001cc NetLimiter+0x1d76c 001430e0 00d04848 00143138 001430c0 00000000 0xffffffff 00000000 00000000 00000000 00000000 00000000 0xd04848 *----> Raw Stack Dump <----* 000000000012fbd4 6c d7 41 00 e8 fb 12 00 - 98 ae a8 01 78 47 d0 00 l.A.........xG.. 000000000012fbe4 55 f3 41 00 00 00 a8 01 - 78 47 d0 00 98 ae a8 01 U.A.....xG...... 000000000012fbf4 60 a3 81 7c 1a f8 41 00 - 98 ae a8 01 78 47 d0 00 `..|..A.....xG.. 000000000012fc04 00 00 00 00 a0 fc 12 00 - 40 f8 41 00 45 f8 41 00 [email protected]. 000000000012fc14 19 62 45 00 00 00 00 00 - 00 00 00 00 78 47 d0 00 .bE.........xG.. 000000000012fc24 78 47 d0 00 98 7b 17 00 - 50 fc 12 00 a0 74 d0 00 xG...{..P....t.. 000000000012fc34 0b 7d 82 7c 36 d2 83 7c - f4 01 00 00 00 00 00 00 .}.|6..|........ 000000000012fc44 00 00 00 00 01 00 00 00 - e8 2e 4b 00 00 00 00 00 ..........K..... 000000000012fc54 00 00 00 00 00 00 00 00 - 00 f0 fd 7f 00 00 00 00 ................ 000000000012fc64 00 00 00 00 cb 79 82 7c - 08 d3 83 7c f4 01 00 00 .....y.|...|.... 000000000012fc74 e8 2e 4b 00 90 fc 12 00 - dc d2 83 7c e4 2e 4b 00 ..K........|..K. 000000000012fc84 c8 2e 4b 00 e4 2e 4b 00 - dc f2 47 00 00 00 00 00 ..K...K...G..... 000000000012fc94 14 fd 12 00 e7 4d 47 00 - ff ff ff ff c0 fc 12 00 .....MG......... 000000000012fca4 85 2b 45 00 64 04 00 00 - 00 00 00 00 78 ff 47 00 .+E.d.......x.G. 000000000012fcb4 bc fc 12 00 64 04 00 00 - 00 00 00 00 20 fd 12 00 ....d....... ... 000000000012fcc4 2f 4b 45 00 64 04 00 00 - 00 00 00 00 00 00 00 00 /KE.d........... 000000000012fcd4 b8 fd 12 00 7c 00 01 00 - 00 00 00 00 00 00 00 00 ....|........... 000000000012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fcf4 00 00 00 00 00 00 00 00 - 1c fd 12 00 eb 5a 47 00 .............ZG. 000000000012fd04 ff ff ff ff 28 fd 12 00 - 98 7b 17 00 d4 fc 12 00 ....(....{...... *----> State Dump for Thread Id 0xbc4 <----* eax=00000000 ebx=7c81a360 ecx=00000000 edx=0048365c esi=000000c4 edi=00000000 eip=7c8285ec esp=00f7fed8 ebp=00f7ff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00f7ff48 77e61c8d 000000c4 ffffffff 00000000 ntdll!KiFastSystemCallRet 00f7ff5c 0042ad6d 000000c4 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 77e61c7b ff006aec 75ff0c75 0009e808 c25d0000 NetLimiter+0x2ad6d 8b55ff8b 00000000 00000000 00000000 00000000 0xff006aec *----> Raw Stack Dump <----* 0000000000f7fed8 0b 7d 82 7c 1e 1d e6 77 - c4 00 00 00 00 00 00 00 .}.|...w........ 0000000000f7fee8 00 00 00 00 38 55 d0 00 - e0 4c d0 00 60 a3 81 7c ....8U...L..`..| 0000000000f7fef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000000f7ff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000f7ff18 00 00 00 00 66 bc 45 00 - 38 87 fd 00 00 60 fd 7f ....f.E.8....`.. 0000000000f7ff28 00 00 00 00 2f 4e 47 00 - ec fe f7 00 7b 1c e6 77 ..../NG.....{..w 0000000000f7ff38 7c ff f7 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 |...`..wH..w.... 0000000000f7ff48 5c ff f7 00 8d 1c e6 77 - c4 00 00 00 ff ff ff ff \......w........ 0000000000f7ff58 00 00 00 00 7b 1c e6 77 - 6d ad 42 00 c4 00 00 00 ....{..wm.B..... 0000000000f7ff68 ff ff ff ff 00 00 00 00 - 08 6e d0 00 b8 ff f7 00 .........n...... 0000000000f7ff78 08 6e d0 00 a8 ff f7 00 - 38 48 47 00 ff ff ff ff .n......8HG..... 0000000000f7ff88 64 f2 43 00 e0 4c d0 00 - 00 00 00 00 00 00 00 00 d.C..L.......... 0000000000f7ff98 08 6e d0 00 01 00 00 00 - 90 ff f7 00 5e 00 85 80 .n..........^... 0000000000f7ffa8 dc ff f7 00 18 e6 43 00 - 28 89 48 00 00 00 00 00 ......C.(.H..... 0000000000f7ffb8 ec ff f7 00 29 48 e6 77 - 08 6e d0 00 00 00 00 00 ....)H.w.n...... 0000000000f7ffc8 00 00 00 00 08 6e d0 00 - 00 00 00 00 c4 ff f7 00 .....n.......... 0000000000f7ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000000f7ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f5 f1 43 00 ..............C. 0000000000f7fff8 08 6e d0 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .n.............. 0000000000f80008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xbd0 <----* eax=01b264a4 ebx=00000007 ecx=01a73400 edx=00000000 esi=000000d4 edi=00000000 eip=7c8285ec esp=011cfec0 ebp=011cff30 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 011cff30 77e61c8d 000000d4 000003e8 00000000 ntdll!KiFastSystemCallRet 011cff44 0040786c 000000d4 000003e8 00000000 kernel32!WaitForSingleObject+0x12 011cff84 0043f264 004abd50 00000000 00000000 NetLimiter+0x786c 011cffb8 77e64829 00fd71c0 00000000 00000000 NetLimiter+0x3f264 011cffec 00000000 0043f1f5 00fd71c0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000011cfec0 0b 7d 82 7c 1e 1d e6 77 - d4 00 00 00 00 00 00 00 .}.|...w........ 00000000011cfed0 04 ff 1c 01 0c 00 00 00 - 50 bd 4a 00 07 00 00 00 ........P.J..... 00000000011cfee0 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000011cfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000011cff00 00 00 00 00 80 69 67 ff - ff ff ff ff 00 60 fd 7f .....ig......`.. 00000000011cff10 04 ff 1c 01 34 04 00 00 - d4 fe 1c 01 34 0c 00 00 ....4.......4... 00000000011cff20 74 ff 1c 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 t...`..wH..w.... 00000000011cff30 44 ff 1c 01 8d 1c e6 77 - d4 00 00 00 e8 03 00 00 D......w........ 00000000011cff40 00 00 00 00 84 ff 1c 01 - 6c 78 40 00 d4 00 00 00 ........lx@..... 00000000011cff50 e8 03 00 00 00 00 00 00 - c0 71 fd 00 c0 71 fd 00 .........q...q.. 00000000011cff60 50 bd 4a 00 07 00 00 00 - 0c 00 00 00 00 00 04 00 P.J............. 00000000011cff70 a8 ff 1c 01 a8 ff 1c 01 - 18 e6 43 00 58 a3 47 00 ..........C.X.G. 00000000011cff80 ff ff ff ff b8 ff 1c 01 - 64 f2 43 00 50 bd 4a 00 ........d.C.P.J. 00000000011cff90 00 00 00 00 00 00 00 00 - c0 71 fd 00 01 00 00 00 .........q...... 00000000011cffa0 90 ff 1c 01 5e 00 85 80 - dc ff 1c 01 18 e6 43 00 ....^.........C. 00000000011cffb0 28 89 48 00 00 00 00 00 - ec ff 1c 01 29 48 e6 77 (.H.........)H.w 00000000011cffc0 c0 71 fd 00 00 00 00 00 - 00 00 00 00 c0 71 fd 00 .q...........q.. 00000000011cffd0 00 00 00 00 c4 ff 1c 01 - 5d 06 85 80 ff ff ff ff ........]....... 00000000011cffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000011cfff0 00 00 00 00 f5 f1 43 00 - c0 71 fd 00 00 00 00 00 ......C..q...... *----> State Dump for Thread Id 0xbd8 <----* eax=0043f1f5 ebx=77e424de ecx=00000000 edx=00000000 esi=004abc34 edi=00000000 eip=7c8285ec esp=0135ff20 ebp=0135ff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0135ff4c 0043028e 00000160 0135ff84 0135ff78 ntdll!KiFastSystemCallRet 77e5bedd 10ec83ec 0c758b56 7589f685 8337740c NetLimiter+0x3028e 8b55ff8b 00000000 00000000 00000000 00000000 0x10ec83ec *----> Raw Stack Dump <----* 000000000135ff20 db 77 82 7c a2 be e5 77 - 60 01 00 00 78 ff 35 01 .w.|...w`...x.5. 000000000135ff30 64 ff 35 01 44 ff 35 01 - 00 00 00 00 00 00 00 00 d.5.D.5......... 000000000135ff40 e0 2b 05 89 30 25 a8 80 - 12 55 e6 77 dd be e5 77 .+..0%...U.w...w 000000000135ff50 8e 02 43 00 60 01 00 00 - 84 ff 35 01 78 ff 35 01 ..C.`.....5.x.5. 000000000135ff60 80 ff 35 01 ff ff ff ff - 00 00 00 00 b8 84 fd 00 ..5............. 000000000135ff70 b8 ff 35 01 b8 84 fd 00 - 18 55 e6 77 ff ff ff ff ..5......U.w.... 000000000135ff80 12 55 e6 77 23 f2 43 00 - 64 f2 43 00 34 bc 4a 00 .U.w#.C.d.C.4.J. 000000000135ff90 00 00 00 00 00 00 00 00 - b8 84 fd 00 01 00 00 00 ................ 000000000135ffa0 90 ff 35 01 5e 00 85 80 - dc ff 35 01 18 e6 43 00 ..5.^.....5...C. 000000000135ffb0 28 89 48 00 00 00 00 00 - ec ff 35 01 29 48 e6 77 (.H.......5.)H.w 000000000135ffc0 b8 84 fd 00 00 00 00 00 - 00 00 00 00 b8 84 fd 00 ................ 000000000135ffd0 00 00 00 00 c4 ff 35 01 - 5d 06 85 80 ff ff ff ff ......5.]....... 000000000135ffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 000000000135fff0 00 00 00 00 f5 f1 43 00 - b8 84 fd 00 00 00 00 00 ......C......... 0000000001360000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001360010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001360020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001360030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001360040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001360050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xc4c <----* eax=00000000 ebx=003f3240 ecx=00169088 edx=00168fe0 esi=000000e0 edi=00000000 eip=7c8285ec esp=0157fec8 ebp=0157ff38 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgs.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgs.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0157ff38 77e61c8d 000000e0 ffffffff 00000000 ntdll!KiFastSystemCallRet 0157ff4c 77cb07d6 000000e0 ffffffff 00168fe0 kernel32!WaitForSingleObject+0x12 0157ff60 77ca6ce9 ffffffff 003f3218 003f3240 RPCRT4!RpcMgmtSetAuthorizationFn+0x27a5 0157ff78 1000124c 00000000 003f32d8 10001b1e RPCRT4!I_RpcServerCheckClientRestriction+0x3a4 0157ffb8 77e64829 003f3240 00000000 00000000 nl_msgs!CreateNLMsgServer+0x15c 0157ffec 00000000 10001aaf 003f3240 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000157fec8 0b 7d 82 7c 1e 1d e6 77 - e0 00 00 00 00 00 00 00 .}.|...w........ 000000000157fed8 00 00 00 00 00 00 00 00 - 88 90 16 00 40 32 3f 00 ............@2?. 000000000157fee8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000157fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000157ff08 00 00 00 00 24 ff 57 01 - b3 41 c7 77 00 60 fd 7f ....$.W..A.w.`.. 000000000157ff18 00 00 00 00 e0 8f 16 00 - dc fe 57 01 08 66 18 00 ..........W..f.. 000000000157ff28 a8 ff 57 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..W.`..wH..w.... 000000000157ff38 4c ff 57 01 8d 1c e6 77 - e0 00 00 00 ff ff ff ff L.W....w........ 000000000157ff48 00 00 00 00 60 ff 57 01 - d6 07 cb 77 e0 00 00 00 ....`.W....w.... 000000000157ff58 ff ff ff ff e0 8f 16 00 - 78 ff 57 01 e9 6c ca 77 ........x.W..l.w 000000000157ff68 ff ff ff ff 18 32 3f 00 - 40 32 3f 00 e0 8f 16 00 .....2?.@2?..... 000000000157ff78 b8 ff 57 01 4c 12 00 10 - 00 00 00 00 d8 32 3f 00 ..W.L........2?. 000000000157ff88 1e 1b 00 10 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000157ff98 40 32 3f 00 01 00 00 00 - 90 ff 57 01 5e 00 85 80 @2?.......W.^... 000000000157ffa8 dc ff 57 01 6c 20 00 10 - e0 83 00 10 00 00 00 00 ..W.l .......... 000000000157ffb8 ec ff 57 01 29 48 e6 77 - 40 32 3f 00 00 00 00 00 ..W.)H.w@2?..... 000000000157ffc8 00 00 00 00 40 32 3f 00 - 00 00 00 00 c4 ff 57 01 ....@2?.......W. 000000000157ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000157ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 af 1a 00 10 ................ 000000000157fff8 40 32 3f 00 00 00 00 00 - da da 01 00 00 00 08 00 @2?............. *----> State Dump for Thread Id 0xc50 <----* eax=00000000 ebx=0018aea0 ecx=00d0d2e0 edx=00ea002e esi=00143000 edi=00000000 eip=7c8285ec esp=0168fe1c ebp=0168ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0168ff84 77c88792 0168ffac 77c8872d 00143000 ntdll!KiFastSystemCallRet 0168ff8c 77c8872d 00143000 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0168ffac 77c7b110 00168fe0 0168ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0168ffb8 77e64829 00196e30 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0168ffec 00000000 77c7b0f5 00196e30 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000168fe1c 3b 78 82 7c ac 85 c8 77 - 84 01 00 00 74 ff 68 01 ;x.|...w....t.h. 000000000168fe2c 38 fe 68 01 a0 ae 18 00 - 54 ff 68 01 58 00 70 00 8.h.....T.h.X.p. 000000000168fe3c 00 00 00 00 ec 0b 00 00 - 10 0c 00 00 88 77 50 02 .............wP. 000000000168fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000168fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168fe6c 00 00 00 00 34 00 00 00 - ec 0b 00 00 10 0c 00 00 ....4........... 000000000168fe7c ec 06 00 00 da 24 b2 71 - 44 ee 64 01 d8 19 a2 01 .....$.qD.d..... 000000000168fe8c c8 72 47 00 46 e6 e1 ef - 44 83 c9 01 14 00 00 00 .rG.F...D....... 000000000168fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168fecc 00 00 00 00 20 f1 df ff - 00 00 00 00 00 f1 df ff .... ........... 000000000168fedc 00 00 00 00 00 00 00 00 - 00 f1 df ff 00 00 00 00 ................ 000000000168feec e4 9b b4 b4 56 44 a8 80 - 20 f1 df ff 00 00 00 00 ....VD.. ....... 000000000168fefc 00 9c b4 b4 0c d6 83 80 - 01 00 00 00 7c fa df ff ............|... 000000000168ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 9c b4 b4 ................ 000000000168ff1c 5c e5 83 80 00 00 00 00 - 20 a0 cd 88 c8 a0 cd 88 \....... ....... 000000000168ff2c 80 93 8b 80 84 ff 68 01 - a6 84 c8 77 4c ff 68 01 ......h....wL.h. 000000000168ff3c b6 84 c8 77 ab a3 81 7c - a0 65 19 00 30 6e 19 00 ...w...|.e..0n.. 000000000168ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xc54 <----* eax=00000000 ebx=00191b20 ecx=00d0d358 edx=00da002e esi=00143000 edi=00000000 eip=7c8285ec esp=0178fe1c ebp=0178ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0178ff84 77c88792 0178ffac 77c8872d 00143000 ntdll!KiFastSystemCallRet 0178ff8c 77c8872d 00143000 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0178ffac 77c7b110 00168fe0 0178ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0178ffb8 77e64829 00196ed0 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0178ffec 00000000 77c7b0f5 00196ed0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000178fe1c 3b 78 82 7c ac 85 c8 77 - 84 01 00 00 74 ff 78 01 ;x.|...w....t.x. 000000000178fe2c 38 fe 78 01 20 1b 19 00 - 54 ff 78 01 58 00 70 00 8.x. ...T.x.X.p. 000000000178fe3c 00 00 00 00 ec 0b 00 00 - 10 0c 00 00 86 77 50 02 .............wP. 000000000178fe4c 00 00 00 00 02 50 2e e1 - 01 00 00 00 e0 a8 05 89 .....P.......... 000000000178fe5c c0 d4 8a 80 00 00 00 00 - dc d1 50 e1 c0 d4 8a 80 ..........P..... 000000000178fe6c 00 00 00 00 34 00 00 00 - ec 0b 00 00 10 0c 00 00 ....4........... 000000000178fe7c cc 05 00 00 00 00 00 00 - 49 26 b2 71 8c ec 64 01 ........I&.q..d. 000000000178fe8c 58 16 a2 01 ec 83 df ef - 44 83 c9 01 00 18 00 00 X.......D....... 000000000178fe9c 01 00 00 00 00 18 00 00 - 49 04 00 00 00 20 50 c0 ........I.... P. 000000000178feac 00 00 00 00 70 2f 80 89 - 98 26 50 c0 4a 01 00 00 ....p/...&P.J... 000000000178febc 98 26 50 c0 d0 1b b5 b4 - 6b 27 84 80 d8 1b b5 b4 .&P.....k'...... 000000000178fecc 01 80 c0 77 20 f1 df ff - 00 00 00 00 00 f1 df ff ...w ........... 000000000178fedc 78 04 bc 81 00 00 00 00 - 00 f1 df ff 00 00 00 00 x............... 000000000178feec e4 1b b5 b4 56 44 a8 80 - 20 f1 df ff 00 00 00 00 ....VD.. ....... 000000000178fefc 00 1c b5 b4 0c d6 83 80 - 01 00 00 00 7c fa df ff ............|... 000000000178ff0c 20 f0 1d c0 78 04 bc 81 - 00 00 00 00 18 1c b5 b4 ...x........... 000000000178ff1c 5c e5 83 80 00 00 00 00 - 50 d4 04 89 f8 d4 04 89 \.......P....... 000000000178ff2c 80 93 8b 80 84 ff 78 01 - a6 84 c8 77 4c ff 78 01 ......x....wL.x. 000000000178ff3c b6 84 c8 77 ab a3 81 7c - 20 a5 18 00 d0 6e 19 00 ...w...| ....n.. 000000000178ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xc58 <----* eax=00000001 ebx=7c81a360 ecx=0000003c edx=00000019 esi=000001d0 edi=00000000 eip=7c8285ec esp=0188fed4 ebp=0188ff44 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0188ff44 77e61c8d 000001d0 00002710 00000000 ntdll!KiFastSystemCallRet 0188ff58 00414ddf 000001d0 00002710 0188ffb8 kernel32!WaitForSingleObject+0x12 7c81a3ab 7d8b57ec 084fff08 56532175 000c47c7 NetLimiter+0x14ddf 8b55ff8b 00000000 00000000 00000000 00000000 0x7d8b57ec *----> Raw Stack Dump <----* 000000000188fed4 0b 7d 82 7c 1e 1d e6 77 - d0 01 00 00 00 00 00 00 .}.|...w........ 000000000188fee4 18 ff 88 01 28 00 00 00 - 94 bc 4a 00 60 a3 81 7c ....(.....J.`..| 000000000188fef4 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000188ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000188ff14 00 00 00 00 00 1f 0a fa - ff ff ff ff 00 60 fd 7f .............`.. 000000000188ff24 18 ff 88 01 94 bc 4a 00 - e8 fe 88 01 34 2e 5c 00 ......J.....4.\. 000000000188ff34 a8 ff 88 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 000000000188ff44 58 ff 88 01 8d 1c e6 77 - d0 01 00 00 10 27 00 00 X......w.....'.. 000000000188ff54 00 00 00 00 ab a3 81 7c - df 4d 41 00 d0 01 00 00 .......|.MA..... 000000000188ff64 10 27 00 00 b8 ff 88 01 - b0 a2 fd 00 00 00 00 00 .'.............. 000000000188ff74 b0 a2 fd 00 d9 07 01 00 - 06 00 1f 00 01 00 28 00 ..............(. 000000000188ff84 29 00 8c 00 64 f2 43 00 - 94 bc 4a 00 00 00 00 00 )...d.C...J..... 000000000188ff94 00 00 00 00 b0 a2 fd 00 - 01 00 00 00 90 ff 88 01 ................ 000000000188ffa4 5e 00 85 80 dc ff 88 01 - 18 e6 43 00 28 89 48 00 ^.........C.(.H. 000000000188ffb4 00 00 00 00 ec ff 88 01 - 29 48 e6 77 b0 a2 fd 00 ........)H.w.... 000000000188ffc4 00 00 00 00 00 00 00 00 - b0 a2 fd 00 00 00 00 00 ................ 000000000188ffd4 c4 ff 88 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w 000000000188ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000188fff4 f5 f1 43 00 b0 a2 fd 00 - 00 00 00 00 00 00 00 00 ..C............. 0000000001890004 00 00 01 00 00 10 00 00 - 00 00 00 00 d0 02 89 01 ................ *----> State Dump for Thread Id 0xef4 <----* eax=00000000 ebx=001979d8 ecx=00d0d358 edx=0119002e esi=00143000 edi=00000000 eip=7c8285ec esp=00cefe1c ebp=00ceff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00ceff84 77c88792 00ceffac 77c8872d 00143000 ntdll!KiFastSystemCallRet 00ceff8c 77c8872d 00143000 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 00ceffac 77c7b110 00168fe0 00ceffec 77e64829 RPCRT4!I_RpcFree+0xb6b 00ceffb8 77e64829 0018f430 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 00ceffec 00000000 77c7b0f5 0018f430 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000cefe1c 3b 78 82 7c ac 85 c8 77 - 84 01 00 00 74 ff ce 00 ;x.|...w....t... 0000000000cefe2c 38 fe ce 00 d8 79 19 00 - 54 ff ce 00 58 00 70 00 8....y..T...X.p. 0000000000cefe3c 00 00 00 00 ec 0b 00 00 - 10 0c 00 00 89 77 50 02 .............wP. 0000000000cefe4c 00 00 00 00 02 50 2e e1 - 01 00 00 00 18 ad 83 88 .....P.......... 0000000000cefe5c c0 d4 8a 80 00 00 00 00 - dc d1 50 e1 c0 d4 8a 80 ..........P..... 0000000000cefe6c 00 00 00 00 34 00 00 00 - ec 0b 00 00 10 0c 00 00 ....4........... 0000000000cefe7c d0 03 00 00 00 00 00 00 - 49 26 b2 71 8c ec 64 01 ........I&.q..d. 0000000000cefe8c 30 bc 07 01 54 0d e9 ef - 44 83 c9 01 a1 15 00 00 0...T...D....... 0000000000cefe9c 01 00 00 00 00 18 00 00 - 41 04 00 00 00 20 50 c0 ........A.... P. 0000000000cefeac 00 00 00 00 70 cf 83 88 - 98 26 50 c0 01 60 c0 77 ....p....&P..`.w 0000000000cefebc 98 26 50 c0 d0 4b 22 b5 - 6b 27 84 80 d8 4b 22 b5 .&P..K".k'...K". 0000000000cefecc 24 01 00 00 70 cf 83 88 - 8c 2a 50 c0 00 00 00 00 $...p....*P..... 0000000000cefedc 38 c5 82 88 f4 43 a8 80 - 00 00 00 00 e8 4b 22 b5 8....C.......K". 0000000000cefeec f4 43 a8 80 00 00 00 00 - 00 00 00 00 f0 4b 22 b5 .C...........K". 0000000000cefefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 4c 22 b5 VD...........L". 0000000000ceff0c c7 d5 83 80 c0 c4 82 88 - 68 c5 82 88 48 fa 60 e1 ........h...H.`. 0000000000ceff1c c0 c4 82 88 40 00 00 00 - 68 74 98 ff 68 c5 82 88 [email protected]... 0000000000ceff2c 7c fa df ff 84 ff ce 00 - a6 84 c8 77 4c ff ce 00 |..........wL... 0000000000ceff3c b6 84 c8 77 ab a3 81 7c - e8 4d 19 00 30 f4 18 00 ...w...|.M..0... 0000000000ceff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... Application exception occurred: App: C:\Program Files\NetLimiter\NetLimiter.exe (pid=2248) When: 03.02.2009 @ 18:30:07.187 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 2 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 312 smss.exe 360 csrss.exe 384 winlogon.exe 432 services.exe 444 lsass.exe 636 svchost.exe 704 svchost.exe 772 svchost.exe 788 svchost.exe 832 svchost.exe 888 ccSetMgr.exe 920 ccEvtMgr.exe 1028 SPBBCSvc.exe 1252 msdtc.exe 1348 DefWatch.exe 1376 svchost.exe 1412 svchost.exe 1492 Rtvscan.exe 1608 tssdis.exe 1768 svchost.exe 2348 wmiprvse.exe 3220 svchost.exe 3812 logon.scr 1724 spoolsv.exe 3176 csrss.exe 2596 winlogon.exe 3932 rdpclip.exe 3468 Explorer.EXE 2248 NetLimiter.exe 1856 ccApp.exe 264 VPTray.exe 3884 ctfmon.exe 1280 uTorrent.exe 1532 G6FTPSrv.exe 2588 drwtsn32.exe *----> Module List <----* 0000000000400000 - 00000000004d2000: C:\Program Files\NetLimiter\NetLimiter.exe 0000000010000000 - 000000001000d000: C:\WINDOWS\system32\nl_msgs.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 0000000067510000 - 00000000676b5000: C:\Program Files\NetLimiter\SPORDER.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV 0000000074b40000 - 0000000074b63000: C:\WINDOWS\system32\oledlg.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\SHFOLDER.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076b80000 - 0000000076bae000: C:\WINDOWS\system32\credui.dll 0000000076cd0000 - 0000000076ce9000: C:\WINDOWS\system32\MPRAPI.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076dc0000 - 0000000076de8000: C:\WINDOWS\system32\adsldpc.dll 0000000076df0000 - 0000000076e24000: C:\WINDOWS\system32\ACTIVEDS.dll 0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll *----> State Dump for Thread Id 0x5f8 <----* eax=01ab7008 ebx=7c81a306 ecx=010d8038 edx=00d04840 esi=01a48588 edi=010d8038 eip=00000000 esp=0012fbd4 ebp=00d04858 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> No prior disassembly possible : 00000000 ?? ??? 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? FAULT ->: *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\NetLimiter.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\NetLimiter\NetLimiter.exe 00000000 ?? ??? Error 0x00000001 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? 00000010 ?? ??? 00000012 ?? ??? 00000014 ?? ??? *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - ChildEBP RetAddr Args to Child 0012fbd0 0041d76c 0012fbe8 01a48588 00d04788 0x0 WARNING: Stack unwind information not available. Following frames may be wrong. 00d04858 ffffffff 00000000 00000000 00000208 NetLimiter+0x1d76c 0017be20 00d04858 0017c050 0017bc08 00000000 0xffffffff 00000000 00000000 00000000 00000000 00000000 0xd04858 *----> Raw Stack Dump <----* 000000000012fbd4 6c d7 41 00 e8 fb 12 00 - 88 85 a4 01 88 47 d0 00 l.A..........G.. 000000000012fbe4 55 f3 41 00 00 00 a4 01 - 88 47 d0 00 88 85 a4 01 U.A......G...... 000000000012fbf4 60 a3 81 7c 1a f8 41 00 - 88 85 a4 01 88 47 d0 00 `..|..A......G.. 000000000012fc04 00 00 00 00 a0 fc 12 00 - 40 f8 41 00 45 f8 41 00 [email protected]. 000000000012fc14 19 62 45 00 00 00 00 00 - 00 00 00 00 88 47 d0 00 .bE..........G.. 000000000012fc24 88 47 d0 00 98 7b 17 00 - 24 00 00 00 01 00 00 00 .G...{..$....... 000000000012fc34 0b 7d 82 7c 36 d2 83 7c - 04 02 00 00 00 00 00 00 .}.|6..|........ 000000000012fc44 00 00 00 00 01 00 00 00 - e8 2e 4b 00 00 00 00 00 ..........K..... 000000000012fc54 00 00 00 00 00 00 00 00 - 00 d0 fd 7f 00 00 00 00 ................ 000000000012fc64 00 00 00 00 cb 79 82 7c - 00 00 00 00 90 fc 12 00 .....y.|........ 000000000012fc74 81 d2 83 7c 04 02 00 00 - 04 00 00 00 e4 2e 4b 00 ...|..........K. 000000000012fc84 c8 2e 4b 00 e4 2e 4b 00 - dc f2 47 00 00 00 00 00 ..K...K...G..... 000000000012fc94 14 fd 12 00 e7 4d 47 00 - ff ff ff ff c0 fc 12 00 .....MG......... 000000000012fca4 85 2b 45 00 64 04 00 00 - 00 00 00 00 78 ff 47 00 .+E.d.......x.G. 000000000012fcb4 bc fc 12 00 64 04 00 00 - 00 00 00 00 20 fd 12 00 ....d....... ... 000000000012fcc4 2f 4b 45 00 64 04 00 00 - 00 00 00 00 00 00 00 00 /KE.d........... 000000000012fcd4 b8 fd 12 00 84 00 01 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fcf4 00 00 00 00 00 00 00 00 - 1c fd 12 00 eb 5a 47 00 .............ZG. 000000000012fd04 ff ff ff ff 28 fd 12 00 - 98 7b 17 00 d4 fc 12 00 ....(....{...... *----> State Dump for Thread Id 0x814 <----* eax=0043f1f5 ebx=00d06e38 ecx=00000000 edx=00000000 esi=000000f8 edi=00000000 eip=7c8285ec esp=00fcfed8 ebp=00fcff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00fcff48 77e61c8d 000000f8 ffffffff 00000000 ntdll!KiFastSystemCallRet 00fcff5c 0042ad03 000000f8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 77e61c7b ff006aec 75ff0c75 0009e808 c25d0000 NetLimiter+0x2ad03 8b55ff8b 00000000 00000000 00000000 00000000 0xff006aec *----> Raw Stack Dump <----* 0000000000fcfed8 0b 7d 82 7c 1e 1d e6 77 - f8 00 00 00 00 00 00 00 .}.|...w........ 0000000000fcfee8 00 00 00 00 00 00 00 00 - 10 4d d0 00 38 6e d0 00 .........M..8n.. 0000000000fcfef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000000fcff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000fcff18 00 00 00 00 5c e5 83 80 - 00 00 00 00 00 e0 fd 7f ....\........... 0000000000fcff28 00 00 00 00 80 93 8b 80 - ec fe fc 00 00 b0 fd 7f ................ 0000000000fcff38 7c ff fc 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 |...`..wH..w.... 0000000000fcff48 5c ff fc 00 8d 1c e6 77 - f8 00 00 00 ff ff ff ff \......w........ 0000000000fcff58 00 00 00 00 7b 1c e6 77 - 03 ad 42 00 f8 00 00 00 ....{..w..B..... 0000000000fcff68 ff ff ff ff 00 00 00 00 - 38 6e d0 00 b8 ff fc 00 ........8n...... 0000000000fcff78 38 6e d0 00 a8 ff fc 00 - 38 48 47 00 ff ff ff ff 8n......8HG..... 0000000000fcff88 64 f2 43 00 10 4d d0 00 - 00 00 00 00 00 00 00 00 d.C..M.......... 0000000000fcff98 38 6e d0 00 01 00 00 00 - 90 ff fc 00 5e 00 85 80 8n..........^... 0000000000fcffa8 dc ff fc 00 18 e6 43 00 - 28 89 48 00 00 00 00 00 ......C.(.H..... 0000000000fcffb8 ec ff fc 00 29 48 e6 77 - 38 6e d0 00 00 00 00 00 ....)H.w8n...... 0000000000fcffc8 00 00 00 00 38 6e d0 00 - 00 00 00 00 c4 ff fc 00 ....8n.......... 0000000000fcffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000000fcffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f5 f1 43 00 ..............C. 0000000000fcfff8 38 6e d0 00 00 00 00 00 - 00 00 00 00 00 00 00 00 8n.............. 0000000000fd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x460 <----* eax=00000093 ebx=00000015 ecx=00d0d360 edx=000001a4 esi=00000108 edi=00000000 eip=7c8285ec esp=012dfec0 ebp=012dff30 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 012dff30 77e61c8d 00000108 000003e8 00000000 ntdll!KiFastSystemCallRet 012dff44 0040786c 00000108 000003e8 00000000 kernel32!WaitForSingleObject+0x12 012dff84 0043f264 004abd50 00000000 00000000 NetLimiter+0x786c 012dffb8 77e64829 010271e0 00000000 00000000 NetLimiter+0x3f264 012dffec 00000000 0043f1f5 010271e0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000012dfec0 0b 7d 82 7c 1e 1d e6 77 - 08 01 00 00 00 00 00 00 .}.|...w........ 00000000012dfed0 04 ff 2d 01 01 00 00 00 - 50 bd 4a 00 15 00 00 00 ..-.....P.J..... 00000000012dfee0 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000012dfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000012dff00 00 00 00 00 80 69 67 ff - ff ff ff ff 00 e0 fd 7f .....ig......... 00000000012dff10 04 ff 2d 01 64 07 00 00 - d4 fe 2d 01 00 05 00 00 ..-.d.....-..... 00000000012dff20 74 ff 2d 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 t.-.`..wH..w.... 00000000012dff30 44 ff 2d 01 8d 1c e6 77 - 08 01 00 00 e8 03 00 00 D.-....w........ 00000000012dff40 00 00 00 00 84 ff 2d 01 - 6c 78 40 00 08 01 00 00 ......-.lx@..... 00000000012dff50 e8 03 00 00 00 00 00 00 - e0 71 02 01 e0 71 02 01 .........q...q.. 00000000012dff60 50 bd 4a 00 15 00 00 00 - 01 00 00 00 00 00 00 00 P.J............. 00000000012dff70 a8 ff 2d 01 a8 ff 2d 01 - 18 e6 43 00 58 a3 47 00 ..-...-...C.X.G. 00000000012dff80 ff ff ff ff b8 ff 2d 01 - 64 f2 43 00 50 bd 4a 00 ......-.d.C.P.J. 00000000012dff90 00 00 00 00 00 00 00 00 - e0 71 02 01 01 00 00 00 .........q...... 00000000012dffa0 90 ff 2d 01 5e 00 85 80 - dc ff 2d 01 18 e6 43 00 ..-.^.....-...C. 00000000012dffb0 28 89 48 00 00 00 00 00 - ec ff 2d 01 29 48 e6 77 (.H.......-.)H.w 00000000012dffc0 e0 71 02 01 00 00 00 00 - 00 00 00 00 e0 71 02 01 .q...........q.. 00000000012dffd0 00 00 00 00 c4 ff 2d 01 - 5d 06 85 80 ff ff ff ff ......-.]....... 00000000012dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000012dfff0 00 00 00 00 f5 f1 43 00 - e0 71 02 01 00 00 00 00 ......C..q...... *----> State Dump for Thread Id 0xb98 <----* eax=0043f1f5 ebx=77e424de ecx=00000000 edx=00000000 esi=004abc34 edi=00000000 eip=7c8285ec esp=013dff20 ebp=013dff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 013dff4c 0043028e 0000016c 013dff84 013dff78 ntdll!KiFastSystemCallRet 77e5bedd 10ec83ec 0c758b56 7589f685 8337740c NetLimiter+0x3028e 8b55ff8b 00000000 00000000 00000000 00000000 0x10ec83ec *----> Raw Stack Dump <----* 00000000013dff20 db 77 82 7c a2 be e5 77 - 6c 01 00 00 78 ff 3d 01 .w.|...wl...x.=. 00000000013dff30 64 ff 3d 01 44 ff 3d 01 - 00 00 00 00 00 00 00 00 d.=.D.=......... 00000000013dff40 f0 8c cc 88 30 25 a8 80 - 12 55 e6 77 dd be e5 77 ....0%...U.w...w 00000000013dff50 8e 02 43 00 6c 01 00 00 - 84 ff 3d 01 78 ff 3d 01 ..C.l.....=.x.=. 00000000013dff60 80 ff 3d 01 ff ff ff ff - 00 00 00 00 d8 84 02 01 ..=............. 00000000013dff70 b8 ff 3d 01 d8 84 02 01 - 18 55 e6 77 ff ff ff ff ..=......U.w.... 00000000013dff80 12 55 e6 77 23 f2 43 00 - 64 f2 43 00 34 bc 4a 00 .U.w#.C.d.C.4.J. 00000000013dff90 00 00 00 00 00 00 00 00 - d8 84 02 01 01 00 00 00 ................ 00000000013dffa0 90 ff 3d 01 5e 00 85 80 - dc ff 3d 01 18 e6 43 00 ..=.^.....=...C. 00000000013dffb0 28 89 48 00 00 00 00 00 - ec ff 3d 01 29 48 e6 77 (.H.......=.)H.w 00000000013dffc0 d8 84 02 01 00 00 00 00 - 00 00 00 00 d8 84 02 01 ................ 00000000013dffd0 00 00 00 00 c4 ff 3d 01 - 5d 06 85 80 ff ff ff ff ......=.]....... 00000000013dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000013dfff0 00 00 00 00 f5 f1 43 00 - d8 84 02 01 00 00 00 00 ......C......... 00000000013e0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xdb4 <----* eax=00000000 ebx=003f3250 ecx=00169088 edx=00168fe0 esi=000000c4 edi=00000000 eip=7c8285ec esp=0154fec8 ebp=0154ff38 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgs.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgs.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0154ff38 77e61c8d 000000c4 ffffffff 00000000 ntdll!KiFastSystemCallRet 0154ff4c 77cb07d6 000000c4 ffffffff 00168fe0 kernel32!WaitForSingleObject+0x12 0154ff60 77ca6ce9 ffffffff 003f3228 003f3250 RPCRT4!RpcMgmtSetAuthorizationFn+0x27a5 0154ff78 1000124c 00000000 003f3380 10001b1e RPCRT4!I_RpcServerCheckClientRestriction+0x3a4 0154ffb8 77e64829 003f3250 00000000 00000000 nl_msgs!CreateNLMsgServer+0x15c 0154ffec 00000000 10001aaf 003f3250 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000154fec8 0b 7d 82 7c 1e 1d e6 77 - c4 00 00 00 00 00 00 00 .}.|...w........ 000000000154fed8 00 00 00 00 00 00 00 00 - 88 90 16 00 50 32 3f 00 ............P2?. 000000000154fee8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000154fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff08 00 00 00 00 24 ff 54 01 - b3 41 c7 77 00 e0 fd 7f ....$.T..A.w.... 000000000154ff18 00 00 00 00 e0 8f 16 00 - dc fe 54 01 a0 49 19 00 ..........T..I.. 000000000154ff28 a8 ff 54 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..T.`..wH..w.... 000000000154ff38 4c ff 54 01 8d 1c e6 77 - c4 00 00 00 ff ff ff ff L.T....w........ 000000000154ff48 00 00 00 00 60 ff 54 01 - d6 07 cb 77 c4 00 00 00 ....`.T....w.... 000000000154ff58 ff ff ff ff e0 8f 16 00 - 78 ff 54 01 e9 6c ca 77 ........x.T..l.w 000000000154ff68 ff ff ff ff 28 32 3f 00 - 50 32 3f 00 e0 8f 16 00 ....(2?.P2?..... 000000000154ff78 b8 ff 54 01 4c 12 00 10 - 00 00 00 00 80 33 3f 00 ..T.L........3?. 000000000154ff88 1e 1b 00 10 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff98 50 32 3f 00 01 00 00 00 - 90 ff 54 01 5e 00 85 80 P2?.......T.^... 000000000154ffa8 dc ff 54 01 6c 20 00 10 - e0 83 00 10 00 00 00 00 ..T.l .......... 000000000154ffb8 ec ff 54 01 29 48 e6 77 - 50 32 3f 00 00 00 00 00 ..T.)H.wP2?..... 000000000154ffc8 00 00 00 00 50 32 3f 00 - 00 00 00 00 c4 ff 54 01 ....P2?.......T. 000000000154ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000154ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 af 1a 00 10 ................ 000000000154fff8 50 32 3f 00 00 00 00 00 - 00 00 00 00 00 00 00 00 P2?............. *----> State Dump for Thread Id 0x4b0 <----* eax=0164ff78 ebx=7c81a360 ecx=77e61d43 edx=7c8285ec esi=00000198 edi=00000000 eip=7c8285ec esp=0164fed4 ebp=0164ff44 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0164ff44 77e61c8d 00000198 00002710 00000000 ntdll!KiFastSystemCallRet 0164ff58 00414ddf 00000198 00002710 0164ffb8 kernel32!WaitForSingleObject+0x12 7c81a3ab 7d8b57ec 084fff08 56532175 000c47c7 NetLimiter+0x14ddf 8b55ff8b 00000000 00000000 00000000 00000000 0x7d8b57ec *----> Raw Stack Dump <----* 000000000164fed4 0b 7d 82 7c 1e 1d e6 77 - 98 01 00 00 00 00 00 00 .}.|...w........ 000000000164fee4 18 ff 64 01 1e 00 00 00 - 94 bc 4a 00 60 a3 81 7c ..d.......J.`..| 000000000164fef4 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000164ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000164ff14 00 00 00 00 00 1f 0a fa - ff ff ff ff 00 e0 fd 7f ................ 000000000164ff24 18 ff 64 01 2d 86 c9 01 - e8 fe 64 01 52 4c 41 00 ..d.-.....d.RLA. 000000000164ff34 a8 ff 64 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..d.`..wH..w.... 000000000164ff44 58 ff 64 01 8d 1c e6 77 - 98 01 00 00 10 27 00 00 X.d....w.....'.. 000000000164ff54 00 00 00 00 ab a3 81 7c - df 4d 41 00 98 01 00 00 .......|.MA..... 000000000164ff64 10 27 00 00 b8 ff 64 01 - 50 bb 02 01 00 00 00 00 .'....d.P....... 000000000164ff74 50 bb 02 01 d9 07 02 00 - 02 00 03 00 11 00 1e 00 P............... 000000000164ff84 04 00 7c 00 64 f2 43 00 - 94 bc 4a 00 00 00 00 00 ..|.d.C...J..... 000000000164ff94 00 00 00 00 50 bb 02 01 - 01 00 00 00 90 ff 64 01 ....P.........d. 000000000164ffa4 5e 00 85 80 dc ff 64 01 - 18 e6 43 00 28 89 48 00 ^.....d...C.(.H. 000000000164ffb4 00 00 00 00 ec ff 64 01 - 29 48 e6 77 50 bb 02 01 ......d.)H.wP... 000000000164ffc4 00 00 00 00 00 00 00 00 - 50 bb 02 01 00 00 00 00 ........P....... 000000000164ffd4 c4 ff 64 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..d.].......`..w 000000000164ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000164fff4 f5 f1 43 00 50 bb 02 01 - 00 00 00 00 00 00 00 00 ..C.P........... 0000000001650004 00 00 01 00 00 10 00 00 - 00 00 00 00 e0 00 65 01 ..............e. *----> State Dump for Thread Id 0xcec <----* eax=00000000 ebx=0018a710 ecx=00d0d360 edx=00bb0007 esi=00193c90 edi=00000000 eip=7c8285ec esp=0185fe1c ebp=0185ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0185ff84 77c88792 0185ffac 77c8872d 00193c90 ntdll!KiFastSystemCallRet 0185ff8c 77c8872d 00193c90 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0185ffac 77c7b110 00168fe0 0185ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0185ffb8 77e64829 0018b0f8 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0185ffec 00000000 77c7b0f5 0018b0f8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000185fe1c 3b 78 82 7c ac 85 c8 77 - c8 01 00 00 74 ff 85 01 ;x.|...w....t... 000000000185fe2c 38 fe 85 01 10 a7 18 00 - 54 ff 85 01 58 00 70 00 8.......T...X.p. 000000000185fe3c 00 00 00 00 00 05 00 00 - b8 06 00 00 e4 af 2e 04 ................ 000000000185fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000185fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fe6c 00 00 00 00 34 00 00 00 - 00 05 00 00 b8 06 00 00 ....4........... 000000000185fe7c 6c 04 00 00 00 00 00 00 - 49 26 b2 71 8c ec 64 01 l.......I&.q..d. 000000000185fe8c 90 d8 07 01 f4 cb 7e 0e - 25 86 c9 01 00 18 00 00 ......~.%....... 000000000185fe9c 01 00 00 00 00 18 00 00 - dd 03 00 00 00 00 00 00 ................ 000000000185feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fecc 00 00 00 00 20 f1 72 f7 - 00 00 00 00 00 f1 72 f7 .... .r.......r. 000000000185fedc 00 00 00 00 00 00 00 00 - 00 f1 72 f7 00 00 00 00 ..........r..... 000000000185feec e4 9b e8 b4 56 44 a8 80 - 20 f1 72 f7 00 00 00 00 ....VD.. .r..... 000000000185fefc 00 9c e8 b4 0c d6 83 80 - 01 00 00 00 7c fa 72 f7 ............|.r. 000000000185ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 9c e8 b4 ................ 000000000185ff1c 5c e5 83 80 00 00 00 00 - 60 7c bd 88 08 7d bd 88 \.......`|...}.. 000000000185ff2c 80 93 8b 80 84 ff 85 01 - a6 84 c8 77 4c ff 85 01 ...........wL... 000000000185ff3c b6 84 c8 77 ab a3 81 7c - 68 db 18 00 f8 b0 18 00 ...w...|h....... 000000000185ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0x6a4 <----* eax=00000000 ebx=00194538 ecx=00d0d360 edx=00ab0007 esi=00193c90 edi=00000000 eip=7c8285ec esp=019efe1c ebp=019eff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 019eff84 77c88792 019effac 77c8872d 00193c90 ntdll!KiFastSystemCallRet 019eff8c 77c8872d 00193c90 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 019effac 77c7b110 00168fe0 019effec 77e64829 RPCRT4!I_RpcFree+0xb6b 019effb8 77e64829 001911d8 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 019effec 00000000 77c7b0f5 001911d8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000019efe1c 3b 78 82 7c ac 85 c8 77 - c8 01 00 00 74 ff 9e 01 ;x.|...w....t... 00000000019efe2c 38 fe 9e 01 38 45 19 00 - 54 ff 9e 01 20 00 38 00 8...8E..T... .8. 00000000019efe3c 00 00 00 00 00 05 00 00 - b8 06 00 00 e2 af 2e 04 ................ 00000000019efe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 00000000019efe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019efe6c 00 00 00 00 34 00 00 00 - 00 05 00 00 b8 06 00 00 ....4........... 00000000019efe7c 14 0f 00 00 00 00 00 00 - 49 26 b2 71 8c ec 64 01 ........I&.q..d. 00000000019efe8c b8 b1 07 01 9a 69 7c 0e - 25 86 c9 01 00 18 00 00 .....i|.%....... 00000000019efe9c 01 00 00 00 00 18 00 00 - b0 03 00 00 00 00 00 00 ................ 00000000019efeac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019efebc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019efecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019efedc 80 1d 04 89 f4 43 a8 80 - 00 00 00 00 00 00 00 00 .....C.......... 00000000019efeec f4 43 a8 80 00 00 00 00 - 00 00 00 00 f0 5b b3 b4 .C...........[.. 00000000019efefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 5c b3 b4 VD...........\.. 00000000019eff0c c7 d5 83 80 08 1d 04 89 - b0 1d 04 89 01 00 00 00 ................ 00000000019eff1c 08 1d 04 89 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019eff2c 7c fa 72 f7 84 ff 9e 01 - a6 84 c8 77 4c ff 9e 01 |.r........wL... 00000000019eff3c b6 84 c8 77 ab a3 81 7c - 78 01 19 00 d8 11 19 00 ...w...|x....... 00000000019eff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xb08 <----* eax=00000000 ebx=00196ae0 ecx=00d0d360 edx=00ab0007 esi=00193c90 edi=00000000 eip=7c8285ec esp=00cefe1c ebp=00ceff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00ceff84 77c88792 00ceffac 77c8872d 00193c90 ntdll!KiFastSystemCallRet 00ceff8c 77c8872d 00193c90 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 00ceffac 77c7b110 00168fe0 00ceffec 77e64829 RPCRT4!I_RpcFree+0xb6b 00ceffb8 77e64829 00196a38 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 00ceffec 00000000 77c7b0f5 00196a38 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000cefe1c 3b 78 82 7c ac 85 c8 77 - c8 01 00 00 74 ff ce 00 ;x.|...w....t... 0000000000cefe2c 38 fe ce 00 e0 6a 19 00 - 54 ff ce 00 58 00 70 00 8....j..T...X.p. 0000000000cefe3c 00 00 00 00 00 05 00 00 - b8 06 00 00 e3 af 2e 04 ................ 0000000000cefe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 0000000000cefe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000cefe6c 00 00 00 00 34 00 00 00 - 00 05 00 00 b8 06 00 00 ....4........... 0000000000cefe7c 90 0b 00 00 00 04 00 00 - d8 26 00 10 01 00 00 7f .........&...... 0000000000cefe8c 00 00 00 00 9a 69 7c 0e - 25 86 c9 01 44 00 00 00 .....i|.%...D... 0000000000cefe9c 01 00 00 00 00 18 00 00 - b1 03 00 00 c0 34 2b 89 .............4+. 0000000000cefeac 00 00 00 00 00 00 00 00 - 03 00 00 00 84 1c d1 b4 ................ 0000000000cefebc 00 00 00 00 ea 97 83 80 - e4 1b d1 b4 00 00 00 00 ................ 0000000000cefecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 0000000000cefedc e0 1b d1 b4 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .....C.......... 0000000000cefeec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 1b d1 b4 .C.............. 0000000000cefefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 1c d1 b4 VD.............. 0000000000ceff0c c7 d5 83 80 48 a3 37 89 - f0 a3 37 89 01 00 00 00 ....H.7...7..... 0000000000ceff1c 48 a3 37 89 01 00 00 00 - ff ff ff ff 01 00 00 00 H.7............. 0000000000ceff2c 7c fa 72 f7 84 ff ce 00 - a6 84 c8 77 4c ff ce 00 |.r........wL... 0000000000ceff3c b6 84 c8 77 ab a3 81 7c - 90 db 18 00 38 6a 19 00 ...w...|....8j.. 0000000000ceff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... Application exception occurred: App: C:\Program Files\NetLimiter 2 Pro\NLClient.exe (pid=3512) When: 12.02.2009 @ 10:52:06.078 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 352 smss.exe 400 csrss.exe 424 winlogon.exe 472 services.exe 484 lsass.exe 676 svchost.exe 748 svchost.exe 816 svchost.exe 832 svchost.exe 876 svchost.exe 932 ccSetMgr.exe 964 ccEvtMgr.exe 1072 SPBBCSvc.exe 1244 spoolsv.exe 1276 msdtc.exe 1384 DefWatch.exe 1432 svchost.exe 1488 probesvc.exe 1508 nlsvc.exe 1548 svchost.exe 1676 Rtvscan.exe 1804 tssdis.exe 2012 svchost.exe 2116 alg.exe 2252 csrss.exe 2280 winlogon.exe 2480 rdpclip.exe 2572 Explorer.EXE 2648 ccApp.exe 2732 VPTray.exe 2776 ctfmon.exe 3000 svchost.exe 3128 G6FTPSrv.exe 3240 wmiprvse.exe 3376 wmiprvse.exe 3512 NLClient.exe 4060 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000429000: C:\Program Files\NetLimiter 2 Pro\NLClient.exe 0000000000c70000 - 0000000000c92000: C:\Program Files\NetLimiter 2 Pro\NLEnv.dll 0000000001540000 - 0000000001805000: C:\WINDOWS\system32\xpsp2res.dll 00000000024a0000 - 00000000024d0000: C:\Program Files\NetLimiter 2 Pro\LSGuiCtrls.dll 0000000002650000 - 00000000026b5000: C:\Program Files\NetLimiter 2 Pro\Plugins\NodeView.dll 0000000002850000 - 0000000002896000: C:\Program Files\NetLimiter 2 Pro\nlvclient.dll 0000000010000000 - 000000001008c000: C:\Program Files\NetLimiter 2 Pro\NLHxClient.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000004dd60000 - 000000004df08000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.3790.4278_x-ww_AD682293\gdiplus.dll 000000006be70000 - 000000006bea7000: C:\WINDOWS\system32\dxtrans.dll 000000006beb0000 - 000000006bf0b000: C:\WINDOWS\system32\dxtmsft.dll 000000006d4c0000 - 000000006d4ca000: C:\WINDOWS\system32\ddrawex.dll 0000000071b70000 - 0000000071ba6000: C:\WINDOWS\system32\UxTheme.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\netapi32.dll 0000000072e50000 - 0000000072f67000: C:\WINDOWS\system32\msxml3.dll 0000000073860000 - 00000000738ab000: C:\WINDOWS\system32\DDRAW.dll 0000000073b30000 - 0000000073b36000: C:\WINDOWS\system32\DCIMAN32.dll 0000000073c30000 - 0000000073c50000: C:\WINDOWS\system32\T2EMBED.DLL 0000000073d10000 - 0000000073d13000: C:\WINDOWS\system32\LZ32.dll 0000000074490000 - 00000000744b7000: C:\WINDOWS\system32\msls31.dll 00000000744c0000 - 00000000744eb000: C:\WINDOWS\system32\msimtf.dll 0000000074540000 - 00000000745d3000: C:\WINDOWS\system32\mlang.dll 0000000074ac0000 - 0000000074b33000: C:\WINDOWS\system32\mshtmled.dll 0000000075360000 - 00000000753de000: C:\WINDOWS\system32\CRYPTUI.dll 0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\SXS.DLL 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076050000 - 00000000760e5000: C:\WINDOWS\system32\shdoclc.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.DLL 0000000076520000 - 000000007653d000: C:\WINDOWS\System32\CSCDLL.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\USERENV.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll 0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000076f90000 - 0000000077001000: C:\WINDOWS\system32\jscript.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077980000 - 0000000077af3000: C:\WINDOWS\system32\shdocvw.dll 0000000077b00000 - 0000000077b54000: C:\WINDOWS\System32\cscui.dll 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007f9e0000 - 000000007fce3000: C:\WINDOWS\system32\mshtml.dll *----> State Dump for Thread Id 0xdbc <----* eax=0c002434 ebx=00be0104 ecx=00000000 edx=00242ff0 esi=043f6d50 edi=0000c10c eip=00242fbc esp=0012ebf8 ebp=00000000 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> 00242fa5 0108 add [eax],ecx 00242fa7 000a add [edx],cl 00242fa9 0000 add [eax],al 00242fab 006900 add [ecx],ch 00242fae 6d insd 00242faf 006100 add [ecx],ah 00242fb2 67006500 add [di],ah 00242fb6 0000 add [eax],al 00242fb8 0300 add eax,[eax] 00242fba 0300 add eax,[eax] FAULT ->00242fbc 810108000a00 add dword ptr [ecx],0xa0008 ds:0023:00000000=???????? 00242fc2 0000 add [eax],al 00242fc4 6300 arpl [eax],eax 00242fc6 6c insb 00242fc7 006100 add [ecx],ah 00242fca 7300 jnb 00242fcc 00242fcc 7300 jnb 00242fce 00242fce 0000 add [eax],al 00242fd0 0300 add eax,[eax] 00242fd2 0300 add eax,[eax] 00242fd4 8c01 mov [ecx],es *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NetLimiter 2 Pro\NLHxClient.dll - ChildEBP RetAddr Args to Child WARNING: Frame IP not in any known module. Following frames may be wrong. 0012ebf4 10009a50 00be0104 0000c10c 00000000 0x242fbc bca06cd8 00000000 00000000 00000000 00000000 NLHxClient+0x9a50 *----> Raw Stack Dump <----* 000000000012ebf8 50 9a 00 10 04 01 be 00 - 0c c1 00 00 00 00 00 00 P............... 000000000012ec08 00 00 00 00 a0 ec 12 00 - 54 ec 12 00 30 99 00 10 ........T...0... 000000000012ec18 00 00 00 00 28 ed 12 00 - 74 6a ae 7f b0 45 21 00 ....(...tj...E!. 000000000012ec28 b0 45 21 00 e3 b6 39 77 - 04 01 be 00 0c c1 00 00 .E!...9w........ 000000000012ec38 00 00 00 00 00 00 00 00 - 30 99 00 10 cd ab ba dc ........0....... 000000000012ec48 00 00 00 00 a0 ec 12 00 - 30 99 00 10 cc ec 12 00 ........0....... 000000000012ec58 74 b8 39 77 30 99 00 10 - 04 01 be 00 0c c1 00 00 t.9w0........... 000000000012ec68 00 00 00 00 00 00 00 00 - 0c c1 00 00 20 f9 63 00 ............ .c. 000000000012ec78 38 07 00 00 24 00 00 00 - 01 00 00 00 00 00 00 00 8...$........... 000000000012ec88 00 00 00 00 30 00 00 00 - ff ff ff ff ff ff ff ff ....0........... 000000000012ec98 2a b8 39 77 00 00 00 00 - 00 00 00 00 e4 ec 12 00 *.9w............ 000000000012eca8 00 00 00 00 00 00 00 00 - 00 00 00 00 70 ec 12 00 ............p... 000000000012ecb8 24 e8 12 00 50 ed 12 00 - 18 af 3a 77 90 b8 39 77 $...P.....:w..9w 000000000012ecc8 00 00 00 00 08 ed 12 00 - d3 c2 39 77 00 00 00 00 ..........9w.... 000000000012ecd8 30 99 00 10 04 01 be 00 - 0c c1 00 00 00 00 00 00 0............... 000000000012ece8 00 00 00 00 34 f9 63 00 - 01 00 00 00 68 72 c5 00 ....4.c.....hr.. 000000000012ecf8 0c c1 00 00 70 ed 12 00 - 04 01 be 00 04 01 be 00 ....p........... 000000000012ed08 28 ed 12 00 37 c3 39 77 - 20 f9 63 00 f0 f9 63 00 (...7.9w .c...c. 000000000012ed18 00 00 00 00 00 00 00 00 - 00 00 00 00 3c 73 c5 00 ............<s.. 000000000012ed28 00 00 00 00 07 29 00 10 - 04 01 be 00 0c c1 00 00 .....).......... *----> State Dump for Thread Id 0xdc0 <----* eax=7c80e1fa ebx=00b0fef0 ecx=00000000 edx=00000000 esi=00000002 edi=00000000 eip=7c8285ec esp=00b0fea4 ebp=00b0ff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00b0ff48 7c80e4a2 00000002 00b0ff70 00000000 ntdll!KiFastSystemCallRet 00b0ffb8 77e64829 00000000 00000000 00000000 ntdll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus+0x301 00b0ffec 00000000 7c80e1fa 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000b0fea4 fb 7c 82 7c bb e5 80 7c - 02 00 00 00 f0 fe b0 00 .|.|...|........ 0000000000b0feb4 01 00 00 00 01 00 00 00 - 10 ff b0 00 00 10 00 00 ................ 0000000000b0fec4 90 2f 91 00 c0 83 88 7c - 24 00 00 00 01 00 00 00 ./.....|$....... 0000000000b0fed4 00 00 00 00 00 00 00 00 - 30 00 00 00 ff ff ff ff ........0....... 0000000000b0fee4 ff ff ff ff 61 d3 80 7c - 00 00 00 00 60 00 00 00 ....a..|....`... 0000000000b0fef4 68 00 00 00 08 00 00 c0 - 00 10 00 00 30 ff b0 00 h...........0... 0000000000b0ff04 d1 96 82 7c d6 96 82 7c - 00 10 00 00 00 a2 2f 4d ...|...|....../M 0000000000b0ff14 ff ff ff ff 00 b0 fd 7f - c0 83 88 7c 10 ff b0 00 ...........|.... 0000000000b0ff24 f0 fe b0 00 e0 96 82 7c - 02 00 00 00 c0 fe b0 00 .......|........ 0000000000b0ff34 ae e1 80 7c dc ff b0 00 - 70 82 82 7c c8 d3 80 7c ...|....p..|...| 0000000000b0ff44 00 00 00 00 b8 ff b0 00 - a2 e4 80 7c 02 00 00 00 ...........|.... 0000000000b0ff54 70 ff b0 00 00 00 00 00 - e0 93 04 00 01 00 00 00 p............... 0000000000b0ff64 00 00 00 00 00 00 00 00 - 00 00 00 00 60 00 00 00 ............`... 0000000000b0ff74 68 00 00 00 00 10 00 00 - 90 2f 91 00 00 10 00 00 h......../...... 0000000000b0ff84 88 1f 91 00 a0 70 88 7c - 00 00 00 00 28 00 00 00 .....p.|....(... 0000000000b0ff94 80 70 88 7c 00 10 00 00 - a0 70 88 7c 90 2f 91 00 .p.|.....p.|./.. 0000000000b0ffa4 00 00 00 00 80 70 88 7c - e5 03 00 00 00 10 00 00 .....p.|........ 0000000000b0ffb4 88 1f 91 00 ec ff b0 00 - 29 48 e6 77 00 00 00 00 ........)H.w.... 0000000000b0ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000b0ffd4 c4 ff b0 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w *----> State Dump for Thread Id 0xdc8 <----* eax=0101005d ebx=00e1fe98 ecx=00e1fb38 edx=7c8285ec esi=00e1fe9c edi=7ffdb000 eip=7c8285ec esp=00e1fe4c ebp=00e1fef4 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.3790.4278_x-ww_AD682293\gdiplus.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00e1fef4 7739bbd1 00000002 00e1ff1c 00000000 ntdll!KiFastSystemCallRet 00e1ff50 7739ce36 00000001 00e1ffb0 ffffffff USER32!MsgWaitForMultipleObjectsEx+0xd7 00e1ff6c 4dd668ab 00000001 00e1ffb0 00000000 USER32!MsgWaitForMultipleObjects+0x1f 00e1ffb8 77e64829 00000000 00000000 00000000 gdiplus+0x68ab 00e1ffec 00000000 4dd6960d 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000e1fe4c fb 7c 82 7c 2c 20 e6 77 - 02 00 00 00 98 fe e1 00 .|.|, .w........ 0000000000e1fe5c 01 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................ 0000000000e1fe6c 00 00 00 00 00 00 00 00 - 24 00 00 00 01 00 00 00 ........$....... 0000000000e1fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000e1fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 01 00 00 ................ 0000000000e1fe9c 24 01 00 00 cc cc 99 00 - cc cc cc 00 cc cc ff 00 $............... 0000000000e1feac cc ff 00 00 e0 fe e1 00 - d2 bb 3a 77 0d 02 19 00 ..........:w.... 0000000000e1febc 0b 00 00 00 00 b0 fd 7f - 00 00 00 00 00 00 00 00 ................ 0000000000e1fecc 98 fe e1 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................ 0000000000e1fedc 68 fe e1 00 40 ff e1 00 - dc ff e1 00 60 1a e6 77 h...@.......`..w 0000000000e1feec f8 1f e6 77 00 00 00 00 - 50 ff e1 00 d1 bb 39 77 ...w....P.....9w 0000000000e1fefc 02 00 00 00 1c ff e1 00 - 00 00 00 00 ff ff ff ff ................ 0000000000e1ff0c 00 00 00 00 99 cf 39 77 - 00 00 00 00 bc 31 ee 4d ......9w.....1.M 0000000000e1ff1c 18 01 00 00 24 01 00 00 - 00 00 00 00 00 00 00 00 ....$........... 0000000000e1ff2c 00 00 00 00 01 00 00 00 - c0 72 62 00 cc d6 fd 7f .........rb..... 0000000000e1ff3c 00 00 00 00 00 00 00 00 - 00 00 00 00 24 01 00 00 ............$... 0000000000e1ff4c 1c ff e1 00 6c ff e1 00 - 36 ce 39 77 01 00 00 00 ....l...6.9w.... 0000000000e1ff5c b0 ff e1 00 ff ff ff ff - ff 04 00 00 00 00 00 00 ................ 0000000000e1ff6c b8 ff e1 00 ab 68 d6 4d - 01 00 00 00 b0 ff e1 00 .....h.M........ 0000000000e1ff7c 00 00 00 00 ff ff ff ff - ff 04 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xdcc <----* eax=018a9000 ebx=7c81a360 ecx=00000089 edx=018a9008 esi=0000024c edi=00000000 eip=7c8285ec esp=01d5ff0c ebp=01d5ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mshtml.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01d5ff7c 77e61c8d 0000024c 000927c0 00000000 ntdll!KiFastSystemCallRet 01d5ff90 7fab083b 0000024c 000927c0 00000000 kernel32!WaitForSingleObject+0x12 01d5ffb8 77e64829 01822300 00000000 00000000 mshtml!DllGetClassObject+0x14e55 01d5ffec 00000000 7fab0ff9 01822300 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001d5ff0c 0b 7d 82 7c 1e 1d e6 77 - 4c 02 00 00 00 00 00 00 .}.|...wL....... 0000000001d5ff1c 50 ff d5 01 00 00 00 00 - 00 23 82 01 60 a3 81 7c P........#..`..| 0000000001d5ff2c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001d5ff3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001d5ff4c 00 00 00 00 00 44 5f 9a - fe ff ff ff 00 b0 fd 7f .....D_......... 0000000001d5ff5c 50 ff d5 01 00 23 82 01 - 20 ff d5 01 00 00 00 00 P....#.. ....... 0000000001d5ff6c dc ff d5 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001d5ff7c 90 ff d5 01 8d 1c e6 77 - 4c 02 00 00 c0 27 09 00 .......wL....'.. 0000000001d5ff8c 00 00 00 00 b8 ff d5 01 - 3b 08 ab 7f 4c 02 00 00 ........;...L... 0000000001d5ff9c c0 27 09 00 00 00 00 00 - 00 23 82 01 00 23 82 01 .'.......#...#.. 0000000001d5ffac 34 10 ab 7f 00 00 00 00 - 06 10 ab 7f ec ff d5 01 4............... 0000000001d5ffbc 29 48 e6 77 00 23 82 01 - 00 00 00 00 00 00 00 00 )H.w.#.......... 0000000001d5ffcc 00 23 82 01 00 00 00 00 - c4 ff d5 01 5d 06 85 80 .#..........]... 0000000001d5ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001d5ffec 00 00 00 00 00 00 00 00 - f9 0f ab 7f 00 23 82 01 .............#.. 0000000001d5fffc 00 00 00 00 da da 01 00 - 00 00 04 00 00 00 00 00 ................ 0000000001d6000c 00 00 00 00 a0 00 d6 01 - a4 02 00 00 e8 b6 15 00 ................ 0000000001d6001c e8 b6 15 00 04 09 01 00 - 4f 4c 45 36 38 32 39 31 ........OLE68291 0000000001d6002c 30 33 46 36 39 44 38 34 - 41 43 42 41 45 42 34 43 03F69D84ACBAEB4C 0000000001d6003c 36 38 32 33 03 00 03 00 - 3b 4e 04 00 00 00 01 00 6823....;N...... *----> State Dump for Thread Id 0xdd0 <----* eax=00000000 ebx=00000100 ecx=0015aca0 edx=00000108 esi=001742a0 edi=00000000 eip=7c8285ec esp=01e6fe1c ebp=01e6ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01e6ff84 77c88792 01e6ffac 77c8872d 001742a0 ntdll!KiFastSystemCallRet 01e6ff8c 77c8872d 001742a0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 01e6ffac 77c7b110 0015b370 01e6ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 01e6ffb8 77e64829 0019aee8 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 01e6ffec 00000000 77c7b0f5 0019aee8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001e6fe1c 3b 78 82 7c ac 85 c8 77 - a8 02 00 00 74 ff e6 01 ;x.|...w....t... 0000000001e6fe2c 00 00 00 00 a8 f8 8c 03 - 54 ff e6 01 00 00 00 00 ........T....... 0000000001e6fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 dc 2b 5a b5 .............+Z. 0000000001e6fe4c 6d 25 a8 80 88 e1 84 80 - b0 58 af 88 88 0d 30 89 m%.......X....0. 0000000001e6fe5c b0 0f 30 89 00 00 00 00 - 00 e0 fa 7f 00 00 00 00 ..0............. 0000000001e6fe6c ec 02 00 00 02 00 00 00 - 00 00 5a b5 f0 2d 5a b5 ..........Z..-Z. 0000000001e6fe7c 14 2b 5a b5 00 00 00 00 - 00 00 00 00 00 00 00 00 .+Z............. 0000000001e6fe8c 00 00 00 00 00 2a 5a b5 - 01 00 00 00 00 2a 5a b5 .....*Z......*Z. 0000000001e6fe9c 46 02 00 00 ff ff ff ff - 14 4f 23 f7 90 85 24 f7 F........O#...$. 0000000001e6feac 20 f1 df ff 00 00 00 00 - 00 f1 df ff 20 70 81 89 ........... p.. 0000000001e6febc 00 00 00 00 00 f1 df ff - 00 00 00 00 00 00 00 00 ................ 0000000001e6fecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 0000000001e6fedc e0 2b 5a b5 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .+Z..C.......... 0000000001e6feec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 2b 5a b5 .C...........+Z. 0000000001e6fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 2c 5a b5 VD...........,Z. 0000000001e6ff0c c7 d5 83 80 20 40 a3 88 - c8 40 a3 88 01 00 00 00 .... @...@...... 0000000001e6ff1c 20 40 a3 88 01 00 00 00 - ff ff ff ff 01 00 00 00 @.............. 0000000001e6ff2c 7c fa 72 f7 84 ff e6 01 - a6 84 c8 77 4c ff e6 01 |.r........wL... 0000000001e6ff3c b6 84 c8 77 ab a3 81 7c - 28 3c 1e 00 e8 ae 19 00 ...w...|(<...... 0000000001e6ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xdd8 <----* eax=7fc9c868 ebx=7c81a360 ecx=0182805b edx=00000002 esi=000002ec edi=00000000 eip=7c8285ec esp=0217ff0c ebp=0217ff7c iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0217ff7c 77e61c8d 000002ec 000927c0 00000000 ntdll!KiFastSystemCallRet 0217ff90 7fab083b 000002ec 000927c0 00000000 kernel32!WaitForSingleObject+0x12 0217ffb8 77e64829 01826210 00000000 00000000 mshtml!DllGetClassObject+0x14e55 0217ffec 00000000 7fab0ff9 01826210 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000217ff0c 0b 7d 82 7c 1e 1d e6 77 - ec 02 00 00 00 00 00 00 .}.|...w........ 000000000217ff1c 50 ff 17 02 00 00 00 00 - 10 62 82 01 60 a3 81 7c P........b..`..| 000000000217ff2c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000217ff3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000217ff4c 00 00 00 00 00 44 5f 9a - fe ff ff ff 00 b0 fd 7f .....D_......... 000000000217ff5c 50 ff 17 02 70 ff 17 02 - 20 ff 17 02 e0 11 21 00 P...p... .....!. 000000000217ff6c dc ff 17 02 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 000000000217ff7c 90 ff 17 02 8d 1c e6 77 - ec 02 00 00 c0 27 09 00 .......w.....'.. 000000000217ff8c 00 00 00 00 b8 ff 17 02 - 3b 08 ab 7f ec 02 00 00 ........;....... 000000000217ff9c c0 27 09 00 00 00 00 00 - 10 62 82 01 10 62 82 01 .'.......b...b.. 000000000217ffac 34 10 ab 7f 00 00 00 00 - 06 10 ab 7f ec ff 17 02 4............... 000000000217ffbc 29 48 e6 77 10 62 82 01 - 00 00 00 00 00 00 00 00 )H.w.b.......... 000000000217ffcc 10 62 82 01 00 00 00 00 - c4 ff 17 02 5d 06 85 80 .b..........]... 000000000217ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000217ffec 00 00 00 00 00 00 00 00 - f9 0f ab 7f 10 62 82 01 .............b.. 000000000217fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000218000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000218001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000218002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000218003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xddc <----* eax=000009e6 ebx=00000414 ecx=00000910 edx=00721cbc esi=029bff7c edi=77e62fc7 eip=7c8285ec esp=029bff34 ebp=029bff50 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NetLimiter 2 Pro\nlvclient.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 029bff50 02859375 029bff7c 00000000 00000000 ntdll!KiFastSystemCallRet 7739c7d8 0c458bec 0001452d 83137400 0e7448e8 nlvclient!DllUnregisterServer+0x52e5 8b55ff8b 00000000 00000000 00000000 00000000 0xc458bec *----> Raw Stack Dump <----* 00000000029bff34 11 c8 39 77 44 c8 39 77 - 7c ff 9b 02 00 00 00 00 ..9wD.9w|....... 00000000029bff44 00 00 00 00 00 00 00 00 - 19 c8 39 77 d8 c7 39 77 ..........9w..9w 00000000029bff54 75 93 85 02 7c ff 9b 02 - 00 00 00 00 00 00 00 00 u...|........... 00000000029bff64 00 00 00 00 00 00 00 00 - f0 39 8b 02 96 1c e6 77 .........9.....w 00000000029bff74 02 01 00 00 04 40 00 80 - 04 00 00 00 98 d4 f9 03 .....@.......... 00000000029bff84 fc 4e 00 00 9c ff 9b 02 - 00 00 00 00 96 1c e6 77 .N.............w 00000000029bff94 02 01 00 00 6b ea 85 02 - 14 04 00 00 01 00 00 00 ....k........... 00000000029bffa4 f0 39 8b 02 ec ff 9b 02 - 00 00 00 00 00 00 00 00 .9.............. 00000000029bffb4 00 00 00 00 f0 39 8b 02 - 29 48 e6 77 f0 39 8b 02 .....9..)H.w.9.. 00000000029bffc4 00 00 00 00 00 00 00 00 - f0 39 8b 02 00 00 00 00 .........9...... 00000000029bffd4 c4 ff 9b 02 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w 00000000029bffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000029bfff4 50 e9 85 02 f0 39 8b 02 - 00 00 00 00 00 00 00 00 P....9.......... 00000000029c0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000029c0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000029c0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000029c0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000029c0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000029c0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000029c0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xde4 <----* eax=028b3c00 ebx=0000041e ecx=00000003 edx=00000000 esi=02abff70 edi=77e62fc7 eip=7c8285ec esp=02abff28 ebp=02abff44 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 02abff44 02859375 02abff70 00000000 00000000 ntdll!KiFastSystemCallRet 7739c7d8 0c458bec 0001452d 83137400 0e7448e8 nlvclient!DllUnregisterServer+0x52e5 8b55ff8b 00000000 00000000 00000000 00000000 0xc458bec *----> Raw Stack Dump <----* 0000000002abff28 11 c8 39 77 44 c8 39 77 - 70 ff ab 02 00 00 00 00 ..9wD.9wp....... 0000000002abff38 00 00 00 00 00 00 00 00 - 19 c8 39 77 d8 c7 39 77 ..........9w..9w 0000000002abff48 75 93 85 02 70 ff ab 02 - 00 00 00 00 00 00 00 00 u...p........... 0000000002abff58 00 00 00 00 f0 39 8b 02 - f8 3b 8b 02 b8 ff ab 02 .....9...;...... 0000000002abff68 00 00 00 00 04 40 00 80 - e0 3a 8b 02 00 00 00 00 .....@...:...... 0000000002abff78 18 ff ab 02 ac ff ab 02 - b8 84 87 02 01 00 00 00 ................ 0000000002abff88 b8 ff ab 02 54 a2 85 02 - 1e 04 00 00 01 00 00 00 ....T........... 0000000002abff98 48 08 9c 83 00 00 00 00 - 00 00 00 00 f0 39 8b 02 H............9.. 0000000002abffa8 98 ff ab 02 dc ff ab 02 - b0 76 87 02 ff ff ff ff .........v...... 0000000002abffb8 ec ff ab 02 29 48 e6 77 - f0 39 8b 02 00 00 00 00 ....)H.w.9...... 0000000002abffc8 00 00 00 00 f0 39 8b 02 - 00 00 00 00 c4 ff ab 02 .....9.......... 0000000002abffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000002abffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 d0 a1 85 02 ................ 0000000002abfff8 f0 39 8b 02 00 00 00 00 - c8 00 00 00 07 01 00 00 .9.............. 0000000002ac0008 ff ee ff ee 02 10 00 00 - 00 00 00 00 00 fe 00 00 ................ 0000000002ac0018 00 00 10 00 00 20 00 00 - 00 02 00 00 00 20 00 00 ..... ....... .. 0000000002ac0028 2f 02 00 00 ff ef fd 7f - 19 00 08 06 00 00 00 00 /............... 0000000002ac0038 00 00 00 00 00 00 00 00 - 00 00 00 00 98 05 ac 02 ................ 0000000002ac0048 0f 00 00 00 f8 ff ff ff - 50 00 ac 02 50 00 ac 02 ........P...P... 0000000002ac0058 40 06 ac 02 00 00 00 00 - 00 00 00 00 00 00 00 00 @............... *----> State Dump for Thread Id 0xde8 <----* eax=6be71d84 ebx=02b0048c ecx=00000000 edx=00000000 esi=00000000 edi=02b0048c eip=7c8285ec esp=033fff34 ebp=033fff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\dxtrans.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 033fff60 6be71dc0 0000046c 033fff88 033fff8c ntdll!KiFastSystemCallRet 033fffb8 77e64829 02b0048c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 033fffec 00000000 6be71d84 02b0048c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000033fff34 db 77 82 7c a2 be e5 77 - 6c 04 00 00 8c ff 3f 03 .w.|...wl.....?. 00000000033fff44 78 ff 3f 03 58 ff 3f 03 - 00 00 00 00 8c 04 b0 02 x.?.X.?......... 00000000033fff54 00 00 00 00 8c 04 b0 02 - 98 5e 22 00 b8 ff 3f 03 .........^"...?. 00000000033fff64 c0 1d e7 6b 6c 04 00 00 - 88 ff 3f 03 8c ff 3f 03 ...kl.....?...?. 00000000033fff74 90 ff 3f 03 ff ff ff ff - 00 00 00 00 00 00 00 00 ..?............. 00000000033fff84 8c 04 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000033fff94 8c 04 b0 02 00 00 00 00 - 01 00 00 00 7c ff 3f 03 ............|.?. 00000000033fffa4 5e 00 85 80 dc ff 3f 03 - 53 6c e9 6b e8 1d e7 6b ^.....?.Sl.k...k 00000000033fffb4 ff ff ff ff ec ff 3f 03 - 29 48 e6 77 8c 04 b0 02 ......?.)H.w.... 00000000033fffc4 00 00 00 00 00 00 00 00 - 8c 04 b0 02 00 00 00 00 ................ 00000000033fffd4 c4 ff 3f 03 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..?.].......`..w 00000000033fffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000033ffff4 84 1d e7 6b 8c 04 b0 02 - 00 00 00 00 00 00 00 00 ...k............ 0000000003400004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003400014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003400024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003400034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003400044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003400054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003400064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xdec <----* eax=6be71d84 ebx=02b0048c ecx=00000000 edx=00000000 esi=00000000 edi=02b0048c eip=7c8285ec esp=034fff34 ebp=034fff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 034fff60 6be71dc0 0000046c 034fff88 034fff8c ntdll!KiFastSystemCallRet 034fffb8 77e64829 02b0048c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 034fffec 00000000 6be71d84 02b0048c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000034fff34 db 77 82 7c a2 be e5 77 - 6c 04 00 00 8c ff 4f 03 .w.|...wl.....O. 00000000034fff44 78 ff 4f 03 58 ff 4f 03 - 00 00 00 00 8c 04 b0 02 x.O.X.O......... 00000000034fff54 00 00 00 00 8c 04 b0 02 - 90 30 1e 00 b8 ff 4f 03 .........0....O. 00000000034fff64 c0 1d e7 6b 6c 04 00 00 - 88 ff 4f 03 8c ff 4f 03 ...kl.....O...O. 00000000034fff74 90 ff 4f 03 ff ff ff ff - 00 00 00 00 00 00 00 00 ..O............. 00000000034fff84 8c 04 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000034fff94 8c 04 b0 02 00 00 00 00 - 01 00 00 00 7c ff 4f 03 ............|.O. 00000000034fffa4 5e 00 85 80 dc ff 4f 03 - 53 6c e9 6b e8 1d e7 6b ^.....O.Sl.k...k 00000000034fffb4 ff ff ff ff ec ff 4f 03 - 29 48 e6 77 8c 04 b0 02 ......O.)H.w.... 00000000034fffc4 00 00 00 00 00 00 00 00 - 8c 04 b0 02 00 00 00 00 ................ 00000000034fffd4 c4 ff 4f 03 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..O.].......`..w 00000000034fffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000034ffff4 84 1d e7 6b 8c 04 b0 02 - 00 00 00 00 00 00 00 00 ...k............ 0000000003500004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003500014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003500024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003500034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003500044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003500054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003500064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xdf0 <----* eax=6be71d84 ebx=02b0048c ecx=00000000 edx=00000000 esi=00000000 edi=02b0048c eip=7c8285ec esp=035fff34 ebp=035fff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 035fff60 6be71dc0 0000046c 035fff88 035fff8c ntdll!KiFastSystemCallRet 035fffb8 77e64829 02b0048c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 035fffec 00000000 6be71d84 02b0048c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000035fff34 db 77 82 7c a2 be e5 77 - 6c 04 00 00 8c ff 5f 03 .w.|...wl....._. 00000000035fff44 78 ff 5f 03 58 ff 5f 03 - 00 00 00 00 8c 04 b0 02 x._.X._......... 00000000035fff54 00 00 00 00 8c 04 b0 02 - 98 ea 1b 00 b8 ff 5f 03 .............._. 00000000035fff64 c0 1d e7 6b 6c 04 00 00 - 88 ff 5f 03 8c ff 5f 03 ...kl....._..._. 00000000035fff74 90 ff 5f 03 ff ff ff ff - 00 00 00 00 00 00 00 00 .._............. 00000000035fff84 8c 04 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000035fff94 8c 04 b0 02 00 00 00 00 - 01 00 00 00 7c ff 5f 03 ............|._. 00000000035fffa4 5e 00 85 80 dc ff 5f 03 - 53 6c e9 6b e8 1d e7 6b ^....._.Sl.k...k 00000000035fffb4 ff ff ff ff ec ff 5f 03 - 29 48 e6 77 8c 04 b0 02 ......_.)H.w.... 00000000035fffc4 00 00 00 00 00 00 00 00 - 8c 04 b0 02 00 00 00 00 ................ 00000000035fffd4 c4 ff 5f 03 5d 06 85 80 - ff ff ff ff 60 1a e6 77 .._.].......`..w 00000000035fffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000035ffff4 84 1d e7 6b 8c 04 b0 02 - 00 00 00 00 00 00 00 00 ...k............ 0000000003600004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003600014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003600024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003600034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003600044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003600054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000003600064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xdf4 <----* eax=6be71d84 ebx=02b0048c ecx=00000000 edx=00000000 esi=00000000 edi=02b0048c eip=7c8285ec esp=036fff34 ebp=036fff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 036fff60 6be71dc0 0000046c 036fff88 036fff8c ntdll!KiFastSystemCallRet 036fffb8 77e64829 02b0048c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 036fffec 00000000 6be71d84 02b0048c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000036fff34 db 77 82 7c a2 be e5 77 - 6c 04 00 00 8c ff 6f 03 .w.|...wl.....o. 00000000036fff44 78 ff 6f 03 58 ff 6f 03 - 00 00 00 00 8c 04 b0 02 x.o.X.o......... 00000000036fff54 00 00 00 00 8c 04 b0 02 - f0 19 1c 00 b8 ff 6f 03 ..............o. 00000000036fff64 c0 1d e7 6b 6c 04 00 00 - 88 ff 6f 03 8c ff 6f 03 ...kl.....o...o. 00000000036fff74 90 ff 6f 03 ff ff ff ff - 00 00 00 00 00 00 00 00 ..o............. 00000000036fff84 8c 04 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000036fff94 8c 04 b0 02 00 00 00 00 - 01 00 00 00 7c ff 6f 03 ............|.o. 00000000036fffa4 5e 00 85 80 dc ff 6f 03 - 53 6c e9 6b e8 1d e7 6b ^.....o.Sl.k...k 00000000036fffb4 ff ff ff ff ec ff 6f 03 - 29 48 e6 77 8c 04 b0 02 ......o.)H.w.... 00000000036fffc4 00 00 00 00 00 00 00 00 - 8c 04 b0 02 00 00 00 00 ................ 00000000036fffd4 c4 ff 6f 03 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..o.].......`..w 00000000036fffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000036ffff4 84 1d e7 6b 8c 04 b0 02 - 00 00 00 00 30 41 32 43 ...k........0A2C 0000000003700004 39 34 38 42 35 30 46 7d - 20 3d 20 73 20 27 47 72 948B50F} = s 'Gr 0000000003700014 61 64 69 65 6e 74 57 69 - 70 65 27 0d 0a 09 09 7b adientWipe'....{ 0000000003700024 0d 0a 09 09 09 50 72 6f - 67 49 44 20 3d 20 73 20 .....ProgID = s 0000000003700034 27 44 58 49 6d 61 67 65 - 54 72 61 6e 73 66 6f 72 'DXImageTransfor 0000000003700044 6d 2e 4d 69 63 72 6f 73 - 6f 66 74 2e 47 72 61 64 m.Microsoft.Grad 0000000003700054 69 65 6e 74 57 69 70 65 - 2e 31 27 0d 0a 09 09 09 ientWipe.1'..... 0000000003700064 56 65 72 73 69 6f 6e 49 - 6e 64 65 70 65 6e 64 65 VersionIndepende *----> State Dump for Thread Id 0xdf8 <----* eax=00195b98 ebx=00000100 ecx=00cf0000 edx=00cf0001 esi=001742a0 edi=00000000 eip=7c8285ec esp=0389fe1c ebp=0389ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0389ff84 77c88792 0389ffac 77c8872d 001742a0 ntdll!KiFastSystemCallRet 0389ff8c 77c8872d 001742a0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0389ffac 77c7b110 0015b370 0389ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0389ffb8 77e64829 001c5250 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0389ffec 00000000 77c7b0f5 001c5250 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000389fe1c 3b 78 82 7c ac 85 c8 77 - a8 02 00 00 74 ff 89 03 ;x.|...w....t... 000000000389fe2c 00 00 00 00 78 3a 23 00 - 54 ff 89 03 00 00 00 00 ....x:#.T....... 000000000389fe3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fe4c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fe6c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000389fecc 00 00 00 00 20 f1 72 f7 - 00 00 00 00 00 f1 72 f7 .... .r.......r. 000000000389fedc 00 00 00 00 00 00 00 00 - 00 f1 72 f7 00 00 00 00 ..........r..... 000000000389feec e4 8b 82 b5 56 44 a8 80 - 20 f1 72 f7 00 00 00 00 ....VD.. .r..... 000000000389fefc 00 8c 82 b5 0c d6 83 80 - 01 00 00 00 7c fa 72 f7 ............|.r. 000000000389ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 8c 82 b5 ................ 000000000389ff1c 5c e5 83 80 00 00 00 00 - 40 2b a2 88 e8 2b a2 88 \.......@+...+.. 000000000389ff2c 80 93 8b 80 84 ff 89 03 - a6 84 c8 77 4c ff 89 03 ...........wL... 000000000389ff3c b6 84 c8 77 ab a3 81 7c - e0 01 24 00 50 52 1c 00 ...w...|..$.PR.. 000000000389ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0x564 <----* eax=6be71d84 ebx=02b0062c ecx=00000000 edx=00000000 esi=00000000 edi=02b0062c eip=7c8285ec esp=01f6ff34 ebp=01f6ff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01f6ff60 6be71dc0 00000508 01f6ff88 01f6ff8c ntdll!KiFastSystemCallRet 01f6ffb8 77e64829 02b0062c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 01f6ffec 00000000 6be71d84 02b0062c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001f6ff34 db 77 82 7c a2 be e5 77 - 08 05 00 00 8c ff f6 01 .w.|...w........ 0000000001f6ff44 78 ff f6 01 58 ff f6 01 - 00 00 00 00 2c 06 b0 02 x...X.......,... 0000000001f6ff54 00 00 00 00 2c 06 b0 02 - 40 2f 1e 00 b8 ff f6 01 ....,...@/...... 0000000001f6ff64 c0 1d e7 6b 08 05 00 00 - 88 ff f6 01 8c ff f6 01 ...k............ 0000000001f6ff74 90 ff f6 01 ff ff ff ff - 00 00 00 00 00 00 00 00 ................ 0000000001f6ff84 2c 06 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ,............... 0000000001f6ff94 2c 06 b0 02 00 00 00 00 - 01 00 00 00 7c ff f6 01 ,...........|... 0000000001f6ffa4 5e 00 85 80 dc ff f6 01 - 53 6c e9 6b e8 1d e7 6b ^.......Sl.k...k 0000000001f6ffb4 ff ff ff ff ec ff f6 01 - 29 48 e6 77 2c 06 b0 02 ........)H.w,... 0000000001f6ffc4 00 00 00 00 00 00 00 00 - 2c 06 b0 02 00 00 00 00 ........,....... 0000000001f6ffd4 c4 ff f6 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w 0000000001f6ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 0000000001f6fff4 84 1d e7 6b 2c 06 b0 02 - 00 00 00 00 08 00 00 00 ...k,........... 0000000001f70004 00 01 00 01 ee ff ee ff - 00 00 00 00 00 00 3a 00 ..............:. 0000000001f70014 00 90 0e 00 00 00 f7 01 - 00 01 00 00 40 00 f7 01 ............@... 0000000001f70024 00 00 07 02 e9 00 00 00 - 01 00 00 00 88 05 3a 00 ..............:. 0000000001f70034 00 00 00 00 b0 60 f8 01 - 00 00 00 00 15 00 08 00 .....`.......... 0000000001f70044 7e 01 08 01 88 ff f9 76 - 02 00 00 00 00 00 00 00 ~......v........ 0000000001f70054 c8 7d 3a 00 00 00 00 00 - fc 0d fa 76 00 7d 3a 00 .}:........v.}:. 0000000001f70064 f4 97 3a 00 38 0e f7 01 - 48 00 f7 01 00 88 3a 00 ..:.8...H.....:. *----> State Dump for Thread Id 0xed8 <----* eax=6be71d84 ebx=02b0062c ecx=00000000 edx=00000000 esi=00000000 edi=02b0062c eip=7c8285ec esp=041eff34 ebp=041eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 041eff60 6be71dc0 00000508 041eff88 041eff8c ntdll!KiFastSystemCallRet 041effb8 77e64829 02b0062c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 041effec 00000000 6be71d84 02b0062c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000041eff34 db 77 82 7c a2 be e5 77 - 08 05 00 00 8c ff 1e 04 .w.|...w........ 00000000041eff44 78 ff 1e 04 58 ff 1e 04 - 00 00 00 00 2c 06 b0 02 x...X.......,... 00000000041eff54 00 00 00 00 2c 06 b0 02 - e0 fb 22 00 b8 ff 1e 04 ....,....."..... 00000000041eff64 c0 1d e7 6b 08 05 00 00 - 88 ff 1e 04 8c ff 1e 04 ...k............ 00000000041eff74 90 ff 1e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ................ 00000000041eff84 2c 06 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ,............... 00000000041eff94 2c 06 b0 02 00 00 00 00 - 01 00 00 00 7c ff 1e 04 ,...........|... 00000000041effa4 5e 00 85 80 dc ff 1e 04 - 53 6c e9 6b e8 1d e7 6b ^.......Sl.k...k 00000000041effb4 ff ff ff ff ec ff 1e 04 - 29 48 e6 77 2c 06 b0 02 ........)H.w,... 00000000041effc4 00 00 00 00 00 00 00 00 - 2c 06 b0 02 00 00 00 00 ........,....... 00000000041effd4 c4 ff 1e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w 00000000041effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000041efff4 84 1d e7 6b 2c 06 b0 02 - 00 00 00 00 00 00 00 00 ...k,........... 00000000041f0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000041f0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000041f0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000041f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000041f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000041f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000041f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x13e4 <----* eax=6be71d84 ebx=02b0062c ecx=00000000 edx=00000000 esi=00000000 edi=02b0062c eip=7c8285ec esp=042eff34 ebp=042eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 042eff60 6be71dc0 00000508 042eff88 042eff8c ntdll!KiFastSystemCallRet 042effb8 77e64829 02b0062c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 042effec 00000000 6be71d84 02b0062c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000042eff34 db 77 82 7c a2 be e5 77 - 08 05 00 00 8c ff 2e 04 .w.|...w........ 00000000042eff44 78 ff 2e 04 58 ff 2e 04 - 00 00 00 00 2c 06 b0 02 x...X.......,... 00000000042eff54 00 00 00 00 2c 06 b0 02 - 50 4d 1f 00 b8 ff 2e 04 ....,...PM...... 00000000042eff64 c0 1d e7 6b 08 05 00 00 - 88 ff 2e 04 8c ff 2e 04 ...k............ 00000000042eff74 90 ff 2e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ................ 00000000042eff84 2c 06 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ,............... 00000000042eff94 2c 06 b0 02 00 00 00 00 - 01 00 00 00 7c ff 2e 04 ,...........|... 00000000042effa4 5e 00 85 80 dc ff 2e 04 - 53 6c e9 6b e8 1d e7 6b ^.......Sl.k...k 00000000042effb4 ff ff ff ff ec ff 2e 04 - 29 48 e6 77 2c 06 b0 02 ........)H.w,... 00000000042effc4 00 00 00 00 00 00 00 00 - 2c 06 b0 02 00 00 00 00 ........,....... 00000000042effd4 c4 ff 2e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w 00000000042effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000042efff4 84 1d e7 6b 2c 06 b0 02 - 00 00 00 00 00 00 00 00 ...k,........... 00000000042f0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000042f0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000042f0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000042f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000042f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000042f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000042f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xfd8 <----* eax=6be71d84 ebx=02b0062c ecx=00000000 edx=00000000 esi=00000000 edi=02b0062c eip=7c8285ec esp=043eff34 ebp=043eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 043eff60 6be71dc0 00000508 043eff88 043eff8c ntdll!KiFastSystemCallRet 043effb8 77e64829 02b0062c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 043effec 00000000 6be71d84 02b0062c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000043eff34 db 77 82 7c a2 be e5 77 - 08 05 00 00 8c ff 3e 04 .w.|...w......>. 00000000043eff44 78 ff 3e 04 58 ff 3e 04 - 00 00 00 00 2c 06 b0 02 x.>.X.>.....,... 00000000043eff54 00 00 00 00 2c 06 b0 02 - 60 96 22 00 b8 ff 3e 04 ....,...`."...>. 00000000043eff64 c0 1d e7 6b 08 05 00 00 - 88 ff 3e 04 8c ff 3e 04 ...k......>...>. 00000000043eff74 90 ff 3e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ..>............. 00000000043eff84 2c 06 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 ,............... 00000000043eff94 2c 06 b0 02 00 00 00 00 - 01 00 00 00 7c ff 3e 04 ,...........|.>. 00000000043effa4 5e 00 85 80 dc ff 3e 04 - 53 6c e9 6b e8 1d e7 6b ^.....>.Sl.k...k 00000000043effb4 ff ff ff ff ec ff 3e 04 - 29 48 e6 77 2c 06 b0 02 ......>.)H.w,... 00000000043effc4 00 00 00 00 00 00 00 00 - 2c 06 b0 02 00 00 00 00 ........,....... 00000000043effd4 c4 ff 3e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..>.].......`..w 00000000043effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000043efff4 84 1d e7 6b 2c 06 b0 02 - 00 00 00 00 08 00 00 00 ...k,........... 00000000043f0004 00 01 00 01 ee ff ee ff - 00 00 00 00 00 00 c5 00 ................ 00000000043f0014 00 80 0f 00 00 00 3f 04 - 00 01 00 00 40 00 3f 04 ......?.....@.?. 00000000043f0024 00 00 4f 04 f8 00 00 00 - 01 00 00 00 88 05 c5 00 ..O............. 00000000043f0034 00 00 00 00 88 7f 3f 04 - 00 00 00 00 06 00 08 00 ......?......... 00000000043f0044 8c 01 08 01 68 66 05 10 - 0c 73 c5 00 00 00 00 00 ....hf...s...... 00000000043f0054 00 00 00 00 70 15 00 10 - 00 00 00 00 00 00 00 00 ....p........... 00000000043f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 06 00 06 00 ................ *----> State Dump for Thread Id 0x13f0 <----* eax=7779664c ebx=02b0126c ecx=77796634 edx=0cb70002 esi=00000000 edi=02b0126c eip=7c8285ec esp=045eff34 ebp=045eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 045eff60 6be71dc0 00000504 045eff88 045eff8c ntdll!KiFastSystemCallRet 045effb8 77e64829 02b0126c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 045effec 00000000 6be71d84 02b0126c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000045eff34 db 77 82 7c a2 be e5 77 - 04 05 00 00 8c ff 5e 04 .w.|...w......^. 00000000045eff44 78 ff 5e 04 58 ff 5e 04 - 00 00 00 00 6c 12 b0 02 x.^.X.^.....l... 00000000045eff54 00 00 00 00 6c 12 b0 02 - f8 a5 15 00 b8 ff 5e 04 ....l.........^. 00000000045eff64 c0 1d e7 6b 04 05 00 00 - 88 ff 5e 04 8c ff 5e 04 ...k......^...^. 00000000045eff74 90 ff 5e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ..^............. 00000000045eff84 6c 12 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 l............... 00000000045eff94 6c 12 b0 02 00 00 00 00 - 01 00 00 00 7c ff 5e 04 l...........|.^. 00000000045effa4 5e 00 85 80 dc ff 5e 04 - 53 6c e9 6b e8 1d e7 6b ^.....^.Sl.k...k 00000000045effb4 ff ff ff ff ec ff 5e 04 - 29 48 e6 77 6c 12 b0 02 ......^.)H.wl... 00000000045effc4 00 00 00 00 00 00 00 00 - 6c 12 b0 02 00 00 00 00 ........l....... 00000000045effd4 c4 ff 5e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..^.].......`..w 00000000045effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000045efff4 84 1d e7 6b 6c 12 b0 02 - 00 00 00 00 00 00 00 00 ...kl........... 00000000045f0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000045f0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000045f0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000045f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000045f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000045f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000045f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x5dc <----* eax=6be71d84 ebx=02b0126c ecx=00000000 edx=00000000 esi=00000000 edi=02b0126c eip=7c8285ec esp=046eff34 ebp=046eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 046eff60 6be71dc0 00000504 046eff88 046eff8c ntdll!KiFastSystemCallRet 046effb8 77e64829 02b0126c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 046effec 00000000 6be71d84 02b0126c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000046eff34 db 77 82 7c a2 be e5 77 - 04 05 00 00 8c ff 6e 04 .w.|...w......n. 00000000046eff44 78 ff 6e 04 58 ff 6e 04 - 00 00 00 00 6c 12 b0 02 x.n.X.n.....l... 00000000046eff54 00 00 00 00 6c 12 b0 02 - c0 22 24 00 b8 ff 6e 04 ....l...."$...n. 00000000046eff64 c0 1d e7 6b 04 05 00 00 - 88 ff 6e 04 8c ff 6e 04 ...k......n...n. 00000000046eff74 90 ff 6e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ..n............. 00000000046eff84 6c 12 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 l............... 00000000046eff94 6c 12 b0 02 00 00 00 00 - 01 00 00 00 7c ff 6e 04 l...........|.n. 00000000046effa4 5e 00 85 80 dc ff 6e 04 - 53 6c e9 6b e8 1d e7 6b ^.....n.Sl.k...k 00000000046effb4 ff ff ff ff ec ff 6e 04 - 29 48 e6 77 6c 12 b0 02 ......n.)H.wl... 00000000046effc4 00 00 00 00 00 00 00 00 - 6c 12 b0 02 00 00 00 00 ........l....... 00000000046effd4 c4 ff 6e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..n.].......`..w 00000000046effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000046efff4 84 1d e7 6b 6c 12 b0 02 - 00 00 00 00 00 00 00 00 ...kl........... 00000000046f0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000046f0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000046f0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000046f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000046f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000046f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000046f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xee0 <----* eax=6be71d84 ebx=02b0126c ecx=00000000 edx=00000000 esi=00000000 edi=02b0126c eip=7c8285ec esp=047eff34 ebp=047eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 047eff60 6be71dc0 00000504 047eff88 047eff8c ntdll!KiFastSystemCallRet 047effb8 77e64829 02b0126c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 047effec 00000000 6be71d84 02b0126c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000047eff34 db 77 82 7c a2 be e5 77 - 04 05 00 00 8c ff 7e 04 .w.|...w......~. 00000000047eff44 78 ff 7e 04 58 ff 7e 04 - 00 00 00 00 6c 12 b0 02 x.~.X.~.....l... 00000000047eff54 00 00 00 00 6c 12 b0 02 - 10 97 8f 03 b8 ff 7e 04 ....l.........~. 00000000047eff64 c0 1d e7 6b 04 05 00 00 - 88 ff 7e 04 8c ff 7e 04 ...k......~...~. 00000000047eff74 90 ff 7e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ..~............. 00000000047eff84 6c 12 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 l............... 00000000047eff94 6c 12 b0 02 00 00 00 00 - 01 00 00 00 7c ff 7e 04 l...........|.~. 00000000047effa4 5e 00 85 80 dc ff 7e 04 - 53 6c e9 6b e8 1d e7 6b ^.....~.Sl.k...k 00000000047effb4 ff ff ff ff ec ff 7e 04 - 29 48 e6 77 6c 12 b0 02 ......~.)H.wl... 00000000047effc4 00 00 00 00 00 00 00 00 - 6c 12 b0 02 00 00 00 00 ........l....... 00000000047effd4 c4 ff 7e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..~.].......`..w 00000000047effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000047efff4 84 1d e7 6b 6c 12 b0 02 - 00 00 00 00 00 00 00 00 ...kl........... 00000000047f0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000047f0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000047f0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000047f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000047f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000047f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000047f0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x1404 <----* eax=6be71d84 ebx=02b0126c ecx=00000000 edx=00000000 esi=00000000 edi=02b0126c eip=7c8285ec esp=048eff34 ebp=048eff60 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 048eff60 6be71dc0 00000504 048eff88 048eff8c ntdll!KiFastSystemCallRet 048effb8 77e64829 02b0126c 00000000 00000000 dxtrans!DllUnregisterServer+0x63f 048effec 00000000 6be71d84 02b0126c 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000048eff34 db 77 82 7c a2 be e5 77 - 04 05 00 00 8c ff 8e 04 .w.|...w........ 00000000048eff44 78 ff 8e 04 58 ff 8e 04 - 00 00 00 00 6c 12 b0 02 x...X.......l... 00000000048eff54 00 00 00 00 6c 12 b0 02 - 38 5f 8e 03 b8 ff 8e 04 ....l...8_...... 00000000048eff64 c0 1d e7 6b 04 05 00 00 - 88 ff 8e 04 8c ff 8e 04 ...k............ 00000000048eff74 90 ff 8e 04 ff ff ff ff - 00 00 00 00 00 00 00 00 ................ 00000000048eff84 6c 12 b0 02 05 00 00 00 - 00 00 00 00 00 00 00 00 l............... 00000000048eff94 6c 12 b0 02 00 00 00 00 - 01 00 00 00 7c ff 8e 04 l...........|... 00000000048effa4 5e 00 85 80 dc ff 8e 04 - 53 6c e9 6b e8 1d e7 6b ^.......Sl.k...k 00000000048effb4 ff ff ff ff ec ff 8e 04 - 29 48 e6 77 6c 12 b0 02 ........)H.wl... 00000000048effc4 00 00 00 00 00 00 00 00 - 6c 12 b0 02 00 00 00 00 ........l....... 00000000048effd4 c4 ff 8e 04 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w 00000000048effe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 00000000048efff4 84 1d e7 6b 6c 12 b0 02 - 00 00 00 00 08 00 00 00 ...kl........... 00000000048f0004 00 01 00 02 ee ff ee ff - 00 00 00 00 00 00 15 00 ................ 00000000048f0014 00 d0 19 00 00 00 8f 04 - 00 02 00 00 40 00 8f 04 ............@... 00000000048f0024 00 00 af 04 9d 01 00 00 - 01 00 00 00 98 05 15 00 ................ 00000000048f0034 00 00 00 00 10 1b 95 04 - 00 00 00 00 5a c3 08 00 ............Z... 00000000048f0044 7e 01 08 02 00 00 00 00 - 08 00 00 00 00 00 00 00 ~............... 00000000048f0054 00 00 01 01 01 01 01 01 - 02 02 02 03 03 03 03 03 ................ 00000000048f0064 03 04 04 04 05 05 05 05 - 05 05 06 06 06 06 06 06 ................ Application exception occurred: App: C:\Program Files\Symantec AntiVirus\VPC32.exe (pid=3996) When: 18.02.2009 @ 18:35:42.553 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 456 lsass.exe 628 svchost.exe 720 svchost.exe 800 svchost.exe 816 svchost.exe 856 svchost.exe 920 ccSetMgr.exe 948 ccEvtMgr.exe 1056 SPBBCSvc.exe 1240 spoolsv.exe 1276 msdtc.exe 1384 DefWatch.exe 1408 svchost.exe 1456 jqs.exe 1532 svchost.exe 1660 Rtvscan.exe 1760 tssdis.exe 2032 svchost.exe 2136 alg.exe 2600 wmiprvse.exe 2880 csrss.exe 2908 winlogon.exe 3100 rdpclip.exe 3168 Explorer.EXE 3244 ccApp.exe 3284 VPTray.exe 3300 NetLimiter.exe 3308 jusched.exe 3340 ctfmon.exe 3392 uTorrent.exe 3412 svchost.exe 3568 G6FTPSrv.exe 3704 logon.scr 3732 infocard.exe 3996 VPC32.exe 352 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000447000: C:\Program Files\Symantec AntiVirus\VPC32.exe 0000000000d10000 - 0000000000d1c000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll 0000000001310000 - 0000000001321000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll 0000000001330000 - 0000000001363000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll 0000000001370000 - 0000000001384000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll 0000000001390000 - 00000000013a6000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll 00000000013b0000 - 00000000013c3000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll 00000000013d0000 - 00000000013e3000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll 00000000013f0000 - 00000000013fe000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll 0000000001400000 - 0000000001414000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll 0000000001420000 - 000000000142d000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll 0000000001430000 - 0000000001448000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll 0000000001450000 - 0000000001474000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll 0000000001480000 - 000000000148f000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll 0000000001490000 - 00000000014a1000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll 00000000014b0000 - 00000000014e5000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll 0000000001500000 - 00000000017c5000: C:\WINDOWS\system32\xpsp2res.dll 0000000001b60000 - 0000000001b75000: C:\Program Files\NetLimiter\nl_lsp.dll 0000000001b80000 - 0000000001b91000: C:\WINDOWS\system32\nl_msgc.dll 0000000002020000 - 00000000020b9000: C:\Program Files\Symantec AntiVirus\DefUtDCD.dll 0000000010000000 - 000000001000d000: C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000004b750000 - 000000004b7d9000: C:\WINDOWS\system32\hhctrl.ocx 0000000057b60000 - 0000000057b6a000: C:\WINDOWS\System32\wshqos.dll 0000000057b80000 - 0000000057b87000: C:\WINDOWS\System32\wship6.dll 000000005d360000 - 000000005d36e000: C:\WINDOWS\system32\MFC71ENU.DLL 000000005f270000 - 000000005f2ca000: C:\WINDOWS\system32\hnetcfg.dll 0000000061f80000 - 0000000061f93000: C:\Program Files\Symantec AntiVirus\SDSTP32I.DLL 0000000061fa0000 - 0000000061faf000: C:\Program Files\Symantec AntiVirus\SDSOK32I.DLL 0000000062f10000 - 0000000062f97000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx 0000000063e90000 - 0000000063eb6000: C:\Program Files\Common Files\Symantec Shared\SSC\webshell.dll 0000000065470000 - 00000000654ab000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx 00000000654b0000 - 00000000654f4000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx 0000000065aa0000 - 0000000065af2000: C:\Program Files\Symantec AntiVirus\scandres.dll 0000000065b00000 - 0000000065b43000: C:\Program Files\Symantec AntiVirus\SCANDLVR.DLL 0000000065b50000 - 0000000065b97000: C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll 0000000065e10000 - 0000000065e20000: C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL 0000000065e90000 - 0000000065eb4000: C:\Program Files\Symantec AntiVirus\I2ldvp3.dll 0000000065ef0000 - 0000000065fa3000: C:\Program Files\Symantec AntiVirus\Cliscan.dll 0000000065fb0000 - 0000000065ffd000: C:\Program Files\Symantec AntiVirus\Cliproxy.dll 0000000068000000 - 0000000068035000: C:\WINDOWS\system32\rsaenh.dll 0000000069000000 - 000000006901d000: C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL 0000000069040000 - 000000006907f000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\ecmsvr32.dll 0000000069100000 - 0000000069220000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\NAVEX32a.DLL 00000000692c0000 - 00000000692ea000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\NAVENG32.DLL 000000006ad40000 - 000000006ad4f000: C:\Program Files\Common Files\Symantec Shared\ccDec.dll 000000006af90000 - 000000006afee000: C:\Program Files\Common Files\Symantec Shared\ccL40.dll 000000006b2b0000 - 000000006b2e5000: C:\Program Files\Common Files\Symantec Shared\ccScan.dll 000000006b350000 - 000000006b367000: C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll 000000006d300000 - 000000006d54e000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\ccEraser.dll 000000006fa60000 - 000000006fa98000: C:\Program Files\Symantec AntiVirus\SAVRT32.DLL 0000000071ae0000 - 0000000071ae8000: C:\WINDOWS\system32\wshtcpip.dll 0000000071b20000 - 0000000071b61000: C:\WINDOWS\system32\MSWSOCK.dll 0000000071bb0000 - 0000000071bb9000: C:\WINDOWS\system32\WSOCK32.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\netapi32.dll 00000000745e0000 - 000000007489e000: C:\WINDOWS\system32\msi.dll 0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\SXS.DLL 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\shfolder.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\userenv.dll 0000000076b10000 - 0000000076b15000: C:\WINDOWS\system32\SFC.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll 0000000076be0000 - 0000000076c0b000: C:\WINDOWS\system32\sfc_os.dll 0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076ed0000 - 0000000076efa000: C:\WINDOWS\system32\DNSAPI.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000076f70000 - 0000000076f77000: C:\WINDOWS\System32\winrnr.dll 0000000076f80000 - 0000000076f85000: C:\WINDOWS\system32\rasadhlp.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c140000 - 000000007c246000: C:\WINDOWS\system32\MFC71.DLL 000000007c360000 - 000000007c3b6000: C:\WINDOWS\system32\MSVCR71.dll 000000007c3c0000 - 000000007c43c000: C:\WINDOWS\system32\MSVCP71.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll *----> State Dump for Thread Id 0xfa0 <----* eax=00000000 ebx=0000bc04 ecx=00e5cf38 edx=7c223914 esi=00e4e7e8 edi=00000000 eip=62f2f81c esp=0012efac ebp=0012f284 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx - function: LDVPCtls!DllUnregisterServer 62f2f800 7479 jz LDVPCtls!DllUnregisterServer+0xe73b (62f2f87b) 62f2f802 f4 hlt 62f2f803 62e8 bound ebp,eax 62f2f805 c3 ret 62f2f806 2301 and eax,[ecx] 62f2f808 0085c074098b add [ebp+0x8b0974c0],al 62f2f80e 108bc8ff527c adc [ebx+0x7c52ffc8],cl 62f2f814 eb02 jmp LDVPCtls!DllUnregisterServer+0xe6d8 (62f2f818) 62f2f816 33c0 xor eax,eax 62f2f818 8b4c240c mov ecx,[esp+0xc] FAULT ->62f2f81c 8b5020 mov edx,[eax+0x20] ds:0023:00000020=???????? 62f2f81f 6a01 push 0x1 62f2f821 6a00 push 0x0 62f2f823 6a00 push 0x0 62f2f825 51 push ecx 62f2f826 6a00 push 0x0 62f2f828 52 push edx 62f2f829 ff15007bf462 call dword ptr [LDVPCtls!DllCanUnloadNow+0x5172 (62f47b00)] 62f2f82f 33c9 xor ecx,ecx 62f2f831 83f820 cmp eax,0x20 62f2f834 0f9fc1 setnle cl *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MFC71.DLL - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0012f284 7c1b0f28 00e6c700 00000000 0000ff9c LDVPCtls!DllUnregisterServer+0xe6dc 0012f2b4 7c1ade52 00000000 0000ff9c 0012f2d4 MFC71!Ordinal4261+0x10a 0012f2dc 7c1ac211 0000004e 00001388 0012f8a4 MFC71!Ordinal5373+0x52 0012f368 7c1acd7e 000e0182 0012f418 00e6c518 MFC71!Ordinal5652+0x29 0012f390 7c1ad84f 00001388 ffffff9c 0012f418 MFC71!Ordinal4722+0x46 0012f428 7c1a9f01 0000004e 00001388 0012f8a4 MFC71!Ordinal5073+0x5f 0012f448 7c182872 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x22 0012f470 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6270+0x11c 0012f4d0 7c1ac639 00000000 000e017e 0000004e MFC71!Ordinal1028+0x91 0012f4f0 62f41f90 000e017e 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f51c 7739b6e3 000e017e 0000004e 00001388 LDVPCtls!DllUnregisterServer+0x20e50 0012f548 7739b874 62f41f62 000e017e 0000004e USER32!LoadCursorW+0x4cf5 0012f5c0 7739bfce 00000000 62f41f62 000e017e USER32!LoadCursorW+0x4e86 0012f5f0 773b0463 62f41f62 000e017e 0000004e USER32!CallWindowProcW+0x75 0012f610 7c1a9cbc 62f41f62 000e017e 0000004e USER32!CallWindowProcA+0x1b 0012f630 7c1a9f18 0000004e 00001388 0012f8a4 MFC71!Ordinal1908+0x42 0012f64c 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x39 0012f6ac 7c1ac639 00000000 000e017e 0000004e MFC71!Ordinal1028+0x91 0012f6cc 65b6fe06 000e017e 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f6f8 7739b6e3 000e017e 0000004e 00001388 scandlgs!DllUnregisterServer+0x68b6 0012f724 7739b874 65b6fdd8 000e017e 0000004e USER32!LoadCursorW+0x4cf5 0012f79c 7739c2d3 00000000 65b6fdd8 000e017e USER32!LoadCursorW+0x4e86 0012f7d8 7739c337 00666dd8 0066af38 00001388 USER32!IsWindow+0x148 0012f7f8 77537910 000e017e 0000004e 00001388 USER32!SendMessageW+0x49 0012f890 77541dbe 001b0360 ffffff9c 0012f8a4 COMCTL32!Ordinal73+0x764 0012f8d0 7754187b 001b0360 00000000 00000000 COMCTL32!Ordinal330+0x1274 0012f938 775415d7 001b0360 0012f954 ffffffff COMCTL32!Ordinal330+0xd31 0012f984 77584c52 001b0360 00000000 00000003 COMCTL32!Ordinal330+0xa8d 0012f9a8 77585c5c 001b0360 00000000 00000001 COMCTL32!Ordinal384+0x22907 0012f9c4 77585ecd 001b0360 00000000 00000001 COMCTL32!Ordinal384+0x23911 0012fa44 77586211 000e0182 00000000 00000037 COMCTL32!Ordinal384+0x23b82 0012fa64 775384d3 001b0360 00000000 00000037 COMCTL32!Ordinal384+0x23ec6 0012fbe4 7739b6e3 000e0182 00000201 00000001 COMCTL32!Ordinal73+0x1327 0012fc10 7739b874 77537dc7 000e0182 00000201 USER32!LoadCursorW+0x4cf5 0012fc88 7739bfce 00000000 77537dc7 000e0182 USER32!LoadCursorW+0x4e86 0012fcb8 773b0463 ffff01af 000e0182 00000201 USER32!CallWindowProcW+0x75 0012fcd8 7c1a9cbc ffff01af 000e0182 00000201 USER32!CallWindowProcA+0x1b 0012fcf8 7c1a9f18 00000201 00000001 00200037 MFC71!Ordinal1908+0x42 0012fd14 7c1ac5a9 00000201 00000001 00200037 MFC71!Ordinal6275+0x39 0012fd74 7c1ac639 00000000 000e0182 00000201 MFC71!Ordinal1028+0x91 0012fd94 62f41f90 000e0182 00000201 00000001 MFC71!Ordinal1209+0x34 0012fdc0 7739b6e3 000e0182 00000201 00000001 LDVPCtls!DllUnregisterServer+0x20e50 0012fdec 7739b874 62f2a380 000e0182 00000201 USER32!LoadCursorW+0x4cf5 0012fe64 7739ba92 00000000 62f2a380 000e0182 USER32!LoadCursorW+0x4e86 0012fecc 773a16e5 00145488 00000001 00000000 USER32!TranslateMessageEx+0x10d 0012fedc 7c1b1645 00145488 00145488 0042c130 USER32!DispatchMessageA+0xf 00000000 00000000 00000000 00000000 00000000 MFC71!Ordinal1106+0x3e *----> Raw Stack Dump <----* 000000000012efac 01 00 00 00 e8 e7 e4 00 - 4e bc 00 00 38 cf e5 00 ........N...8... 000000000012efbc e0 38 22 7c 38 cf e5 00 - 08 ce e4 00 04 01 00 00 .8"|8........... 000000000012efcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012efdc 05 10 00 00 80 c0 1c 00 - e8 2d e7 00 01 00 00 00 .........-...... 000000000012efec 98 03 37 00 bc 9c 1a 7c - af 01 ff ff 08 c0 e6 00 ..7....|........ 000000000012effc 05 10 00 00 c0 3f e6 00 - 08 c0 1c 00 00 c0 e6 00 .....?.......... 000000000012f00c 28 f0 12 00 78 01 37 00 - 0b 00 00 00 00 00 00 00 (...x.7......... 000000000012f01c f0 f1 12 00 05 10 00 00 - 78 01 37 00 88 f0 12 00 ........x.7..... 000000000012f02c a9 c5 1a 7c 05 10 00 00 - 00 00 00 00 0e 00 00 00 ...|............ 000000000012f03c 4c f1 12 00 70 bf 1c 00 - 00 00 00 00 7e 01 0e 00 L...p.......~... 000000000012f04c 4e 00 00 00 0f 00 00 00 - 00 00 00 00 98 03 37 00 N.............7. 000000000012f05c 00 00 00 00 00 00 00 00 - d0 01 14 00 78 f1 12 00 ............x... 000000000012f06c 68 fd 1a 00 80 f0 12 00 - 28 c0 1c 00 94 f0 12 00 h.......(....... 000000000012f07c 71 a7 82 7c 0b 00 00 00 - 28 c0 1c 00 00 00 14 00 q..|....(....... 000000000012f08c 96 01 00 00 a0 f0 12 00 - 01 00 00 00 b5 9f 82 7c ...............| 000000000012f09c 80 ca 0d 05 80 f1 12 00 - 78 01 37 00 18 07 14 00 ........x.7..... 000000000012f0ac 10 00 00 00 01 00 00 00 - 18 f2 12 00 88 ca 0d 05 ................ 000000000012f0bc 08 c0 1c 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................ 000000000012f0cc b5 9f 82 7c c0 e4 e5 00 - b4 f1 12 00 80 37 e6 00 ...|.........7.. 000000000012f0dc 78 07 37 00 59 9f 82 7c - 68 4c e6 00 c8 e4 e5 00 x.7.Y..|hL...... *----> State Dump for Thread Id 0xfa4 <----* eax=7c80e1fa ebx=00bafef0 ecx=00000000 edx=00000000 esi=00000002 edi=00000000 eip=7c8285ec esp=00bafea4 ebp=00baff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00baff48 7c80e4a2 00000002 00baff70 00000000 ntdll!KiFastSystemCallRet 00baffb8 77e64829 00000000 00000000 00000000 ntdll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus+0x301 00baffec 00000000 7c80e1fa 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000bafea4 fb 7c 82 7c bb e5 80 7c - 02 00 00 00 f0 fe ba 00 .|.|...|........ 0000000000bafeb4 01 00 00 00 01 00 00 00 - 10 ff ba 00 00 10 00 00 ................ 0000000000bafec4 90 2f 9b 00 c0 83 88 7c - 24 00 00 00 01 00 00 00 ./.....|$....... 0000000000bafed4 00 00 00 00 00 00 00 00 - 30 00 00 00 ff ff ff ff ........0....... 0000000000bafee4 ff ff ff ff 61 d3 80 7c - 00 00 00 00 70 00 00 00 ....a..|....p... 0000000000bafef4 78 00 00 00 08 00 00 c0 - 00 10 00 00 30 ff ba 00 x...........0... 0000000000baff04 d1 96 82 7c d6 96 82 7c - 00 10 00 00 00 a2 2f 4d ...|...|....../M 0000000000baff14 ff ff ff ff 00 f0 fd 7f - c0 83 88 7c 10 ff ba 00 ...........|.... 0000000000baff24 f0 fe ba 00 e0 96 82 7c - 02 00 00 00 c0 fe ba 00 .......|........ 0000000000baff34 ae e1 80 7c dc ff ba 00 - 70 82 82 7c c8 d3 80 7c ...|....p..|...| 0000000000baff44 00 00 00 00 b8 ff ba 00 - a2 e4 80 7c 02 00 00 00 ...........|.... 0000000000baff54 70 ff ba 00 00 00 00 00 - e0 93 04 00 01 00 00 00 p............... 0000000000baff64 00 00 00 00 00 00 00 00 - 00 00 00 00 70 00 00 00 ............p... 0000000000baff74 78 00 00 00 00 10 00 00 - 90 2f 9b 00 00 10 00 00 x......../...... 0000000000baff84 88 1f 9b 00 a0 70 88 7c - 00 00 00 00 28 00 00 00 .....p.|....(... 0000000000baff94 80 70 88 7c 00 10 00 00 - a0 70 88 7c 90 2f 9b 00 .p.|.....p.|./.. 0000000000baffa4 00 00 00 00 80 70 88 7c - e5 03 00 00 00 10 00 00 .....p.|........ 0000000000baffb4 88 1f 9b 00 ec ff ba 00 - 29 48 e6 77 00 00 00 00 ........)H.w.... 0000000000baffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000baffd4 c4 ff ba 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w *----> State Dump for Thread Id 0xfbc <----* eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001 eip=7c8285ec esp=0113fcf0 ebp=0113ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0113ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet 0113ffec 00000000 7c83c643 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000113fcf0 fb 7c 82 7c 8e c7 83 7c - 13 00 00 00 34 fd 13 01 .|.|...|....4... 000000000113fd00 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fd10 00 00 00 00 00 00 00 00 - 88 96 88 7c 88 96 88 7c ...........|...| 000000000113fd20 08 02 00 00 bc 0f 00 00 - 13 00 00 00 13 00 00 00 ................ 000000000113fd30 12 00 00 00 50 02 00 00 - 84 01 00 00 18 02 00 00 ....P........... 000000000113fd40 8c 02 00 00 80 02 00 00 - 74 02 00 00 28 02 00 00 ........t...(... 000000000113fd50 38 02 00 00 30 02 00 00 - 4c 02 00 00 44 02 00 00 8...0...L...D... 000000000113fd60 a0 02 00 00 ac 02 00 00 - b8 02 00 00 c0 02 00 00 ................ 000000000113fd70 cc 02 00 00 d8 02 00 00 - e4 02 00 00 ec 02 00 00 ................ 000000000113fd80 e4 03 00 00 f0 03 00 00 - fc 03 00 00 08 04 00 00 ................ 000000000113fd90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fda0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fde0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fe00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xfc0 <----* eax=76929dd9 ebx=0123ff10 ecx=00000000 edx=00000000 esi=0123ff18 edi=7ffdf000 eip=7c8285ec esp=0123fec4 ebp=0123ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\userenv.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0123ff6c 77e62fbe 00000003 769cd34c 00000000 ntdll!KiFastSystemCallRet 0123ff88 76929e35 00000003 769cd34c 00000000 kernel32!WaitForMultipleObjects+0x18 0123ffb8 77e64829 00000000 00000000 00000000 userenv!ExpandEnvironmentStringsForUserW+0x6f2 0123ffec 00000000 76929dd9 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000123fec4 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 10 ff 23 01 .|.|, .w......#. 000000000123fed4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000123fee4 f8 d3 9c 76 6f 3e e6 77 - 24 00 00 00 01 00 00 00 ...vo>.w$....... 000000000123fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000123ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 1c 02 00 00 ................ 000000000123ff14 58 02 00 00 9c 02 00 00 - 59 9f 82 7c 20 1c e4 77 X.......Y..| ..w 000000000123ff24 00 00 14 00 00 00 00 00 - 30 1c e4 77 00 00 00 00 ........0..w.... 000000000123ff34 00 00 00 00 00 f0 fd 7f - 66 01 68 01 00 00 00 00 ........f.h..... 000000000123ff44 10 ff 23 01 00 00 00 00 - 00 00 00 00 03 00 00 00 ..#............. 000000000123ff54 e0 fe 23 01 00 00 00 00 - dc ff 23 01 60 1a e6 77 ..#.......#.`..w 000000000123ff64 f8 1f e6 77 00 00 00 00 - 88 ff 23 01 be 2f e6 77 ...w......#../.w 000000000123ff74 03 00 00 00 4c d3 9c 76 - 00 00 00 00 ff ff ff ff ....L..v........ 000000000123ff84 00 00 00 00 b8 ff 23 01 - 35 9e 92 76 03 00 00 00 ......#.5..v.... 000000000123ff94 4c d3 9c 76 00 00 00 00 - ff ff ff ff 00 00 00 00 L..v............ 000000000123ffa4 00 00 00 00 00 00 00 00 - 00 00 92 76 03 00 00 00 ...........v.... 000000000123ffb4 00 00 00 00 ec ff 23 01 - 29 48 e6 77 00 00 00 00 ......#.)H.w.... 000000000123ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000123ffd4 c4 ff 23 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..#.].......`..w 000000000123ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000123fff4 d9 9d 92 76 00 00 00 00 - 00 00 00 00 08 00 00 00 ...v............ *----> State Dump for Thread Id 0xfdc <----* eax=77c7b0f5 ebx=00000100 ecx=00000000 edx=00000000 esi=001b19e8 edi=00000000 eip=7c8285ec esp=018dfe1c ebp=018dff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 018dff84 77c88792 018dffac 77c8872d 001b19e8 ntdll!KiFastSystemCallRet 018dff8c 77c8872d 001b19e8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 018dffac 77c7b110 0014ebb8 018dffec 77e64829 RPCRT4!I_RpcFree+0xb6b 018dffb8 77e64829 00144e98 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 018dffec 00000000 77c7b0f5 00144e98 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000018dfe1c 3b 78 82 7c ac 85 c8 77 - 9c 03 00 00 74 ff 8d 01 ;x.|...w....t... 00000000018dfe2c 00 00 00 00 c8 30 1c 00 - 54 ff 8d 01 20 20 b7 88 .....0..T... .. 00000000018dfe3c 48 22 b7 88 00 00 00 00 - 00 40 fd 7f 00 00 00 00 H".......@...... 00000000018dfe4c 54 0d 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 T............... 00000000018dfe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000018dfe6c 46 02 00 00 c8 ed 8a 80 - 02 00 00 00 c4 cc 83 80 F............... 00000000018dfe7c 46 02 00 00 78 3b 4b b5 - 73 5a a8 80 02 00 00 00 F...x;K.sZ...... 00000000018dfe8c e1 00 00 00 b0 3b 4b b5 - 02 7d 83 80 02 00 00 00 .....;K..}...... 00000000018dfe9c 20 f1 72 f7 18 ff df ff - 82 da 83 80 20 20 b7 88 .r......... .. 00000000018dfeac 00 00 00 00 00 00 00 00 - 03 00 00 00 84 3c 4b b5 .............<K. 00000000018dfebc 00 00 00 00 ea 97 83 80 - e4 3b 4b b5 00 00 00 00 .........;K..... 00000000018dfecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 00000000018dfedc e0 3b 4b b5 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .;K..C.......... 00000000018dfeec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 3b 4b b5 .C...........;K. 00000000018dfefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 3c 4b b5 VD...........<K. 00000000018dff0c c7 d5 83 80 b0 4d bb 88 - 58 4e bb 88 00 00 00 00 .....M..XN...... 00000000018dff1c b0 4d bb 88 01 00 00 00 - ff ff ff ff 00 00 00 00 .M.............. 00000000018dff2c 7c fa df ff 84 ff 8d 01 - a6 84 c8 77 4c ff 8d 01 |..........wL... 00000000018dff3c b6 84 c8 77 ab a3 81 7c - 10 07 1c 00 98 4e 14 00 ...w...|.....N.. 00000000018dff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xfe0 <----* eax=776b16e4 ebx=00007530 ecx=00000000 edx=00000000 esi=00000000 edi=019dff4c eip=7c8285ec esp=019dff0c ebp=019dff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 019dff74 77e424ed 0000ea60 00000000 019dffac ntdll!KiFastSystemCallRet 019dff84 776bbb0f 0000ea60 001b57d8 776bbab4 kernel32!Sleep+0xf 019dffac 776b1704 00000000 019dffec 77e64829 ole32!CoFreeUnusedLibrariesEx+0x1c0 019dffb8 77e64829 001b57d8 00000000 00000000 ole32!CoRegisterChannelHook+0x538 019dffec 00000000 776b16e4 001b57d8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000019dff0c 4b 6f 82 7c d1 1e e4 77 - 00 00 00 00 4c ff 9d 01 Ko.|...w....L... 00000000019dff1c 96 1c e6 77 48 69 79 77 - 30 75 00 00 24 00 00 00 ...wHiyw0u..$... 00000000019dff2c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019dff3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019dff4c 00 ba 3c dc ff ff ff ff - 14 ff 9d 01 4c ff 9d 01 ..<.........L... 00000000019dff5c 1c ff 9d 01 24 ff 9d 01 - dc ff 9d 01 60 1a e6 77 ....$.......`..w 00000000019dff6c 60 16 e6 77 00 00 00 00 - 84 ff 9d 01 ed 24 e4 77 `..w.........$.w 00000000019dff7c 60 ea 00 00 00 00 00 00 - ac ff 9d 01 0f bb 6b 77 `.............kw 00000000019dff8c 60 ea 00 00 d8 57 1b 00 - b4 ba 6b 77 00 00 00 00 `....W....kw.... 00000000019dff9c 00 00 00 00 d8 57 1b 00 - 00 00 67 77 d8 57 1b 00 .....W....gw.W.. 00000000019dffac b8 ff 9d 01 04 17 6b 77 - 00 00 00 00 ec ff 9d 01 ......kw........ 00000000019dffbc 29 48 e6 77 d8 57 1b 00 - 00 00 00 00 00 00 00 00 )H.w.W.......... 00000000019dffcc d8 57 1b 00 00 00 00 00 - c4 ff 9d 01 5d 06 85 80 .W..........]... 00000000019dffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 00000000019dffec 00 00 00 00 00 00 00 00 - e4 16 6b 77 d8 57 1b 00 ..........kw.W.. 00000000019dfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019e000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019e001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019e002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000019e003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xfe4 <----* eax=77c7b0f5 ebx=00000100 ecx=00000000 edx=00000000 esi=001b19e8 edi=00000000 eip=7c8285ec esp=01adfe1c ebp=01adff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01adff84 77c88792 01adffac 77c8872d 001b19e8 ntdll!KiFastSystemCallRet 01adff8c 77c8872d 001b19e8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 01adffac 77c7b110 0014ebb8 01adffec 77e64829 RPCRT4!I_RpcFree+0xb6b 01adffb8 77e64829 001ad7e0 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 01adffec 00000000 77c7b0f5 001ad7e0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001adfe1c 3b 78 82 7c ac 85 c8 77 - 9c 03 00 00 74 ff ad 01 ;x.|...w....t... 0000000001adfe2c 00 00 00 00 e8 32 1c 00 - 54 ff ad 01 c0 d4 8a 80 .....2..T....... 0000000001adfe3c 00 29 3e e6 30 9b e4 b6 - c0 d4 8a 80 00 29 3e e6 .)>.0........)>. 0000000001adfe4c 00 d4 8a 80 48 9b e4 b6 - 56 44 a8 80 60 29 3e e6 ....H...VD..`)>. 0000000001adfe5c 00 d4 8a 80 6c 9b e4 b6 - 6d 25 a8 80 57 e3 83 80 ....l...m%..W... 0000000001adfe6c 00 00 00 00 c0 d4 8a 80 - 60 29 3e e6 00 00 00 00 ........`)>..... 0000000001adfe7c f4 d4 8a 80 00 00 00 00 - c0 50 bc 89 a0 13 37 e5 .........P....7. 0000000001adfe8c 07 00 00 00 4d cc 92 80 - 68 0c 80 89 58 b9 86 e5 ....M...h...X... 0000000001adfe9c c0 50 bc 89 a0 13 37 e5 - 07 00 00 00 e8 9b e4 b6 .P....7......... 0000000001adfeac 80 16 b9 89 b5 b8 89 80 - 00 00 00 00 58 b9 86 e5 ............X... 0000000001adfebc 04 00 00 00 80 9a d1 00 - 08 88 cf 00 00 00 00 20 ............... 0000000001adfecc 00 00 00 00 9f 01 00 00 - 00 00 00 00 d8 13 37 e5 ..............7. 0000000001adfedc 48 5c 7f 89 f4 43 a8 80 - 00 00 00 00 f8 6d 27 e6 H\...C.......m'. 0000000001adfeec f4 43 a8 80 00 00 00 00 - 00 00 00 00 f0 9b e4 b6 .C.............. 0000000001adfefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 9c e4 b6 VD.............. 0000000001adff0c c7 d5 83 80 d0 5b 7f 89 - 78 5c 7f 89 01 00 00 00 .....[..x\...... 0000000001adff1c d0 5b 7f 89 01 00 00 00 - ff ff ff ff 01 00 00 00 .[.............. 0000000001adff2c 7c fa 72 f7 84 ff ad 01 - a6 84 c8 77 4c ff ad 01 |.r........wL... 0000000001adff3c b6 84 c8 77 ab a3 81 7c - 40 74 1c 00 e0 d7 1a 00 ...w...|@t...... 0000000001adff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xfec <----* eax=01b84129 ebx=01ba3040 ecx=00000000 edx=00000000 esi=000003d8 edi=00000000 eip=7c8285ec esp=01ccfefc ebp=01ccff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgc.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgc.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01ccff6c 01b81ced 000003d8 ffffffff 00000001 ntdll!KiFastSystemCallRet 01ccffb8 77e64829 01ba3040 00000000 00000000 nl_msgc+0x1ced 01ccffec 00000000 01b84129 01ba3040 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001ccfefc 0b 7d 82 7c 1e 1d e6 77 - d8 03 00 00 01 00 00 00 .}.|...w........ 0000000001ccff0c 00 00 00 00 96 1c e6 77 - 08 30 ba 01 40 30 ba 01 .......w.0..@0.. 0000000001ccff1c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001ccff2c 30 00 00 00 ff ff ff ff - ff ff ff ff ef 13 e5 77 0..............w 0000000001ccff3c 00 00 00 00 40 30 ba 01 - 96 1c e6 77 00 f0 fd 7f [email protected].... 0000000001ccff4c 00 00 00 00 00 31 bb 01 - 10 ff cc 01 b8 ff cc 01 .....1.......... 0000000001ccff5c a8 ff cc 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001ccff6c b8 ff cc 01 ed 1c b8 01 - d8 03 00 00 ff ff ff ff ................ 0000000001ccff7c 01 00 00 00 00 00 00 00 - d8 30 ba 01 98 41 b8 01 .........0...A.. 0000000001ccff8c 08 30 ba 01 00 00 00 00 - 00 00 00 00 40 30 ba 01 .0..........@0.. 0000000001ccff9c 01 00 00 00 90 ff cc 01 - 5e 00 85 80 dc ff cc 01 ........^....... 0000000001ccffac 20 36 b8 01 28 a7 b8 01 - 00 00 00 00 ec ff cc 01 6..(........... 0000000001ccffbc 29 48 e6 77 40 30 ba 01 - 00 00 00 00 00 00 00 00 )H.w@0.......... 0000000001ccffcc 40 30 ba 01 00 00 00 00 - c4 ff cc 01 5d 06 85 80 @0..........]... 0000000001ccffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001ccffec 00 00 00 00 00 00 00 00 - 29 41 b8 01 40 30 ba 01 ........)A..@0.. 0000000001ccfffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001cd000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001cd001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001cd002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xff0 <----* eax=01b61b00 ebx=01bb30c8 ecx=00000000 edx=00000000 esi=0000040c edi=00000000 eip=7c8285ec esp=01dcff1c ebp=01dcff8c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\nl_lsp.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NetLimiter\nl_lsp.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01dcff8c 77e61c8d 0000040c ffffffff 00000000 ntdll!KiFastSystemCallRet 01dcffa0 01b6198f 0000040c ffffffff 00000000 kernel32!WaitForSingleObject+0x12 01dcffec 00000000 01b61b00 01bb30c8 00000000 nl_lsp+0x198f *----> Raw Stack Dump <----* 0000000001dcff1c 0b 7d 82 7c 1e 1d e6 77 - 0c 04 00 00 00 00 00 00 .}.|...w........ 0000000001dcff2c 00 00 00 00 7b 1c e6 77 - c8 30 bb 01 c8 30 bb 01 ....{..w.0...0.. 0000000001dcff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001dcff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001dcff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 f0 fd 7f ................ 0000000001dcff6c 00 00 00 00 00 00 00 00 - 30 ff dc 01 d8 23 a6 88 ........0....#.. 0000000001dcff7c dc ff dc 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001dcff8c a0 ff dc 01 8d 1c e6 77 - 0c 04 00 00 ff ff ff ff .......w........ 0000000001dcff9c 00 00 00 00 ec ff dc 01 - 8f 19 b6 01 0c 04 00 00 ................ 0000000001dcffac ff ff ff ff 00 00 00 00 - 00 00 00 00 0d 1b b6 01 ................ 0000000001dcffbc 29 48 e6 77 c8 30 bb 01 - 00 00 00 00 00 00 00 00 )H.w.0.......... 0000000001dcffcc c8 30 bb 01 00 00 00 00 - c4 ff dc 01 5d 06 85 80 .0..........]... 0000000001dcffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001dcffec 00 00 00 00 00 00 00 00 - 00 1b b6 01 c8 30 bb 01 .............0.. 0000000001dcfffc 00 00 00 00 c8 00 00 00 - 80 01 00 00 ff ee ff ee ................ 0000000001dd000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00 ................ 0000000001dd001c 00 20 00 00 00 02 00 00 - 00 20 00 00 da 00 00 00 . ....... ...... 0000000001dd002c ff ef fd 7f 12 00 08 06 - 00 00 00 00 00 00 00 00 ................ 0000000001dd003c 00 00 00 00 00 00 00 00 - 98 05 dd 01 0f 00 00 00 ................ 0000000001dd004c f8 ff ff ff 50 00 dd 01 - 50 00 dd 01 40 06 dd 01 ....P...P...@... *----> State Dump for Thread Id 0xff4 <----* eax=71bf2b9d ebx=001ad7c8 ecx=00000000 edx=00000000 esi=7c826f3f edi=001ad7c8 eip=7c8285ec esp=01f0fe88 ebp=01f0ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01f0ffb8 77e64829 001ad7c8 00000000 00000000 ntdll!KiFastSystemCallRet 01f0ffec 00000000 71bf2b9d 001ad7c8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001f0fe88 4b 6f 82 7c 0d 2c bf 71 - 01 00 00 00 a0 fe f0 01 Ko.|.,.q........ 0000000001f0fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 80 ................ 0000000001f0fea8 00 00 00 00 00 00 00 00 - 43 3a 5c 57 49 4e 44 4f ........C:\WINDO 0000000001f0feb8 57 53 5c 73 79 73 74 65 - 6d 33 32 5c 57 53 32 48 WS\system32\WS2H 0000000001f0fec8 45 4c 50 2e 64 6c 6c 00 - 00 00 00 00 00 00 00 00 ELP.dll......... 0000000001f0fed8 02 02 00 00 e0 7b ec b4 - d9 43 a8 80 02 00 00 00 .....{...C...... 0000000001f0fee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 0000000001f0fef8 f0 7b ec b4 56 44 a8 80 - 00 00 00 00 00 00 00 00 .{..VD.......... 0000000001f0ff08 1c 7c ec b4 c7 d5 83 80 - 20 b0 af 88 c8 b0 af 88 .|...... ....... 0000000001f0ff18 00 00 00 00 20 b0 af 88 - 01 00 00 00 ff ff ff ff .... ........... 0000000001f0ff28 00 00 00 00 7c fa df ff - 91 bd 93 80 00 40 fd 7f ....|........@.. 0000000001f0ff38 20 b0 af 88 00 00 00 00 - 20 b0 af 88 30 25 a8 80 ....... ...0%.. 0000000001f0ff48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001f0ff58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001f0ff68 00 00 00 00 20 f1 df ff - 00 00 00 00 00 00 00 00 .... ........... 0000000001f0ff78 20 b0 af 88 c4 7c ec b4 - 75 06 85 80 b0 b1 af 88 ....|..u....... 0000000001f0ff88 05 00 00 00 00 00 00 00 - 00 00 00 00 30 25 a8 80 ............0%.. 0000000001f0ff98 01 00 00 00 01 00 00 00 - c4 7c ec b4 5e 00 85 80 .........|..^... 0000000001f0ffa8 00 00 00 00 00 00 00 00 - 00 02 00 00 3f 35 00 00 ............?5.. 0000000001f0ffb8 ec ff f0 01 29 48 e6 77 - c8 d7 1a 00 00 00 00 00 ....)H.w........ *----> State Dump for Thread Id 0xff8 <----* eax=00000000 ebx=00e5652d ecx=00000000 edx=00000000 esi=00000000 edi=066afe28 eip=7c8285ec esp=066afde8 ebp=066afe50 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200206 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Symantec AntiVirus\Cliscan.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 066afe50 77e424ed 000001f4 00000000 00000091 ntdll!KiFastSystemCallRet 066afe60 65efdc46 000001f4 00000000 00e658c0 kernel32!Sleep+0xf 00000091 00000000 00000000 00000000 00000000 Cliscan!StopScanEngine+0x1a6 *----> Raw Stack Dump <----* 00000000066afde8 4b 6f 82 7c d1 1e e4 77 - 00 00 00 00 28 fe 6a 06 Ko.|...w....(.j. 00000000066afdf8 5b f0 f5 77 c0 58 e6 00 - 2d 65 e5 00 24 00 00 00 [..w.X..-e..$... 00000000066afe08 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000066afe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000066afe28 c0 b4 b3 ff ff ff ff ff - 00 00 00 00 28 fe 6a 06 ............(.j. 00000000066afe38 f8 fd 6a 06 00 00 00 00 - a8 ff 6a 06 60 1a e6 77 ..j.......j.`..w 00000000066afe48 60 16 e6 77 00 00 00 00 - 60 fe 6a 06 ed 24 e4 77 `..w....`.j..$.w 00000000066afe58 f4 01 00 00 00 00 00 00 - 91 00 00 00 46 dc ef 65 ............F..e 00000000066afe68 f4 01 00 00 00 00 00 00 - c0 58 e6 00 20 65 e5 00 .........X.. e.. 00000000066afe78 b8 ff 6a 06 53 00 49 00 - 4e 00 47 00 5f 00 44 00 ..j.S.I.N.G._.D. 00000000066afe88 45 00 46 00 5f 00 44 00 - 49 00 52 00 00 00 00 00 E.F._.D.I.R..... 00000000066afe98 44 55 5f 45 5f 4d 49 53 - 53 49 4e 47 5f 44 45 46 DU_E_MISSING_DEF 00000000066afea8 5f 44 49 52 00 00 00 00 - 44 00 55 00 5f 00 45 00 _DIR....D.U._.E. 00000000066afeb8 5f 00 4d 00 49 00 53 00 - 53 00 49 00 4e 00 47 00 _.M.I.S.S.I.N.G. 00000000066afec8 00 00 00 00 ae 41 a8 80 - 00 00 00 00 00 00 00 00 .....A.......... 00000000066afed8 02 02 00 00 e0 eb 9b b5 - d9 43 a8 80 02 00 00 00 .........C...... 00000000066afee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 00000000066afef8 f0 eb 9b b5 56 44 a8 80 - 00 00 00 00 00 00 00 00 ....VD.......... 00000000066aff08 1c ec 9b b5 00 00 37 00 - 00 00 00 00 f8 13 e9 88 ......7......... 00000000066aff18 98 00 00 00 13 00 00 00 - 01 00 01 00 6c fe 6a 06 ............l.j. *----> State Dump for Thread Id 0x8c <----* eax=00000102 ebx=00000000 ecx=068bfed8 edx=7c8285ec esi=000004d4 edi=00000000 eip=7c8285ec esp=068bfed8 ebp=068bff48 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 068bff48 77e61c8d 000004d4 000003e8 00000000 ntdll!KiFastSystemCallRet 068bff5c 65ef15d9 000004d4 000003e8 068bffb8 kernel32!WaitForSingleObject+0x12 068bffb8 77e64829 00e5aca0 00000000 00000000 Cliscan!Ordinal203+0x15d9 068bffec 00000000 7c36b1bf 00e5aca0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000068bfed8 0b 7d 82 7c 1e 1d e6 77 - d4 04 00 00 00 00 00 00 .}.|...w........ 00000000068bfee8 1c ff 8b 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000068bfef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000068bff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000068bff18 00 00 00 00 80 69 67 ff - ff ff ff ff 00 f0 fd 7f .....ig......... 00000000068bff28 1c ff 8b 06 00 00 00 00 - ec fe 8b 06 ac 6d f7 77 .............m.w 00000000068bff38 a8 ff 8b 06 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 00000000068bff48 5c ff 8b 06 8d 1c e6 77 - d4 04 00 00 e8 03 00 00 \......w........ 00000000068bff58 00 00 00 00 b8 ff 8b 06 - d9 15 ef 65 d4 04 00 00 ...........e.... 00000000068bff68 e8 03 00 00 b8 ff 8b 06 - 00 00 00 00 38 5b e5 00 ............8[.. 00000000068bff78 a0 ac e5 00 50 f1 39 00 - 00 00 00 00 00 00 00 00 ....P.9......... 00000000068bff88 2b b2 36 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 +.6|............ 00000000068bff98 a0 ac e5 00 01 00 00 00 - 90 ff 8b 06 5e 00 85 80 ............^... 00000000068bffa8 dc ff 8b 06 e2 38 36 7c - 20 f6 39 7c 00 00 00 00 .....86| .9|.... 00000000068bffb8 ec ff 8b 06 29 48 e6 77 - a0 ac e5 00 00 00 00 00 ....)H.w........ 00000000068bffc8 00 00 00 00 a0 ac e5 00 - 00 00 00 00 c4 ff 8b 06 ................ 00000000068bffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 00000000068bffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 bf b1 36 7c ..............6| 00000000068bfff8 a0 ac e5 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000068c0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xb4 <----* eax=77575eb2 ebx=02499cf8 ecx=00000000 edx=00000000 esi=00000318 edi=00000000 eip=7c8285ec esp=067aff1c ebp=067aff8c iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 067aff8c 77e61c8d 00000318 00001046 00000000 ntdll!KiFastSystemCallRet 067affa0 77575eeb 00000318 00001046 00000000 kernel32!WaitForSingleObject+0x12 067affb8 77e64829 02499cf8 00000000 00000000 COMCTL32!Ordinal384+0x13ba0 067affec 00000000 77575eb2 02499cf8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000067aff1c 0b 7d 82 7c 1e 1d e6 77 - 18 03 00 00 00 00 00 00 .}.|...w........ 00000000067aff2c 60 ff 7a 06 a0 0f 00 00 - f8 9c 49 02 f8 9c 49 02 `.z.......I...I. 00000000067aff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000067aff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000067aff5c 00 00 00 00 a0 51 84 fd - ff ff ff ff 00 f0 fd 7f .....Q.......... 00000000067aff6c 60 ff 7a 06 f8 9c 49 02 - 30 ff 7a 06 ff ff ff ff `.z...I.0.z..... 00000000067aff7c dc ff 7a 06 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..z.`..wH..w.... 00000000067aff8c a0 ff 7a 06 8d 1c e6 77 - 18 03 00 00 46 10 00 00 ..z....w....F... 00000000067aff9c 00 00 00 00 b8 ff 7a 06 - eb 5e 57 77 18 03 00 00 ......z..^Ww.... 00000000067affac 46 10 00 00 00 00 00 00 - 00 00 00 00 ec ff 7a 06 F.............z. 00000000067affbc 29 48 e6 77 f8 9c 49 02 - 00 00 00 00 00 00 00 00 )H.w..I......... 00000000067affcc f8 9c 49 02 00 00 00 00 - c4 ff 7a 06 5d 06 85 80 ..I.......z.]... 00000000067affdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 00000000067affec 00 00 00 00 00 00 00 00 - b2 5e 57 77 f8 9c 49 02 .........^Ww..I. 00000000067afffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000067b000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000067b001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000067b002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000067b003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000067b004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Application exception occurred: App: C:\Program Files\Symantec AntiVirus\VPC32.exe (pid=184) When: 18.02.2009 @ 18:37:09.265 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 456 lsass.exe 628 svchost.exe 720 svchost.exe 800 svchost.exe 816 svchost.exe 856 svchost.exe 920 ccSetMgr.exe 948 ccEvtMgr.exe 1056 SPBBCSvc.exe 1240 spoolsv.exe 1276 msdtc.exe 1384 DefWatch.exe 1408 svchost.exe 1456 jqs.exe 1532 svchost.exe 1660 Rtvscan.exe 1760 tssdis.exe 2032 svchost.exe 2136 alg.exe 2600 wmiprvse.exe 2880 csrss.exe 2908 winlogon.exe 3100 rdpclip.exe 3168 Explorer.EXE 3244 ccApp.exe 3284 VPTray.exe 3300 NetLimiter.exe 3308 jusched.exe 3340 ctfmon.exe 3392 uTorrent.exe 3412 svchost.exe 3568 G6FTPSrv.exe 3704 logon.scr 3732 infocard.exe 184 VPC32.exe 1380 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000447000: C:\Program Files\Symantec AntiVirus\VPC32.exe 0000000000c80000 - 0000000000c91000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll 0000000000d80000 - 0000000000d8c000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll 0000000000d90000 - 0000000000dc3000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll 0000000000dd0000 - 0000000000de4000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll 0000000000df0000 - 0000000000dfe000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll 0000000001d10000 - 0000000001d26000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll 0000000001d30000 - 0000000001d43000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll 0000000001d50000 - 0000000001d63000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll 0000000001d70000 - 0000000001d84000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll 0000000001d90000 - 0000000001d9d000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll 0000000001da0000 - 0000000001db8000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll 0000000001dc0000 - 0000000001de4000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll 0000000001df0000 - 0000000001dff000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll 0000000001e00000 - 0000000001e11000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll 0000000001e20000 - 0000000001e55000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll 0000000001e70000 - 0000000002135000: C:\WINDOWS\system32\xpsp2res.dll 00000000024d0000 - 00000000024e5000: C:\Program Files\NetLimiter\nl_lsp.dll 00000000024f0000 - 0000000002501000: C:\WINDOWS\system32\nl_msgc.dll 0000000002990000 - 0000000002a29000: C:\Program Files\Symantec AntiVirus\DefUtDCD.dll 0000000010000000 - 000000001000d000: C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000004b750000 - 000000004b7d9000: C:\WINDOWS\system32\hhctrl.ocx 0000000057b60000 - 0000000057b6a000: C:\WINDOWS\System32\wshqos.dll 0000000057b80000 - 0000000057b87000: C:\WINDOWS\System32\wship6.dll 000000005d360000 - 000000005d36e000: C:\WINDOWS\system32\MFC71ENU.DLL 000000005f270000 - 000000005f2ca000: C:\WINDOWS\system32\hnetcfg.dll 0000000061f80000 - 0000000061f93000: C:\Program Files\Symantec AntiVirus\SDSTP32I.DLL 0000000061fa0000 - 0000000061faf000: C:\Program Files\Symantec AntiVirus\SDSOK32I.DLL 0000000062f10000 - 0000000062f97000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx 0000000065470000 - 00000000654ab000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx 00000000654b0000 - 00000000654f4000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx 0000000065aa0000 - 0000000065af2000: C:\Program Files\Symantec AntiVirus\scandres.dll 0000000065b00000 - 0000000065b43000: C:\Program Files\Symantec AntiVirus\SCANDLVR.DLL 0000000065b50000 - 0000000065b97000: C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll 0000000065e10000 - 0000000065e20000: C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL 0000000065e90000 - 0000000065eb4000: C:\Program Files\Symantec AntiVirus\I2ldvp3.dll 0000000065ef0000 - 0000000065fa3000: C:\Program Files\Symantec AntiVirus\Cliscan.dll 0000000065fb0000 - 0000000065ffd000: C:\Program Files\Symantec AntiVirus\Cliproxy.dll 0000000068000000 - 0000000068035000: C:\WINDOWS\system32\rsaenh.dll 0000000069000000 - 000000006901d000: C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL 0000000069040000 - 000000006907f000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\ecmsvr32.dll 0000000069100000 - 0000000069220000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\NAVEX32a.DLL 00000000692c0000 - 00000000692ea000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\NAVENG32.DLL 000000006ad40000 - 000000006ad4f000: C:\Program Files\Common Files\Symantec Shared\ccDec.dll 000000006af90000 - 000000006afee000: C:\Program Files\Common Files\Symantec Shared\ccL40.dll 000000006b2b0000 - 000000006b2e5000: C:\Program Files\Common Files\Symantec Shared\ccScan.dll 000000006b350000 - 000000006b367000: C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll 000000006d300000 - 000000006d54e000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\ccEraser.dll 000000006fa60000 - 000000006fa98000: C:\Program Files\Symantec AntiVirus\SAVRT32.DLL 0000000071ae0000 - 0000000071ae8000: C:\WINDOWS\system32\wshtcpip.dll 0000000071b20000 - 0000000071b61000: C:\WINDOWS\system32\MSWSOCK.dll 0000000071bb0000 - 0000000071bb9000: C:\WINDOWS\system32\WSOCK32.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\netapi32.dll 00000000745e0000 - 000000007489e000: C:\WINDOWS\system32\msi.dll 0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\SXS.DLL 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\shfolder.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\userenv.dll 0000000076b10000 - 0000000076b15000: C:\WINDOWS\system32\SFC.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll 0000000076be0000 - 0000000076c0b000: C:\WINDOWS\system32\sfc_os.dll 0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076ed0000 - 0000000076efa000: C:\WINDOWS\system32\DNSAPI.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000076f70000 - 0000000076f77000: C:\WINDOWS\System32\winrnr.dll 0000000076f80000 - 0000000076f85000: C:\WINDOWS\system32\rasadhlp.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c140000 - 000000007c246000: C:\WINDOWS\system32\MFC71.DLL 000000007c360000 - 000000007c3b6000: C:\WINDOWS\system32\MSVCR71.dll 000000007c3c0000 - 000000007c43c000: C:\WINDOWS\system32\MSVCP71.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll *----> State Dump for Thread Id 0x200 <----* eax=00000000 ebx=0000bc04 ecx=00f24198 edx=7c223914 esi=0037b6f0 edi=00000000 eip=62f2f81c esp=0012efac ebp=0012f284 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx - function: LDVPCtls!DllUnregisterServer 62f2f800 7479 jz LDVPCtls!DllUnregisterServer+0xe73b (62f2f87b) 62f2f802 f4 hlt 62f2f803 62e8 bound ebp,eax 62f2f805 c3 ret 62f2f806 2301 and eax,[ecx] 62f2f808 0085c074098b add [ebp+0x8b0974c0],al 62f2f80e 108bc8ff527c adc [ebx+0x7c52ffc8],cl 62f2f814 eb02 jmp LDVPCtls!DllUnregisterServer+0xe6d8 (62f2f818) 62f2f816 33c0 xor eax,eax 62f2f818 8b4c240c mov ecx,[esp+0xc] FAULT ->62f2f81c 8b5020 mov edx,[eax+0x20] ds:0023:00000020=???????? 62f2f81f 6a01 push 0x1 62f2f821 6a00 push 0x0 62f2f823 6a00 push 0x0 62f2f825 51 push ecx 62f2f826 6a00 push 0x0 62f2f828 52 push edx 62f2f829 ff15007bf462 call dword ptr [LDVPCtls!DllCanUnloadNow+0x5172 (62f47b00)] 62f2f82f 33c9 xor ecx,ecx 62f2f831 83f820 cmp eax,0x20 62f2f834 0f9fc1 setnle cl *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MFC71.DLL - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0012f284 7c1b0f28 00f181f0 00000000 0000ff9c LDVPCtls!DllUnregisterServer+0xe6dc 0012f2b4 7c1ade52 00000000 0000ff9c 0012f2d4 MFC71!Ordinal4261+0x10a 0012f2dc 7c1ac211 0000004e 00001388 0012f8a4 MFC71!Ordinal5373+0x52 0012f368 7c1acd7e 00160190 0012f418 00f18008 MFC71!Ordinal5652+0x29 0012f390 7c1ad84f 00001388 ffffff9c 0012f418 MFC71!Ordinal4722+0x46 0012f428 7c1a9f01 0000004e 00001388 0012f8a4 MFC71!Ordinal5073+0x5f 0012f448 7c182872 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x22 0012f470 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6270+0x11c 0012f4d0 7c1ac639 00000000 0015019e 0000004e MFC71!Ordinal1028+0x91 0012f4f0 62f41f90 0015019e 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f51c 7739b6e3 0015019e 0000004e 00001388 LDVPCtls!DllUnregisterServer+0x20e50 0012f548 7739b874 62f41f62 0015019e 0000004e USER32!LoadCursorW+0x4cf5 0012f5c0 7739bfce 00000000 62f41f62 0015019e USER32!LoadCursorW+0x4e86 0012f5f0 773b0463 62f41f62 0015019e 0000004e USER32!CallWindowProcW+0x75 0012f610 7c1a9cbc 62f41f62 0015019e 0000004e USER32!CallWindowProcA+0x1b 0012f630 7c1a9f18 0000004e 00001388 0012f8a4 MFC71!Ordinal1908+0x42 0012f64c 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x39 0012f6ac 7c1ac639 00000000 0015019e 0000004e MFC71!Ordinal1028+0x91 0012f6cc 65b6fe06 0015019e 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f6f8 7739b6e3 0015019e 0000004e 00001388 scandlgs!DllUnregisterServer+0x68b6 0012f724 7739b874 65b6fdd8 0015019e 0000004e USER32!LoadCursorW+0x4cf5 0012f79c 7739c2d3 00000000 65b6fdd8 0015019e USER32!LoadCursorW+0x4e86 0012f7d8 7739c337 0065b560 0065b4d0 00001388 USER32!IsWindow+0x148 0012f7f8 77537910 0015019e 0000004e 00001388 USER32!SendMessageW+0x49 0012f890 77541dbe 001b07d0 ffffff9c 0012f8a4 COMCTL32!Ordinal73+0x764 0012f8d0 7754187b 001b07d0 00000000 00000000 COMCTL32!Ordinal330+0x1274 0012f938 775415d7 001b07d0 0012f954 ffffffff COMCTL32!Ordinal330+0xd31 0012f984 77584c52 001b07d0 00000000 00000003 COMCTL32!Ordinal330+0xa8d 0012f9a8 77585c5c 001b07d0 00000000 00000001 COMCTL32!Ordinal384+0x22907 0012f9c4 77585ecd 001b07d0 00000000 00000001 COMCTL32!Ordinal384+0x23911 0012fa44 77586211 00160190 00000000 0000004f COMCTL32!Ordinal384+0x23b82 0012fa64 775384d3 001b07d0 00000000 0000004f COMCTL32!Ordinal384+0x23ec6 0012fbe4 7739b6e3 00160190 00000201 00000001 COMCTL32!Ordinal73+0x1327 0012fc10 7739b874 77537dc7 00160190 00000201 USER32!LoadCursorW+0x4cf5 0012fc88 7739bfce 00000000 77537dc7 00160190 USER32!LoadCursorW+0x4e86 0012fcb8 773b0463 ffff0169 00160190 00000201 USER32!CallWindowProcW+0x75 0012fcd8 7c1a9cbc ffff0169 00160190 00000201 USER32!CallWindowProcA+0x1b 0012fcf8 7c1a9f18 00000201 00000001 0020004f MFC71!Ordinal1908+0x42 0012fd14 7c1ac5a9 00000201 00000001 0020004f MFC71!Ordinal6275+0x39 0012fd74 7c1ac639 00000000 00160190 00000201 MFC71!Ordinal1028+0x91 0012fd94 62f41f90 00160190 00000201 00000001 MFC71!Ordinal1209+0x34 0012fdc0 7739b6e3 00160190 00000201 00000001 LDVPCtls!DllUnregisterServer+0x20e50 0012fdec 7739b874 62f2a380 00160190 00000201 USER32!LoadCursorW+0x4cf5 0012fe64 7739ba92 00000000 62f2a380 00160190 USER32!LoadCursorW+0x4e86 0012fecc 773a16e5 00145488 00000001 00000000 USER32!TranslateMessageEx+0x10d 0012fedc 7c1b1645 00145488 00145488 0042c130 USER32!DispatchMessageA+0xf 00000000 00000000 00000000 00000000 00000000 MFC71!Ordinal1106+0x3e *----> Raw Stack Dump <----* 000000000012efac 01 00 00 00 f0 b6 37 00 - 4e bc 00 00 98 41 f2 00 ......7.N....A.. 000000000012efbc e0 38 22 7c 98 41 f2 00 - d8 4f f3 00 04 01 00 00 .8"|.A...O...... 000000000012efcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012efdc 05 10 00 00 18 15 1b 00 - f0 f1 12 00 01 00 00 00 ................ 000000000012efec 48 02 14 00 bc 9c 1a 7c - 69 01 ff ff 90 01 16 00 H......|i....... 000000000012effc 05 10 00 00 00 00 00 00 - a0 14 1b 00 f0 81 f1 00 ................ 000000000012f00c 28 f0 12 00 18 9f 1a 7c - 16 00 00 00 18 03 37 00 (......|......7. 000000000012f01c 0b 00 00 00 48 32 f4 00 - d0 a5 f3 00 06 00 00 00 ....H2.......... 000000000012f02c d0 01 14 00 18 03 37 00 - 00 00 00 00 0e 00 00 00 ......7......... 000000000012f03c 4c f1 12 00 90 01 16 00 - 00 00 00 00 9e 01 15 00 L............... 000000000012f04c 4e 00 00 00 0f 00 00 00 - 00 00 00 00 00 00 00 00 N............... 000000000012f05c 28 02 14 00 00 00 00 04 - 84 f0 12 00 78 f1 12 00 (...........x... 000000000012f06c 38 42 16 00 80 f0 12 00 - c0 14 1b 00 94 f0 12 00 8B.............. 000000000012f07c 71 a7 82 7c 16 00 00 00 - c0 14 1b 00 00 00 14 00 q..|............ 000000000012f08c 34 00 00 00 a0 f0 12 00 - 01 00 00 00 b5 9f 82 7c 4..............| 000000000012f09c 18 ea 1a 00 80 f1 12 00 - 3d 9f 82 7c 10 00 00 00 ........=..|.... 000000000012f0ac 59 9f 82 7c 01 00 00 00 - 18 f2 12 00 20 ea 1a 00 Y..|........ ... 000000000012f0bc a0 14 1b 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................ 000000000012f0cc b5 9f 82 7c 00 74 37 00 - b4 f1 12 00 08 2a f4 00 ...|.t7......*.. 000000000012f0dc 78 07 37 00 59 9f 82 7c - e0 33 f4 00 08 74 37 00 x.7.Y..|.3...t7. *----> State Dump for Thread Id 0x27c <----* eax=7c80e1fa ebx=00bafef0 ecx=00000000 edx=00000000 esi=00000002 edi=00000000 eip=7c8285ec esp=00bafea4 ebp=00baff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00baff48 7c80e4a2 00000002 00baff70 00000000 ntdll!KiFastSystemCallRet 00baffb8 77e64829 00000000 00000000 00000000 ntdll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus+0x301 00baffec 00000000 7c80e1fa 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000bafea4 fb 7c 82 7c bb e5 80 7c - 02 00 00 00 f0 fe ba 00 .|.|...|........ 0000000000bafeb4 01 00 00 00 01 00 00 00 - 10 ff ba 00 00 10 00 00 ................ 0000000000bafec4 90 2f 9b 00 c0 83 88 7c - 24 00 00 00 01 00 00 00 ./.....|$....... 0000000000bafed4 00 00 00 00 00 00 00 00 - 30 00 00 00 ff ff ff ff ........0....... 0000000000bafee4 ff ff ff ff 61 d3 80 7c - 00 00 00 00 70 00 00 00 ....a..|....p... 0000000000bafef4 78 00 00 00 08 00 00 c0 - 00 10 00 00 30 ff ba 00 x...........0... 0000000000baff04 d1 96 82 7c d6 96 82 7c - 00 10 00 00 00 a2 2f 4d ...|...|....../M 0000000000baff14 ff ff ff ff 00 40 fd 7f - c0 83 88 7c 10 ff ba 00 .....@.....|.... 0000000000baff24 f0 fe ba 00 e0 96 82 7c - 02 00 00 00 c0 fe ba 00 .......|........ 0000000000baff34 ae e1 80 7c dc ff ba 00 - 70 82 82 7c c8 d3 80 7c ...|....p..|...| 0000000000baff44 00 00 00 00 b8 ff ba 00 - a2 e4 80 7c 02 00 00 00 ...........|.... 0000000000baff54 70 ff ba 00 00 00 00 00 - e0 93 04 00 01 00 00 00 p............... 0000000000baff64 00 00 00 00 00 00 00 00 - 00 00 00 00 70 00 00 00 ............p... 0000000000baff74 78 00 00 00 00 10 00 00 - 90 2f 9b 00 00 10 00 00 x......../...... 0000000000baff84 88 1f 9b 00 a0 70 88 7c - 00 00 00 00 28 00 00 00 .....p.|....(... 0000000000baff94 80 70 88 7c 00 10 00 00 - a0 70 88 7c 90 2f 9b 00 .p.|.....p.|./.. 0000000000baffa4 00 00 00 00 80 70 88 7c - e5 03 00 00 00 10 00 00 .....p.|........ 0000000000baffb4 88 1f 9b 00 ec ff ba 00 - 29 48 e6 77 00 00 00 00 ........)H.w.... 0000000000baffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000baffd4 c4 ff ba 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w *----> State Dump for Thread Id 0x308 <----* eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001 eip=7c8285ec esp=0120fcf0 ebp=0120ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0120ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet 0120ffec 00000000 7c83c643 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000120fcf0 fb 7c 82 7c 8e c7 83 7c - 13 00 00 00 34 fd 20 01 .|.|...|....4. . 000000000120fd00 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fd10 00 00 00 00 00 00 00 00 - 88 96 88 7c 88 96 88 7c ...........|...| 000000000120fd20 14 02 00 00 08 03 00 00 - 13 00 00 00 13 00 00 00 ................ 000000000120fd30 12 00 00 00 48 02 00 00 - 94 01 00 00 b0 00 00 00 ....H........... 000000000120fd40 84 02 00 00 78 02 00 00 - 6c 02 00 00 20 02 00 00 ....x...l... ... 000000000120fd50 30 02 00 00 28 02 00 00 - 44 02 00 00 3c 02 00 00 0...(...D...<... 000000000120fd60 98 02 00 00 a4 02 00 00 - b0 02 00 00 b8 02 00 00 ................ 000000000120fd70 c4 02 00 00 d0 02 00 00 - dc 02 00 00 e4 02 00 00 ................ 000000000120fd80 d0 03 00 00 dc 03 00 00 - e8 03 00 00 f4 03 00 00 ................ 000000000120fd90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fda0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fdb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fdc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fdd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fde0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fdf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fe00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000120fe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x30c <----* eax=76929dd9 ebx=0130ff10 ecx=00000000 edx=00000000 esi=0130ff18 edi=7ffd4000 eip=7c8285ec esp=0130fec4 ebp=0130ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\userenv.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0130ff6c 77e62fbe 00000003 769cd34c 00000000 ntdll!KiFastSystemCallRet 0130ff88 76929e35 00000003 769cd34c 00000000 kernel32!WaitForMultipleObjects+0x18 0130ffb8 77e64829 00000000 00000000 00000000 userenv!ExpandEnvironmentStringsForUserW+0x6f2 0130ffec 00000000 76929dd9 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000130fec4 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 10 ff 30 01 .|.|, .w......0. 000000000130fed4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000130fee4 f8 d3 9c 76 6f 3e e6 77 - 24 00 00 00 01 00 00 00 ...vo>.w$....... 000000000130fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000130ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 c8 00 00 00 ................ 000000000130ff14 50 02 00 00 94 02 00 00 - 59 9f 82 7c 20 1c e4 77 P.......Y..| ..w 000000000130ff24 00 00 14 00 00 00 00 00 - 30 1c e4 77 00 00 00 00 ........0..w.... 000000000130ff34 00 00 00 00 00 40 fd 7f - 66 01 68 01 00 00 00 00 [email protected]..... 000000000130ff44 10 ff 30 01 00 00 00 00 - 00 00 00 00 03 00 00 00 ..0............. 000000000130ff54 e0 fe 30 01 00 00 00 00 - dc ff 30 01 60 1a e6 77 ..0.......0.`..w 000000000130ff64 f8 1f e6 77 00 00 00 00 - 88 ff 30 01 be 2f e6 77 ...w......0../.w 000000000130ff74 03 00 00 00 4c d3 9c 76 - 00 00 00 00 ff ff ff ff ....L..v........ 000000000130ff84 00 00 00 00 b8 ff 30 01 - 35 9e 92 76 03 00 00 00 ......0.5..v.... 000000000130ff94 4c d3 9c 76 00 00 00 00 - ff ff ff ff 00 00 00 00 L..v............ 000000000130ffa4 00 00 00 00 00 00 00 00 - 00 00 92 76 03 00 00 00 ...........v.... 000000000130ffb4 00 00 00 00 ec ff 30 01 - 29 48 e6 77 00 00 00 00 ......0.)H.w.... 000000000130ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000130ffd4 c4 ff 30 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..0.].......`..w 000000000130ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000130fff4 d9 9d 92 76 00 00 00 00 - 00 00 00 00 6a 00 31 01 ...v........j.1. *----> State Dump for Thread Id 0x318 <----* eax=00000102 ebx=001b68d8 ecx=01c0ff1c edx=7c8285ec esi=00000304 edi=00000000 eip=7c8285ec esp=01c0ff1c ebp=01c0ff8c iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01c0ff8c 77e61c8d 00000304 00001046 00000000 ntdll!KiFastSystemCallRet 01c0ffa0 77575eeb 00000304 00001046 00000000 kernel32!WaitForSingleObject+0x12 01c0ffb8 77e64829 001b68d8 00000000 00000000 COMCTL32!Ordinal384+0x13ba0 01c0ffec 00000000 77575eb2 001b68d8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001c0ff1c 0b 7d 82 7c 1e 1d e6 77 - 04 03 00 00 00 00 00 00 .}.|...w........ 0000000001c0ff2c 60 ff c0 01 a0 0f 00 00 - d8 68 1b 00 d8 68 1b 00 `........h...h.. 0000000001c0ff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001c0ff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c0ff5c 00 00 00 00 a0 51 84 fd - ff ff ff ff 00 40 fd 7f .....Q.......@.. 0000000001c0ff6c 60 ff c0 01 d8 68 1b 00 - 30 ff c0 01 ff ff ff ff `....h..0....... 0000000001c0ff7c dc ff c0 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001c0ff8c a0 ff c0 01 8d 1c e6 77 - 04 03 00 00 46 10 00 00 .......w....F... 0000000001c0ff9c 00 00 00 00 b8 ff c0 01 - eb 5e 57 77 04 03 00 00 .........^Ww.... 0000000001c0ffac 46 10 00 00 00 00 00 00 - 00 00 00 00 ec ff c0 01 F............... 0000000001c0ffbc 29 48 e6 77 d8 68 1b 00 - 00 00 00 00 00 00 00 00 )H.w.h.......... 0000000001c0ffcc d8 68 1b 00 00 00 00 00 - c4 ff c0 01 5d 06 85 80 .h..........]... 0000000001c0ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001c0ffec 00 00 00 00 00 00 00 00 - b2 5e 57 77 d8 68 1b 00 .........^Ww.h.. 0000000001c0fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c1000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c1001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c1002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c1003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c1004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x464 <----* eax=77c7b0f5 ebx=00000100 ecx=00000000 edx=00000000 esi=001432a8 edi=00000000 eip=7c8285ec esp=0224fe1c ebp=0224ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0224ff84 77c88792 0224ffac 77c8872d 001432a8 ntdll!KiFastSystemCallRet 0224ff8c 77c8872d 001432a8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0224ffac 77c7b110 0014e9a8 0224ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0224ffb8 77e64829 001b6158 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0224ffec 00000000 77c7b0f5 001b6158 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000224fe1c 3b 78 82 7c ac 85 c8 77 - 90 03 00 00 74 ff 24 02 ;x.|...w....t.$. 000000000224fe2c 00 00 00 00 30 4b 1c 00 - 54 ff 24 02 c0 d4 8a 80 ....0K..T.$..... 000000000224fe3c 00 29 3e e6 30 fb 90 ba - c0 d4 8a 80 00 29 3e e6 .)>.0........)>. 000000000224fe4c 00 d4 8a 80 48 fb 90 ba - 56 44 a8 80 60 29 3e e6 ....H...VD..`)>. 000000000224fe5c 00 d4 8a 80 6c fb 90 ba - 6d 25 a8 80 57 e3 83 80 ....l...m%..W... 000000000224fe6c 00 00 00 00 c0 d4 8a 80 - 60 29 3e e6 00 00 00 00 ........`)>..... 000000000224fe7c f4 d4 8a 80 00 00 00 00 - 90 40 bc 89 88 70 46 e5 [email protected]. 000000000224fe8c 07 00 00 00 4d cc 92 80 - 68 0c 80 89 40 68 47 e6 ....M...h...@hG. 000000000224fe9c 90 40 bc 89 88 70 46 e5 - 07 00 00 00 e8 fb 90 ba [email protected]......... 000000000224feac 80 36 b9 89 b5 b8 89 80 - 00 00 00 00 40 68 47 e6 .6..........@hG. 000000000224febc 04 00 00 00 80 9a d1 00 - 08 88 cf 00 00 00 00 00 ................ 000000000224fecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 000000000224fedc e0 fb 90 ba d9 43 a8 80 - 02 00 00 00 00 00 00 00 .....C.......... 000000000224feec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 fb 90 ba .C.............. 000000000224fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c fc 90 ba VD.............. 000000000224ff0c c7 d5 83 80 60 64 2b 89 - 08 65 2b 89 00 00 00 00 ....`d+..e+..... 000000000224ff1c 60 64 2b 89 01 00 00 00 - ff ff ff ff 00 00 00 00 `d+............. 000000000224ff2c 7c fa df ff 84 ff 24 02 - a6 84 c8 77 4c ff 24 02 |.....$....wL.$. 000000000224ff3c b6 84 c8 77 ab a3 81 7c - b0 64 1b 00 58 61 1b 00 ...w...|.d..Xa.. 000000000224ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0x4b4 <----* eax=776b16e4 ebx=00007530 ecx=00000000 edx=00000000 esi=00000000 edi=0234ff4c eip=7c8285ec esp=0234ff0c ebp=0234ff74 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0234ff74 77e424ed 0000ea60 00000000 0234ffac ntdll!KiFastSystemCallRet 0234ff84 776bbb0f 0000ea60 001b8bd0 776bbab4 kernel32!Sleep+0xf 0234ffac 776b1704 00000000 0234ffec 77e64829 ole32!CoFreeUnusedLibrariesEx+0x1c0 0234ffb8 77e64829 001b8bd0 00000000 00000000 ole32!CoRegisterChannelHook+0x538 0234ffec 00000000 776b16e4 001b8bd0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000234ff0c 4b 6f 82 7c d1 1e e4 77 - 00 00 00 00 4c ff 34 02 Ko.|...w....L.4. 000000000234ff1c 96 1c e6 77 48 69 79 77 - 30 75 00 00 24 00 00 00 ...wHiyw0u..$... 000000000234ff2c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000234ff3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000234ff4c 00 ba 3c dc ff ff ff ff - 34 66 79 77 4c ff 34 02 ..<.....4fywL.4. 000000000234ff5c 1c ff 34 02 49 f8 6b 77 - dc ff 34 02 60 1a e6 77 ..4.I.kw..4.`..w 000000000234ff6c 60 16 e6 77 00 00 00 00 - 84 ff 34 02 ed 24 e4 77 `..w......4..$.w 000000000234ff7c 60 ea 00 00 00 00 00 00 - ac ff 34 02 0f bb 6b 77 `.........4...kw 000000000234ff8c 60 ea 00 00 d0 8b 1b 00 - b4 ba 6b 77 00 00 00 00 `.........kw.... 000000000234ff9c 00 00 00 00 d0 8b 1b 00 - 00 00 67 77 d0 8b 1b 00 ..........gw.... 000000000234ffac b8 ff 34 02 04 17 6b 77 - 00 00 00 00 ec ff 34 02 ..4...kw......4. 000000000234ffbc 29 48 e6 77 d0 8b 1b 00 - 00 00 00 00 00 00 00 00 )H.w............ 000000000234ffcc d0 8b 1b 00 00 00 00 00 - c4 ff 34 02 5d 06 85 80 ..........4.]... 000000000234ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000234ffec 00 00 00 00 00 00 00 00 - e4 16 6b 77 d0 8b 1b 00 ..........kw.... 000000000234fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000235000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000235001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000235002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000235003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x350 <----* eax=77c7b0f5 ebx=00000100 ecx=00000000 edx=00000000 esi=001432a8 edi=00000000 eip=7c8285ec esp=0244fe1c ebp=0244ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0244ff84 77c88792 0244ffac 77c8872d 001432a8 ntdll!KiFastSystemCallRet 0244ff8c 77c8872d 001432a8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0244ffac 77c7b110 0014e9a8 0244ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0244ffb8 77e64829 001b6940 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0244ffec 00000000 77c7b0f5 001b6940 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000244fe1c 3b 78 82 7c ac 85 c8 77 - 90 03 00 00 74 ff 44 02 ;x.|...w....t.D. 000000000244fe2c 00 00 00 00 38 5e 1c 00 - 54 ff 44 02 00 00 00 00 ....8^..T.D..... 000000000244fe3c 90 6c a6 88 00 76 8b 80 - 00 00 00 00 00 91 8b 80 .l...v.......... 000000000244fe4c 44 0b 79 b5 56 44 a8 80 - 00 00 00 00 00 91 8b 80 D.y.VD.......... 000000000244fe5c 88 0b 79 b5 6d 25 a8 80 - 7c c5 89 80 00 76 8b 80 ..y.m%..|....v.. 000000000244fe6c 46 02 00 00 c8 ed 8a 80 - 02 00 00 00 c4 cc 83 80 F............... 000000000244fe7c 46 02 00 00 78 0b 79 b5 - 73 5a a8 80 02 00 00 00 F...x.y.sZ...... 000000000244fe8c e1 00 00 00 b0 0b 79 b5 - 02 7d 83 80 02 00 00 00 ......y..}...... 000000000244fe9c 20 f1 72 f7 18 ff df ff - 82 da 83 80 68 6a a6 88 .r.........hj.. 000000000244feac 00 00 00 00 00 00 00 00 - 03 00 00 00 84 0c 79 b5 ..............y. 000000000244febc 00 00 00 00 ea 97 83 80 - e4 0b 79 b5 00 00 00 00 ..........y..... 000000000244fecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 000000000244fedc e0 0b 79 b5 d9 43 a8 80 - 02 00 00 00 00 00 00 00 ..y..C.......... 000000000244feec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 0b 79 b5 .C............y. 000000000244fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 0c 79 b5 VD............y. 000000000244ff0c c7 d5 83 80 60 d6 22 89 - 08 d7 22 89 00 00 00 00 ....`."..."..... 000000000244ff1c 60 d6 22 89 01 00 00 00 - ff ff ff ff 00 00 00 00 `."............. 000000000244ff2c 7c fa df ff 84 ff 44 02 - a6 84 c8 77 4c ff 44 02 |.....D....wL.D. 000000000244ff3c b6 84 c8 77 ab a3 81 7c - 00 0b 1c 00 40 69 1b 00 ...w...|....@i.. 000000000244ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0x4c0 <----* eax=024f4129 ebx=02513040 ecx=00000000 edx=00000000 esi=000003c4 edi=00000000 eip=7c8285ec esp=0263fefc ebp=0263ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgc.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgc.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0263ff6c 024f1ced 000003c4 ffffffff 00000001 ntdll!KiFastSystemCallRet 0263ffb8 77e64829 02513040 00000000 00000000 nl_msgc+0x1ced 0263ffec 00000000 024f4129 02513040 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000263fefc 0b 7d 82 7c 1e 1d e6 77 - c4 03 00 00 01 00 00 00 .}.|...w........ 000000000263ff0c 00 00 00 00 96 1c e6 77 - 08 30 51 02 40 30 51 02 .......w.0Q.@0Q. 000000000263ff1c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000263ff2c 30 00 00 00 ff ff ff ff - ff ff ff ff ef 13 e5 77 0..............w 000000000263ff3c 00 00 00 00 40 30 51 02 - 96 1c e6 77 00 40 fd 7f [email protected].@.. 000000000263ff4c 00 00 00 00 00 31 52 02 - 10 ff 63 02 b8 ff 63 02 .....1R...c...c. 000000000263ff5c a8 ff 63 02 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..c.`..wH..w.... 000000000263ff6c b8 ff 63 02 ed 1c 4f 02 - c4 03 00 00 ff ff ff ff ..c...O......... 000000000263ff7c 01 00 00 00 00 00 00 00 - d8 30 51 02 98 41 4f 02 .........0Q..AO. 000000000263ff8c 08 30 51 02 00 00 00 00 - 00 00 00 00 40 30 51 02 .0Q.........@0Q. 000000000263ff9c 01 00 00 00 90 ff 63 02 - 5e 00 85 80 dc ff 63 02 ......c.^.....c. 000000000263ffac 20 36 4f 02 28 a7 4f 02 - 00 00 00 00 ec ff 63 02 6O.(.O.......c. 000000000263ffbc 29 48 e6 77 40 30 51 02 - 00 00 00 00 00 00 00 00 )H.w@0Q......... 000000000263ffcc 40 30 51 02 00 00 00 00 - c4 ff 63 02 5d 06 85 80 @0Q.......c.]... 000000000263ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000263ffec 00 00 00 00 00 00 00 00 - 29 41 4f 02 40 30 51 02 ........)AO.@0Q. 000000000263fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000264000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000264001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000264002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x2b4 <----* eax=024d1b00 ebx=025230c8 ecx=00000000 edx=00000000 esi=000003f8 edi=00000000 eip=7c8285ec esp=0273ff1c ebp=0273ff8c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\nl_lsp.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NetLimiter\nl_lsp.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0273ff8c 77e61c8d 000003f8 ffffffff 00000000 ntdll!KiFastSystemCallRet 0273ffa0 024d198f 000003f8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 0273ffec 00000000 024d1b00 025230c8 00000000 nl_lsp+0x198f *----> Raw Stack Dump <----* 000000000273ff1c 0b 7d 82 7c 1e 1d e6 77 - f8 03 00 00 00 00 00 00 .}.|...w........ 000000000273ff2c 00 00 00 00 7b 1c e6 77 - c8 30 52 02 c8 30 52 02 ....{..w.0R..0R. 000000000273ff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000273ff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000273ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 40 fd 7f .............@.. 000000000273ff6c 00 00 00 00 00 00 00 00 - 30 ff 73 02 60 9b f5 88 ........0.s.`... 000000000273ff7c dc ff 73 02 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..s.`..wH..w.... 000000000273ff8c a0 ff 73 02 8d 1c e6 77 - f8 03 00 00 ff ff ff ff ..s....w........ 000000000273ff9c 00 00 00 00 ec ff 73 02 - 8f 19 4d 02 f8 03 00 00 ......s...M..... 000000000273ffac ff ff ff ff 00 00 00 00 - 00 00 00 00 0d 1b 4d 02 ..............M. 000000000273ffbc 29 48 e6 77 c8 30 52 02 - 00 00 00 00 00 00 00 00 )H.w.0R......... 000000000273ffcc c8 30 52 02 00 00 00 00 - c4 ff 73 02 5d 06 85 80 .0R.......s.]... 000000000273ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000273ffec 00 00 00 00 00 00 00 00 - 00 1b 4d 02 c8 30 52 02 ..........M..0R. 000000000273fffc 00 00 00 00 c8 00 00 00 - b5 01 00 00 ff ee ff ee ................ 000000000274000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00 ................ 000000000274001c 00 20 00 00 00 02 00 00 - 00 20 00 00 da 00 00 00 . ....... ...... 000000000274002c ff ef fd 7f 15 00 08 06 - 00 00 00 00 00 00 00 00 ................ 000000000274003c 00 00 00 00 00 00 00 00 - 98 05 74 02 0f 00 00 00 ..........t..... 000000000274004c f8 ff ff ff 50 00 74 02 - 50 00 74 02 40 06 74 02 [email protected]. *----> State Dump for Thread Id 0x4c4 <----* eax=71bf2b9d ebx=00173f48 ecx=00000000 edx=00000000 esi=7c826f3f edi=00173f48 eip=7c8285ec esp=0287fe88 ebp=0287ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0287ffb8 77e64829 00173f48 00000000 00000000 ntdll!KiFastSystemCallRet 0287ffec 00000000 71bf2b9d 00173f48 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000287fe88 4b 6f 82 7c 0d 2c bf 71 - 01 00 00 00 a0 fe 87 02 Ko.|.,.q........ 000000000287fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 80 ................ 000000000287fea8 00 00 00 00 00 00 00 00 - 43 3a 5c 57 49 4e 44 4f ........C:\WINDO 000000000287feb8 57 53 5c 73 79 73 74 65 - 6d 33 32 5c 57 53 32 48 WS\system32\WS2H 000000000287fec8 45 4c 50 2e 64 6c 6c 00 - 00 00 00 00 00 00 00 00 ELP.dll......... 000000000287fed8 02 02 00 00 e0 2b a8 b5 - d9 43 a8 80 02 00 00 00 .....+...C...... 000000000287fee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 000000000287fef8 f0 2b a8 b5 56 44 a8 80 - 00 00 00 00 00 00 00 00 .+..VD.......... 000000000287ff08 1c 2c a8 b5 c7 d5 83 80 - e8 8b a6 88 90 8c a6 88 .,.............. 000000000287ff18 00 00 00 00 e8 8b a6 88 - 01 00 00 00 ff ff ff ff ................ 000000000287ff28 00 00 00 00 7c fa df ff - 91 bd 93 80 00 e0 fa 7f ....|........... 000000000287ff38 e8 8b a6 88 00 00 00 00 - e8 8b a6 88 30 25 a8 80 ............0%.. 000000000287ff48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000287ff58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000287ff68 00 00 00 00 20 f1 df ff - 00 00 00 00 00 00 00 00 .... ........... 000000000287ff78 e8 8b a6 88 c4 2c a8 b5 - 75 06 85 80 78 8d a6 88 .....,..u...x... 000000000287ff88 05 00 00 00 00 00 00 00 - 00 00 00 00 30 25 a8 80 ............0%.. 000000000287ff98 01 00 00 00 01 00 00 00 - c4 2c a8 b5 5e 00 85 80 .........,..^... 000000000287ffa8 00 00 00 00 00 00 00 00 - 00 02 00 00 17 8b 00 00 ................ 000000000287ffb8 ec ff 87 02 29 48 e6 77 - 48 3f 17 00 00 00 00 00 ....)H.wH?...... *----> State Dump for Thread Id 0x47c <----* eax=00000000 ebx=00f2342d ecx=00000000 edx=00000000 esi=00000000 edi=0700fe28 eip=7c8285ec esp=0700fde8 ebp=0700fe50 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200206 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Symantec AntiVirus\Cliscan.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0700fe50 77e424ed 000001f4 00000000 0000006d ntdll!KiFastSystemCallRet 0700fe60 65efdc46 000001f4 00000000 00f36cd0 kernel32!Sleep+0xf 0000006d 00000000 00000000 00000000 00000000 Cliscan!StopScanEngine+0x1a6 *----> Raw Stack Dump <----* 000000000700fde8 4b 6f 82 7c d1 1e e4 77 - 00 00 00 00 28 fe 00 07 Ko.|...w....(... 000000000700fdf8 5b f0 f5 77 d0 6c f3 00 - 2d 34 f2 00 24 00 00 00 [..w.l..-4..$... 000000000700fe08 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700fe28 c0 b4 b3 ff ff ff ff ff - 00 00 00 00 28 fe 00 07 ............(... 000000000700fe38 f8 fd 00 07 8d 1c e6 77 - a8 ff 00 07 60 1a e6 77 .......w....`..w 000000000700fe48 60 16 e6 77 00 00 00 00 - 60 fe 00 07 ed 24 e4 77 `..w....`....$.w 000000000700fe58 f4 01 00 00 00 00 00 00 - 6d 00 00 00 46 dc ef 65 ........m...F..e 000000000700fe68 f4 01 00 00 00 00 00 00 - d0 6c f3 00 90 34 f2 00 .........l...4.. 000000000700fe78 b8 ff 00 07 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700fea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000700fec8 00 00 00 00 ae 41 a8 80 - 00 00 00 00 00 00 00 00 .....A.......... 000000000700fed8 02 02 00 00 e0 7b fd b4 - d9 43 a8 80 02 00 00 00 .....{...C...... 000000000700fee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 000000000700fef8 f0 7b fd b4 56 44 a8 80 - 00 00 00 00 00 00 00 00 .{..VD.......... 000000000700ff08 1c 7c fd b4 00 00 37 00 - 00 00 00 00 08 37 a3 88 .|....7......7.. 000000000700ff18 98 00 00 00 13 00 00 00 - 01 00 01 00 6c fe 00 07 ............l... Application exception occurred: App: C:\Program Files\Symantec AntiVirus\VPC32.exe (pid=1564) When: 18.02.2009 @ 18:37:20.235 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 456 lsass.exe 628 svchost.exe 720 svchost.exe 800 svchost.exe 816 svchost.exe 856 svchost.exe 920 ccSetMgr.exe 948 ccEvtMgr.exe 1056 SPBBCSvc.exe 1240 spoolsv.exe 1276 msdtc.exe 1384 DefWatch.exe 1408 svchost.exe 1456 jqs.exe 1532 svchost.exe 1660 Rtvscan.exe 1760 tssdis.exe 2032 svchost.exe 2136 alg.exe 2600 wmiprvse.exe 2880 csrss.exe 2908 winlogon.exe 3100 rdpclip.exe 3168 Explorer.EXE 3244 ccApp.exe 3284 VPTray.exe 3300 NetLimiter.exe 3308 jusched.exe 3340 ctfmon.exe 3392 uTorrent.exe 3412 svchost.exe 3568 G6FTPSrv.exe 3704 logon.scr 3732 infocard.exe 1564 VPC32.exe 1800 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000447000: C:\Program Files\Symantec AntiVirus\VPC32.exe 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000004b750000 - 000000004b7d9000: C:\WINDOWS\system32\hhctrl.ocx 000000005d360000 - 000000005d36e000: C:\WINDOWS\system32\MFC71ENU.DLL 0000000061f80000 - 0000000061f93000: C:\Program Files\Symantec AntiVirus\SDSTP32I.DLL 0000000061fa0000 - 0000000061faf000: C:\Program Files\Symantec AntiVirus\SDSOK32I.DLL 0000000062f10000 - 0000000062f97000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx 0000000065470000 - 00000000654ab000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx 00000000654b0000 - 00000000654f4000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx 0000000065aa0000 - 0000000065af2000: C:\Program Files\Symantec AntiVirus\scandres.dll 0000000065b00000 - 0000000065b43000: C:\Program Files\Symantec AntiVirus\SCANDLVR.DLL 0000000065b50000 - 0000000065b97000: C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll 0000000065e10000 - 0000000065e20000: C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL 0000000065ef0000 - 0000000065fa3000: C:\Program Files\Symantec AntiVirus\Cliscan.dll 0000000065fb0000 - 0000000065ffd000: C:\Program Files\Symantec AntiVirus\Cliproxy.dll 0000000068000000 - 0000000068035000: C:\WINDOWS\system32\rsaenh.dll 0000000071b20000 - 0000000071b61000: C:\WINDOWS\system32\MSWSOCK.dll 0000000071bb0000 - 0000000071bb9000: C:\WINDOWS\system32\WSOCK32.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\netapi32.dll 00000000745e0000 - 000000007489e000: C:\WINDOWS\system32\msi.dll 0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\SXS.DLL 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\shfolder.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\userenv.dll 0000000076b10000 - 0000000076b15000: C:\WINDOWS\system32\SFC.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll 0000000076be0000 - 0000000076c0b000: C:\WINDOWS\system32\sfc_os.dll 0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c140000 - 000000007c246000: C:\WINDOWS\system32\MFC71.DLL 000000007c360000 - 000000007c3b6000: C:\WINDOWS\system32\MSVCR71.dll 000000007c3c0000 - 000000007c43c000: C:\WINDOWS\system32\MSVCP71.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll *----> State Dump for Thread Id 0x5e0 <----* eax=00000000 ebx=0000bc04 ecx=0037ed60 edx=7c223914 esi=0037b170 edi=00000000 eip=62f2f81c esp=0012efac ebp=0012f284 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx - function: LDVPCtls!DllUnregisterServer 62f2f800 7479 jz LDVPCtls!DllUnregisterServer+0xe73b (62f2f87b) 62f2f802 f4 hlt 62f2f803 62e8 bound ebp,eax 62f2f805 c3 ret 62f2f806 2301 and eax,[ecx] 62f2f808 0085c074098b add [ebp+0x8b0974c0],al 62f2f80e 108bc8ff527c adc [ebx+0x7c52ffc8],cl 62f2f814 eb02 jmp LDVPCtls!DllUnregisterServer+0xe6d8 (62f2f818) 62f2f816 33c0 xor eax,eax 62f2f818 8b4c240c mov ecx,[esp+0xc] FAULT ->62f2f81c 8b5020 mov edx,[eax+0x20] ds:0023:00000020=???????? 62f2f81f 6a01 push 0x1 62f2f821 6a00 push 0x0 62f2f823 6a00 push 0x0 62f2f825 51 push ecx 62f2f826 6a00 push 0x0 62f2f828 52 push edx 62f2f829 ff15007bf462 call dword ptr [LDVPCtls!DllCanUnloadNow+0x5172 (62f47b00)] 62f2f82f 33c9 xor ecx,ecx 62f2f831 83f820 cmp eax,0x20 62f2f834 0f9fc1 setnle cl *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MFC71.DLL - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0012f284 7c1b0f28 00ea81f0 00000000 0000ff9c LDVPCtls!DllUnregisterServer+0xe6dc 0012f2b4 7c1ade52 00000000 0000ff9c 0012f2d4 MFC71!Ordinal4261+0x10a 0012f2dc 7c1ac211 0000004e 00001388 0012f8a4 MFC71!Ordinal5373+0x52 0012f368 7c1acd7e 0018018a 0012f418 00ea8008 MFC71!Ordinal5652+0x29 0012f390 7c1ad84f 00001388 ffffff9c 0012f418 MFC71!Ordinal4722+0x46 0012f428 7c1a9f01 0000004e 00001388 0012f8a4 MFC71!Ordinal5073+0x5f 0012f448 7c182872 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x22 0012f470 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6270+0x11c 0012f4d0 7c1ac639 00000000 001e025a 0000004e MFC71!Ordinal1028+0x91 0012f4f0 62f41f90 001e025a 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f51c 7739b6e3 001e025a 0000004e 00001388 LDVPCtls!DllUnregisterServer+0x20e50 0012f548 7739b874 62f41f62 001e025a 0000004e USER32!LoadCursorW+0x4cf5 0012f5c0 7739bfce 00000000 62f41f62 001e025a USER32!LoadCursorW+0x4e86 0012f5f0 773b0463 62f41f62 001e025a 0000004e USER32!CallWindowProcW+0x75 0012f610 7c1a9cbc 62f41f62 001e025a 0000004e USER32!CallWindowProcA+0x1b 0012f630 7c1a9f18 0000004e 00001388 0012f8a4 MFC71!Ordinal1908+0x42 0012f64c 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x39 0012f6ac 7c1ac639 00000000 001e025a 0000004e MFC71!Ordinal1028+0x91 0012f6cc 65b6fe06 001e025a 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f6f8 7739b6e3 001e025a 0000004e 00001388 scandlgs!DllUnregisterServer+0x68b6 0012f724 7739b874 65b6fdd8 001e025a 0000004e USER32!LoadCursorW+0x4cf5 0012f79c 7739c2d3 00000000 65b6fdd8 001e025a USER32!LoadCursorW+0x4e86 0012f7d8 7739c337 006667c8 00666738 00001388 USER32!IsWindow+0x148 0012f7f8 77537910 001e025a 0000004e 00001388 USER32!SendMessageW+0x49 0012f890 77541dbe 001b06c8 ffffff9c 0012f8a4 COMCTL32!Ordinal73+0x764 0012f8d0 7754187b 001b06c8 00000000 00000000 COMCTL32!Ordinal330+0x1274 0012f938 775415d7 001b06c8 0012f954 ffffffff COMCTL32!Ordinal330+0xd31 0012f984 77584c52 001b06c8 00000000 00000003 COMCTL32!Ordinal330+0xa8d 0012f9a8 77585c5c 001b06c8 00000000 00000001 COMCTL32!Ordinal384+0x22907 0012f9c4 77585ecd 001b06c8 00000000 00000001 COMCTL32!Ordinal384+0x23911 0012fa44 77586211 0018018a 00000000 00000027 COMCTL32!Ordinal384+0x23b82 0012fa64 775384d3 001b06c8 00000000 00000027 COMCTL32!Ordinal384+0x23ec6 0012fbe4 7739b6e3 0018018a 00000201 00000001 COMCTL32!Ordinal73+0x1327 0012fc10 7739b874 77537dc7 0018018a 00000201 USER32!LoadCursorW+0x4cf5 0012fc88 7739bfce 00000000 77537dc7 0018018a USER32!LoadCursorW+0x4e86 0012fcb8 773b0463 ffff01ff 0018018a 00000201 USER32!CallWindowProcW+0x75 0012fcd8 7c1a9cbc ffff01ff 0018018a 00000201 USER32!CallWindowProcA+0x1b 0012fcf8 7c1a9f18 00000201 00000001 001a0027 MFC71!Ordinal1908+0x42 0012fd14 7c1ac5a9 00000201 00000001 001a0027 MFC71!Ordinal6275+0x39 0012fd74 7c1ac639 00000000 0018018a 00000201 MFC71!Ordinal1028+0x91 0012fd94 62f41f90 0018018a 00000201 00000001 MFC71!Ordinal1209+0x34 0012fdc0 7739b6e3 0018018a 00000201 00000001 LDVPCtls!DllUnregisterServer+0x20e50 0012fdec 7739b874 62f2a380 0018018a 00000201 USER32!LoadCursorW+0x4cf5 0012fe64 7739ba92 00000000 62f2a380 0018018a USER32!LoadCursorW+0x4e86 0012fecc 773a16e5 00145488 00000001 00000000 USER32!TranslateMessageEx+0x10d 0012fedc 7c1b1645 00145488 00145488 0042c130 USER32!DispatchMessageA+0xf 00000000 00000000 00000000 00000000 00000000 MFC71!Ordinal1106+0x3e *----> Raw Stack Dump <----* 000000000012efac 01 00 00 00 70 b1 37 00 - 4e bc 00 00 60 ed 37 00 ....p.7.N...`.7. 000000000012efbc e0 38 22 7c 60 ed 37 00 - f8 ec 37 00 04 01 00 00 .8"|`.7...7..... 000000000012efcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012efdc 05 10 00 00 50 f1 1a 00 - f0 f1 12 00 01 00 00 00 ....P........... 000000000012efec f8 01 14 00 bc 9c 1a 7c - ff 01 ff ff 8a 01 18 00 .......|........ 000000000012effc 05 10 00 00 00 00 00 00 - d0 f0 1a 00 f0 81 ea 00 ................ 000000000012f00c 28 f0 12 00 18 9f 1a 7c - 0c 00 00 00 00 00 00 00 (......|........ 000000000012f01c 01 00 00 00 05 10 00 00 - 78 01 37 00 88 f0 12 00 ........x.7..... 000000000012f02c a9 c5 1a 7c f8 01 14 00 - 00 00 00 00 78 01 37 00 ...|........x.7. 000000000012f03c 4c f1 12 00 08 dc ea 00 - 00 00 00 00 5a 02 1e 00 L...........Z... 000000000012f04c 4e 00 00 00 78 01 37 00 - 00 00 00 00 00 00 00 00 N...x.7......... 000000000012f05c 00 00 00 00 00 00 01 00 - d8 01 14 00 78 f1 12 00 ............x... 000000000012f06c f8 5d 16 00 80 f0 12 00 - 01 00 00 00 b5 9f 82 7c .].............| 000000000012f07c f0 5d 16 00 60 f1 12 00 - 3d 9f 82 7c 78 01 37 00 .]..`...=..|x.7. 000000000012f08c 80 08 00 00 a0 f0 12 00 - 01 00 00 00 b5 9f 82 7c ...............| 000000000012f09c 28 8d 1b 00 80 f1 12 00 - 3d 9f 82 7c 18 07 14 00 (.......=..|.... 000000000012f0ac 59 9f 82 7c 01 00 00 00 - 18 f2 12 00 30 8d 1b 00 Y..|........0... 000000000012f0bc 38 b2 82 7c 00 00 00 00 - 00 00 00 00 01 00 00 00 8..|............ 000000000012f0cc b5 9f 82 7c e0 73 37 00 - b4 f1 12 00 c8 d3 ea 00 ...|.s7......... 000000000012f0dc 78 07 37 00 59 9f 82 7c - 01 00 00 00 e8 73 37 00 x.7.Y..|.....s7. *----> State Dump for Thread Id 0x620 <----* eax=7c80e1fa ebx=00bafef0 ecx=00000000 edx=00000000 esi=00000002 edi=00000000 eip=7c8285ec esp=00bafea4 ebp=00baff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00baff48 7c80e4a2 00000002 00baff70 00000000 ntdll!KiFastSystemCallRet 00baffb8 77e64829 00000000 00000000 00000000 ntdll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus+0x301 00baffec 00000000 7c80e1fa 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000bafea4 fb 7c 82 7c bb e5 80 7c - 02 00 00 00 f0 fe ba 00 .|.|...|........ 0000000000bafeb4 01 00 00 00 01 00 00 00 - 10 ff ba 00 00 10 00 00 ................ 0000000000bafec4 88 1f 9b 00 c0 83 88 7c - 24 00 00 00 01 00 00 00 .......|$....... 0000000000bafed4 00 00 00 00 00 00 00 00 - 30 00 00 00 ff ff ff ff ........0....... 0000000000bafee4 ff ff ff ff 61 d3 80 7c - 00 00 00 00 70 00 00 00 ....a..|....p... 0000000000bafef4 7c 00 00 00 08 00 00 c0 - 00 10 00 00 30 ff ba 00 |...........0... 0000000000baff04 d1 96 82 7c d6 96 82 7c - 00 10 00 00 00 a2 2f 4d ...|...|....../M 0000000000baff14 ff ff ff ff 00 f0 fd 7f - c0 83 88 7c 10 ff ba 00 ...........|.... 0000000000baff24 f0 fe ba 00 e0 96 82 7c - 02 00 00 00 c0 fe ba 00 .......|........ 0000000000baff34 ae e1 80 7c dc ff ba 00 - 70 82 82 7c c8 d3 80 7c ...|....p..|...| 0000000000baff44 00 00 00 00 b8 ff ba 00 - a2 e4 80 7c 02 00 00 00 ...........|.... 0000000000baff54 70 ff ba 00 00 00 00 00 - e0 93 04 00 01 00 00 00 p............... 0000000000baff64 00 00 00 00 00 00 00 00 - 00 00 00 00 70 00 00 00 ............p... 0000000000baff74 7c 00 00 00 00 10 00 00 - 88 1f 9b 00 00 10 00 00 |............... 0000000000baff84 90 2f 9b 00 80 70 88 7c - 00 00 00 00 20 00 00 00 ./...p.|.... ... 0000000000baff94 a0 70 88 7c 00 10 00 00 - 80 70 88 7c 88 1f 9b 00 .p.|.....p.|.... 0000000000baffa4 00 00 00 00 a0 70 88 7c - e5 03 00 00 00 10 00 00 .....p.|........ 0000000000baffb4 90 2f 9b 00 ec ff ba 00 - 29 48 e6 77 00 00 00 00 ./......)H.w.... 0000000000baffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000baffd4 c4 ff ba 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w *----> State Dump for Thread Id 0x6d4 <----* eax=761b43ce ebx=0109ff34 ecx=00000000 edx=00000000 esi=0109ff34 edi=7ffdf000 eip=7c8285ec esp=0109fee8 ebp=0109ff90 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\CRYPT32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0109ff90 761b43f9 00000001 00163968 00000000 ntdll!KiFastSystemCallRet 0109ffb8 77e64829 00000001 00000000 00000000 CRYPT32!I_CryptFlushLruCache+0x84 0109ffec 00000000 761b43ce 00163960 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000109fee8 fb 7c 82 7c 2c 20 e6 77 - 01 00 00 00 34 ff 09 01 .|.|, .w....4... 000000000109fef8 01 00 00 00 00 00 00 00 - 54 ff 09 01 00 00 00 00 ........T....... 000000000109ff08 60 39 16 00 68 39 16 00 - 24 00 00 00 01 00 00 00 `9..h9..$....... 000000000109ff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000109ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 d8 01 00 00 ................ 000000000109ff38 30 78 a5 88 00 00 00 00 - 30 78 a5 88 30 25 a8 80 0x......0x..0%.. 000000000109ff48 7c fc 09 b5 10 f8 36 e5 - 28 fc 09 b5 80 2e 0f f7 |.....6.(....... 000000000109ff58 ff ff ff ff 00 f0 fd 7f - 00 00 00 00 54 ff 09 01 ............T... 000000000109ff68 34 ff 09 01 20 f1 72 f7 - 00 00 00 00 01 00 00 00 4... .r......... 000000000109ff78 04 ff 09 01 c4 fc 09 b5 - dc ff 09 01 60 1a e6 77 ............`..w 000000000109ff88 f8 1f e6 77 00 00 00 00 - b8 ff 09 01 f9 43 1b 76 ...w.........C.v 000000000109ff98 01 00 00 00 68 39 16 00 - 00 00 00 00 98 3a 00 00 ....h9.......:.. 000000000109ffa8 00 00 00 00 00 00 00 00 - 00 00 00 00 60 39 16 00 ............`9.. 000000000109ffb8 ec ff 09 01 29 48 e6 77 - 01 00 00 00 00 00 00 00 ....)H.w........ 000000000109ffc8 00 00 00 00 60 39 16 00 - 00 00 00 00 c4 ff 09 01 ....`9.......... 000000000109ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000109ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 ce 43 1b 76 .............C.v 000000000109fff8 60 39 16 00 00 00 00 00 - 00 00 00 00 00 00 00 00 `9.............. 00000000010a0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000010a0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x6dc <----* eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001 eip=7c8285ec esp=0119fcf0 ebp=0119ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0119ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet 0119ffec 00000000 7c83c643 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000119fcf0 fb 7c 82 7c 8e c7 83 7c - 13 00 00 00 34 fd 19 01 .|.|...|....4... 000000000119fd00 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fd10 00 00 00 00 00 00 00 00 - 88 96 88 7c 88 96 88 7c ...........|...| 000000000119fd20 48 02 00 00 dc 06 00 00 - 13 00 00 00 13 00 00 00 H............... 000000000119fd30 12 00 00 00 78 01 00 00 - a0 01 00 00 98 00 00 00 ....x........... 000000000119fd40 8c 02 00 00 80 02 00 00 - 74 02 00 00 18 02 00 00 ........t....... 000000000119fd50 20 02 00 00 2c 02 00 00 - 40 02 00 00 38 02 00 00 ...,[email protected]... 000000000119fd60 9c 01 00 00 a4 02 00 00 - b0 02 00 00 b8 02 00 00 ................ 000000000119fd70 c4 02 00 00 d0 02 00 00 - dc 02 00 00 e4 02 00 00 ................ 000000000119fd80 00 03 00 00 0c 03 00 00 - 18 03 00 00 24 03 00 00 ............$... 000000000119fd90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fda0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fde0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fe00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x658 <----* eax=76929dd9 ebx=0129ff10 ecx=00000000 edx=00000000 esi=0129ff18 edi=7ffdf000 eip=7c8285ec esp=0129fec4 ebp=0129ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\userenv.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0129ff6c 77e62fbe 00000003 769cd34c 00000000 ntdll!KiFastSystemCallRet 0129ff88 76929e35 00000003 769cd34c 00000000 kernel32!WaitForMultipleObjects+0x18 0129ffb8 77e64829 00000000 00000000 00000000 userenv!ExpandEnvironmentStringsForUserW+0x6f2 0129ffec 00000000 76929dd9 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000129fec4 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 10 ff 29 01 .|.|, .w......). 000000000129fed4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000129fee4 f8 d3 9c 76 6f 3e e6 77 - 24 00 00 00 01 00 00 00 ...vo>.w$....... 000000000129fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000129ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 b0 00 00 00 ................ 000000000129ff14 c8 00 00 00 54 02 00 00 - 59 9f 82 7c 20 1c e4 77 ....T...Y..| ..w 000000000129ff24 00 00 14 00 00 00 00 00 - 30 1c e4 77 00 00 00 00 ........0..w.... 000000000129ff34 00 00 00 00 00 f0 fd 7f - 66 01 68 01 00 00 00 00 ........f.h..... 000000000129ff44 10 ff 29 01 00 00 00 00 - 00 00 00 00 03 00 00 00 ..)............. 000000000129ff54 e0 fe 29 01 00 00 00 00 - dc ff 29 01 60 1a e6 77 ..).......).`..w 000000000129ff64 f8 1f e6 77 00 00 00 00 - 88 ff 29 01 be 2f e6 77 ...w......)../.w 000000000129ff74 03 00 00 00 4c d3 9c 76 - 00 00 00 00 ff ff ff ff ....L..v........ 000000000129ff84 00 00 00 00 b8 ff 29 01 - 35 9e 92 76 03 00 00 00 ......).5..v.... 000000000129ff94 4c d3 9c 76 00 00 00 00 - ff ff ff ff 00 00 00 00 L..v............ 000000000129ffa4 00 00 00 00 00 00 00 00 - 00 00 92 76 03 00 00 00 ...........v.... 000000000129ffb4 00 00 00 00 ec ff 29 01 - 29 48 e6 77 00 00 00 00 ......).)H.w.... 000000000129ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000129ffd4 c4 ff 29 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..).].......`..w 000000000129ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000129fff4 d9 9d 92 76 00 00 00 00 - 00 00 00 00 6a 00 2a 01 ...v........j.*. *----> State Dump for Thread Id 0x6c0 <----* eax=77575eb2 ebx=001b6840 ecx=00000000 edx=00000000 esi=00000304 edi=00000000 eip=7c8285ec esp=01b9ff1c ebp=01b9ff8c iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01b9ff8c 77e61c8d 00000304 00001046 00000000 ntdll!KiFastSystemCallRet 01b9ffa0 77575eeb 00000304 00001046 00000000 kernel32!WaitForSingleObject+0x12 01b9ffb8 77e64829 001b6840 00000000 00000000 COMCTL32!Ordinal384+0x13ba0 01b9ffec 00000000 77575eb2 001b6840 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001b9ff1c 0b 7d 82 7c 1e 1d e6 77 - 04 03 00 00 00 00 00 00 .}.|...w........ 0000000001b9ff2c 60 ff b9 01 a0 0f 00 00 - 40 68 1b 00 40 68 1b 00 `.......@h..@h.. 0000000001b9ff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001b9ff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001b9ff5c 00 00 00 00 a0 51 84 fd - ff ff ff ff 00 f0 fd 7f .....Q.......... 0000000001b9ff6c 60 ff b9 01 40 68 1b 00 - 30 ff b9 01 ff ff ff ff `[email protected]....... 0000000001b9ff7c dc ff b9 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001b9ff8c a0 ff b9 01 8d 1c e6 77 - 04 03 00 00 46 10 00 00 .......w....F... 0000000001b9ff9c 00 00 00 00 b8 ff b9 01 - eb 5e 57 77 04 03 00 00 .........^Ww.... 0000000001b9ffac 46 10 00 00 00 00 00 00 - 00 00 00 00 ec ff b9 01 F............... 0000000001b9ffbc 29 48 e6 77 40 68 1b 00 - 00 00 00 00 00 00 00 00 )H.w@h.......... 0000000001b9ffcc 40 68 1b 00 00 00 00 00 - c4 ff b9 01 5d 06 85 80 @h..........]... 0000000001b9ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001b9ffec 00 00 00 00 00 00 00 00 - b2 5e 57 77 40 68 1b 00 .........^Ww@h.. 0000000001b9fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ba000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ba001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ba002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ba003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ba004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Application exception occurred: App: C:\Program Files\Symantec AntiVirus\VPC32.exe (pid=3672) When: 21.02.2009 @ 14:07:40.953 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 448 lsass.exe 636 svchost.exe 708 svchost.exe 780 svchost.exe 796 svchost.exe 844 svchost.exe 900 ccSetMgr.exe 932 ccEvtMgr.exe 1040 SPBBCSvc.exe 1236 spoolsv.exe 1268 msdtc.exe 1368 DefWatch.exe 1392 svchost.exe 1416 jqs.exe 1528 svchost.exe 1588 Rtvscan.exe 1708 tssdis.exe 2020 svchost.exe 2072 alg.exe 2260 csrss.exe 2288 winlogon.exe 2468 rdpclip.exe 2556 Explorer.EXE 2788 ccApp.exe 2800 VPTray.exe 2848 NetLimiter.exe 2860 jusched.exe 2872 ctfmon.exe 2960 svchost.exe 3052 uTorrent.exe 3104 G6FTPSrv.exe 3184 Defraggler.exe 3356 wmiprvse.exe 3672 VPC32.exe 4056 logon.scr 688 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000447000: C:\Program Files\Symantec AntiVirus\VPC32.exe 0000000000bd0000 - 0000000000bdc000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll 0000000000c60000 - 0000000000c71000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll 0000000000c80000 - 0000000000c94000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll 0000000000ca0000 - 0000000000cae000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll 0000000000e90000 - 0000000000e9d000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll 00000000012a0000 - 00000000012d3000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll 00000000012e0000 - 00000000012f6000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll 0000000001300000 - 0000000001313000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll 0000000001320000 - 0000000001333000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll 0000000001340000 - 0000000001354000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll 0000000001360000 - 0000000001378000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll 0000000001380000 - 00000000013a4000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll 00000000013b0000 - 00000000013bf000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll 00000000013c0000 - 00000000013d1000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll 00000000013e0000 - 0000000001415000: C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll 0000000001430000 - 00000000016f5000: C:\WINDOWS\system32\xpsp2res.dll 0000000001a90000 - 0000000001aa5000: C:\Program Files\NetLimiter\nl_lsp.dll 0000000001ab0000 - 0000000001ac1000: C:\WINDOWS\system32\nl_msgc.dll 0000000001f50000 - 0000000001fe9000: C:\Program Files\Symantec AntiVirus\DefUtDCD.dll 0000000010000000 - 000000001000d000: C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000004b750000 - 000000004b7d9000: C:\WINDOWS\system32\hhctrl.ocx 0000000057b60000 - 0000000057b6a000: C:\WINDOWS\System32\wshqos.dll 0000000057b80000 - 0000000057b87000: C:\WINDOWS\System32\wship6.dll 000000005d360000 - 000000005d36e000: C:\WINDOWS\system32\MFC71ENU.DLL 000000005f270000 - 000000005f2ca000: C:\WINDOWS\system32\hnetcfg.dll 0000000062f10000 - 0000000062f97000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx 0000000065470000 - 00000000654ab000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx 00000000654b0000 - 00000000654f4000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx 0000000065b50000 - 0000000065b97000: C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll 0000000065e10000 - 0000000065e20000: C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL 0000000065e90000 - 0000000065eb4000: C:\Program Files\Symantec AntiVirus\I2ldvp3.dll 0000000065ef0000 - 0000000065fa3000: C:\Program Files\Symantec AntiVirus\Cliscan.dll 0000000065fb0000 - 0000000065ffd000: C:\Program Files\Symantec AntiVirus\Cliproxy.dll 0000000068000000 - 0000000068035000: C:\WINDOWS\system32\rsaenh.dll 0000000069000000 - 000000006901d000: C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL 0000000069040000 - 000000006907f000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\ecmsvr32.dll 0000000069100000 - 0000000069220000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\NAVEX32a.DLL 00000000692c0000 - 00000000692ea000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\NAVENG32.DLL 000000006ad40000 - 000000006ad4f000: C:\Program Files\Common Files\Symantec Shared\ccDec.dll 000000006af90000 - 000000006afee000: C:\Program Files\Common Files\Symantec Shared\ccL40.dll 000000006b2b0000 - 000000006b2e5000: C:\Program Files\Common Files\Symantec Shared\ccScan.dll 000000006b350000 - 000000006b367000: C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll 000000006d300000 - 000000006d54e000: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\ccEraser.dll 000000006fa60000 - 000000006fa98000: C:\Program Files\Symantec AntiVirus\SAVRT32.DLL 0000000071ae0000 - 0000000071ae8000: C:\WINDOWS\system32\wshtcpip.dll 0000000071b20000 - 0000000071b61000: C:\WINDOWS\system32\MSWSOCK.dll 0000000071bb0000 - 0000000071bb9000: C:\WINDOWS\system32\WSOCK32.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\netapi32.dll 0000000074540000 - 00000000745d3000: C:\WINDOWS\system32\mlang.dll 00000000745e0000 - 000000007489e000: C:\WINDOWS\system32\msi.dll 0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\SXS.DLL 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\shfolder.dll 00000000768e0000 - 00000000768e8000: C:\WINDOWS\system32\LINKINFO.dll 00000000768f0000 - 0000000076915000: C:\WINDOWS\system32\ntshrui.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\userenv.dll 0000000076b10000 - 0000000076b15000: C:\WINDOWS\system32\SFC.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll 0000000076be0000 - 0000000076c0b000: C:\WINDOWS\system32\sfc_os.dll 0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076ed0000 - 0000000076efa000: C:\WINDOWS\system32\DNSAPI.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000076f70000 - 0000000076f77000: C:\WINDOWS\System32\winrnr.dll 0000000076f80000 - 0000000076f85000: C:\WINDOWS\system32\rasadhlp.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 00000000771f0000 - 0000000077201000: C:\WINDOWS\system32\WINSTA.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c140000 - 000000007c246000: C:\WINDOWS\system32\MFC71.DLL 000000007c360000 - 000000007c3b6000: C:\WINDOWS\system32\MSVCR71.dll 000000007c3c0000 - 000000007c43c000: C:\WINDOWS\system32\MSVCP71.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll *----> State Dump for Thread Id 0xe5c <----* eax=00000000 ebx=00000000 ecx=777964dc edx=00000000 esi=00145488 edi=00145458 eip=7c8285ec esp=0012feac ebp=0012fed0 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MFC71.DLL - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0012fed0 7c1b161f 00145488 00000000 00000000 ntdll!KiFastSystemCallRet 00000000 00000000 00000000 00000000 00000000 MFC71!Ordinal1106+0x18 *----> Raw Stack Dump <----* 000000000012feac 11 c8 39 77 2f 3d 39 77 - 88 54 14 00 00 00 00 00 ..9w/=9w.T...... 000000000012febc 00 00 00 00 00 00 00 00 - 00 00 00 00 58 54 14 00 ............XT.. 000000000012fecc 88 54 14 00 00 00 00 00 - 1f 16 1b 7c 88 54 14 00 .T.........|.T.. 000000000012fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 88 54 14 00 .............T.. 000000000012feec 30 c1 42 00 57 13 1b 7c - 30 c1 42 00 30 c1 42 00 0.B.W..|0.B.0.B. 000000000012fefc c0 ff 12 00 ff ff ff ff - 02 00 00 00 58 54 14 00 ............XT.. 000000000012ff0c f1 e5 1a 7c 4a 47 e6 77 - 48 25 14 00 00 00 00 00 ...|JG.wH%...... 000000000012ff1c 99 b9 41 00 00 00 40 00 - 00 00 00 00 48 25 14 00 [email protected]%.. 000000000012ff2c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 70 fd 7f .............p.. 000000000012ff3c 44 00 00 00 a0 4a 14 00 - b0 4a 14 00 c8 4a 14 00 D....J...J...J.. 000000000012ff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 0c 00 00 ................ 000000000012ff6c 01 00 00 00 00 00 00 00 - 00 00 00 00 01 00 01 00 ................ 000000000012ff7c 00 00 00 00 75 06 85 80 - 00 00 00 00 01 00 00 00 ....u........... 000000000012ff8c a0 48 37 00 a8 29 37 00 - 30 25 a8 80 00 00 00 00 .H7..)7.0%...... 000000000012ff9c 48 25 14 00 00 00 00 00 - 00 00 00 00 30 ff 12 00 H%..........0... 000000000012ffac 00 00 00 00 e0 ff 12 00 - 70 b7 41 00 c8 41 42 00 ........p.A..AB. 000000000012ffbc 00 00 00 00 f0 ff 12 00 - 3b f2 e6 77 00 00 00 00 ........;..w.... 000000000012ffcc 00 00 00 00 00 70 fd 7f - 00 00 00 00 c8 ff 12 00 .....p.......... 000000000012ffdc e4 ac 8b b5 ff ff ff ff - 60 1a e6 77 48 f2 e6 77 ........`..wH..w *----> State Dump for Thread Id 0xe74 <----* eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001 eip=7c8285ec esp=0119fcf0 ebp=0119ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0119ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet 0119ffec 00000000 7c83c643 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000119fcf0 fb 7c 82 7c 8e c7 83 7c - 13 00 00 00 34 fd 19 01 .|.|...|....4... 000000000119fd00 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fd10 00 00 00 00 00 00 00 00 - 88 96 88 7c 88 96 88 7c ...........|...| 000000000119fd20 10 02 00 00 74 0e 00 00 - 13 00 00 00 13 00 00 00 ....t........... 000000000119fd30 12 00 00 00 44 02 00 00 - 78 01 00 00 b0 00 00 00 ....D...x....... 000000000119fd40 80 02 00 00 74 02 00 00 - 68 02 00 00 1c 02 00 00 ....t...h....... 000000000119fd50 2c 02 00 00 24 02 00 00 - 40 02 00 00 38 02 00 00 ,[email protected]... 000000000119fd60 94 02 00 00 a0 02 00 00 - ac 02 00 00 b4 02 00 00 ................ 000000000119fd70 c0 02 00 00 cc 02 00 00 - d8 02 00 00 e0 02 00 00 ................ 000000000119fd80 b0 03 00 00 bc 03 00 00 - c8 03 00 00 d4 03 00 00 ................ 000000000119fd90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fda0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fde0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fdf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fe00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000119fe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xe78 <----* eax=76929dd9 ebx=0129ff10 ecx=00000000 edx=00000000 esi=0129ff18 edi=7ffd7000 eip=7c8285ec esp=0129fec4 ebp=0129ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\userenv.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0129ff6c 77e62fbe 00000003 769cd34c 00000000 ntdll!KiFastSystemCallRet 0129ff88 76929e35 00000003 769cd34c 00000000 kernel32!WaitForMultipleObjects+0x18 0129ffb8 77e64829 00000000 00000000 00000000 userenv!ExpandEnvironmentStringsForUserW+0x6f2 0129ffec 00000000 76929dd9 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000129fec4 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 10 ff 29 01 .|.|, .w......). 000000000129fed4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000129fee4 f8 d3 9c 76 6f 3e e6 77 - 24 00 00 00 01 00 00 00 ...vo>.w$....... 000000000129fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000129ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 c8 00 00 00 ................ 000000000129ff14 4c 02 00 00 90 02 00 00 - 59 9f 82 7c 20 1c e4 77 L.......Y..| ..w 000000000129ff24 00 00 14 00 00 00 00 00 - 30 1c e4 77 00 00 00 00 ........0..w.... 000000000129ff34 00 00 00 00 00 70 fd 7f - 66 01 68 01 00 00 00 00 .....p..f.h..... 000000000129ff44 10 ff 29 01 00 00 00 00 - 00 00 00 00 03 00 00 00 ..)............. 000000000129ff54 e0 fe 29 01 00 00 00 00 - dc ff 29 01 60 1a e6 77 ..).......).`..w 000000000129ff64 f8 1f e6 77 00 00 00 00 - 88 ff 29 01 be 2f e6 77 ...w......)../.w 000000000129ff74 03 00 00 00 4c d3 9c 76 - 00 00 00 00 ff ff ff ff ....L..v........ 000000000129ff84 00 00 00 00 b8 ff 29 01 - 35 9e 92 76 03 00 00 00 ......).5..v.... 000000000129ff94 4c d3 9c 76 00 00 00 00 - ff ff ff ff 00 00 00 00 L..v............ 000000000129ffa4 00 00 00 00 00 00 00 00 - 00 00 92 76 03 00 00 00 ...........v.... 000000000129ffb4 00 00 00 00 ec ff 29 01 - 29 48 e6 77 00 00 00 00 ......).)H.w.... 000000000129ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000129ffd4 c4 ff 29 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..).].......`..w 000000000129ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000129fff4 d9 9d 92 76 00 00 00 00 - 00 00 00 00 4d 5a 90 00 ...v........MZ.. *----> State Dump for Thread Id 0xf40 <----* eax=00000102 ebx=00144e98 ecx=0180fe1c edx=7c8285ec esi=0015ecb8 edi=00000000 eip=7c8285ec esp=0180fe1c ebp=0180ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0180ff84 77c88792 0180ffac 77c8872d 0015ecb8 ntdll!KiFastSystemCallRet 0180ff8c 77c8872d 0015ecb8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0180ffac 77c7b110 0014e9a8 0180ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0180ffb8 77e64829 00144e98 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0180ffec 00000000 77c7b0f5 00144e98 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000180fe1c 3b 78 82 7c ac 85 c8 77 - 68 03 00 00 74 ff 80 01 ;x.|...wh...t... 000000000180fe2c 00 00 00 00 18 fb 14 00 - 54 ff 80 01 c0 d4 8a 80 ........T....... 000000000180fe3c 00 58 6d e4 30 6b 79 b5 - c0 d4 8a 80 00 58 6d e4 .Xm.0ky......Xm. 000000000180fe4c 00 d4 8a 80 02 6b 79 b5 - 00 00 a8 80 f8 58 6d e4 .....ky......Xm. 000000000180fe5c 00 d4 8a 80 6c 6b 79 b5 - 6d 25 a8 80 57 e3 83 80 ....lky.m%..W... 000000000180fe6c 02 00 00 00 c0 d4 8a 80 - f8 58 6d e4 00 00 00 00 .........Xm..... 000000000180fe7c f4 d4 8a 80 00 00 00 00 - 90 40 bc 89 10 48 38 e5 [email protected]. 000000000180fe8c 07 00 00 00 4d cc 92 80 - 10 ca b9 88 a8 ce 36 e1 ....M.........6. 000000000180fe9c 90 40 bc 89 10 48 38 e5 - 07 00 00 00 e8 6b 79 b5 [email protected]. 000000000180feac 80 36 b9 89 b5 b8 89 80 - 00 00 00 00 a8 ce 36 e1 .6............6. 000000000180febc 04 00 00 00 80 9a d1 00 - 08 88 cf 00 00 00 00 00 ................ 000000000180fecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 000000000180fedc e0 6b 79 b5 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .ky..C.......... 000000000180feec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 6b 79 b5 .C...........ky. 000000000180fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 6c 79 b5 VD...........ly. 000000000180ff0c c7 d5 83 80 b0 fd a3 88 - 58 fe a3 88 01 00 00 00 ........X....... 000000000180ff1c b0 fd a3 88 01 00 00 00 - ff ff ff ff 01 00 00 00 ................ 000000000180ff2c 7c fa 72 f7 84 ff 80 01 - a6 84 c8 77 4c ff 80 01 |.r........wL... 000000000180ff3c b6 84 c8 77 ab a3 81 7c - a0 f0 1a 00 98 4e 14 00 ...w...|.....N.. 000000000180ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xf48 <----* eax=01a0ff54 ebx=001ad628 ecx=00000000 edx=01a0fe10 esi=0015ecb8 edi=00000000 eip=7c8285ec esp=01a0fe1c ebp=01a0ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01a0ff84 77c88792 01a0ffac 77c8872d 0015ecb8 ntdll!KiFastSystemCallRet 01a0ff8c 77c8872d 0015ecb8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 01a0ffac 77c7b110 0014e9a8 01a0ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 01a0ffb8 77e64829 001ad628 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 01a0ffec 00000000 77c7b0f5 001ad628 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001a0fe1c 3b 78 82 7c ac 85 c8 77 - 68 03 00 00 74 ff a0 01 ;x.|...wh...t... 0000000001a0fe2c 00 00 00 00 e8 bc 48 07 - 54 ff a0 01 88 ed a3 88 ......H.T....... 0000000001a0fe3c b0 ef a3 88 00 00 00 00 - 00 50 fd 7f 00 00 00 00 .........P...... 0000000001a0fe4c 7c 0e 00 00 02 00 00 00 - 00 00 00 00 00 00 00 00 |............... 0000000001a0fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001a0fe6c 01 00 00 00 c4 ed 8a 80 - 01 00 00 00 0f 00 00 00 ................ 0000000001a0fe7c 46 02 00 00 78 3b 19 b5 - 73 5a a8 80 01 00 00 00 F...x;..sZ...... 0000000001a0fe8c e1 00 00 00 b0 3b 19 b5 - 02 7d 83 80 01 00 00 00 .....;...}...... 0000000001a0fe9c 7c fa df ff d0 68 b9 89 - 30 f0 83 80 88 ed a3 88 |....h..0....... 0000000001a0feac 00 00 00 00 00 00 00 00 - 03 00 00 00 84 3c 19 b5 .............<.. 0000000001a0febc 00 00 00 00 ea 97 83 80 - e4 3b 19 b5 88 ed a3 88 .........;...... 0000000001a0fecc 20 f1 72 f7 20 f1 72 f7 - 00 00 00 00 00 f1 72 f7 .r. .r.......r. 0000000001a0fedc e8 13 a5 88 00 00 00 00 - 00 f1 72 f7 00 00 00 00 ..........r..... 0000000001a0feec e4 3b 19 b5 56 44 a8 80 - 20 f1 72 f7 00 00 00 00 .;..VD.. .r..... 0000000001a0fefc 00 3c 19 b5 0c d6 83 80 - 01 00 00 00 7c fa 72 f7 .<..........|.r. 0000000001a0ff0c 00 00 00 00 00 00 00 00 - 00 ed a3 88 18 3c 19 b5 .............<.. 0000000001a0ff1c 5c e5 83 80 00 00 00 00 - f0 13 a2 88 98 14 a2 88 \............... 0000000001a0ff2c 80 93 8b 80 84 ff a0 01 - a6 84 c8 77 4c ff a0 01 ...........wL... 0000000001a0ff3c b6 84 c8 77 ab a3 81 7c - c8 15 1b 00 28 d6 1a 00 ...w...|....(... 0000000001a0ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xf50 <----* eax=00000000 ebx=01ad3040 ecx=7ffd6000 edx=01ae3100 esi=000003a4 edi=00000000 eip=7c8285ec esp=01bffefc ebp=01bfff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgc.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgc.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01bfff6c 01ab1ced 000003a4 ffffffff 00000001 ntdll!KiFastSystemCallRet 01bfffb8 77e64829 01ad3040 00000000 00000000 nl_msgc+0x1ced 01bfffec 00000000 01ab4129 01ad3040 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001bffefc 0b 7d 82 7c 1e 1d e6 77 - a4 03 00 00 01 00 00 00 .}.|...w........ 0000000001bfff0c 00 00 00 00 96 1c e6 77 - 08 30 ad 01 40 30 ad 01 .......w.0..@0.. 0000000001bfff1c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001bfff2c 30 00 00 00 ff ff ff ff - ff ff ff ff ef 13 e5 77 0..............w 0000000001bfff3c 00 00 00 00 40 30 ad 01 - 96 1c e6 77 00 70 fd 7f [email protected].. 0000000001bfff4c 00 00 00 00 00 31 ae 01 - 10 ff bf 01 b8 ff bf 01 .....1.......... 0000000001bfff5c a8 ff bf 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001bfff6c b8 ff bf 01 ed 1c ab 01 - a4 03 00 00 ff ff ff ff ................ 0000000001bfff7c 01 00 00 00 00 00 00 00 - d8 30 ad 01 98 41 ab 01 .........0...A.. 0000000001bfff8c 08 30 ad 01 00 00 00 00 - 00 00 00 00 40 30 ad 01 .0..........@0.. 0000000001bfff9c 01 00 00 00 90 ff bf 01 - 5e 00 85 80 dc ff bf 01 ........^....... 0000000001bfffac 20 36 ab 01 28 a7 ab 01 - 00 00 00 00 ec ff bf 01 6..(........... 0000000001bfffbc 29 48 e6 77 40 30 ad 01 - 00 00 00 00 00 00 00 00 )H.w@0.......... 0000000001bfffcc 40 30 ad 01 00 00 00 00 - c4 ff bf 01 5d 06 85 80 @0..........]... 0000000001bfffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001bfffec 00 00 00 00 00 00 00 00 - 29 41 ab 01 40 30 ad 01 ........)A..@0.. 0000000001bffffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c0000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c0001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001c0002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf54 <----* eax=01a91b00 ebx=01ae30c8 ecx=00000000 edx=00000000 esi=000003d8 edi=00000000 eip=7c8285ec esp=01cfff1c ebp=01cfff8c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\nl_lsp.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NetLimiter\nl_lsp.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01cfff8c 77e61c8d 000003d8 ffffffff 00000000 ntdll!KiFastSystemCallRet 01cfffa0 01a9198f 000003d8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 01cfffec 00000000 01a91b00 01ae30c8 00000000 nl_lsp+0x198f *----> Raw Stack Dump <----* 0000000001cfff1c 0b 7d 82 7c 1e 1d e6 77 - d8 03 00 00 00 00 00 00 .}.|...w........ 0000000001cfff2c 00 00 00 00 7b 1c e6 77 - c8 30 ae 01 c8 30 ae 01 ....{..w.0...0.. 0000000001cfff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000001cfff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001cfff5c 00 00 00 00 00 00 00 00 - f9 83 92 80 00 70 fd 7f .............p.. 0000000001cfff6c 00 00 00 00 00 00 00 00 - 30 ff cf 01 a8 ab a4 88 ........0....... 0000000001cfff7c dc ff cf 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 0000000001cfff8c a0 ff cf 01 8d 1c e6 77 - d8 03 00 00 ff ff ff ff .......w........ 0000000001cfff9c 00 00 00 00 ec ff cf 01 - 8f 19 a9 01 d8 03 00 00 ................ 0000000001cfffac ff ff ff ff 00 00 00 00 - 00 00 00 00 0d 1b a9 01 ................ 0000000001cfffbc 29 48 e6 77 c8 30 ae 01 - 00 00 00 00 00 00 00 00 )H.w.0.......... 0000000001cfffcc c8 30 ae 01 00 00 00 00 - c4 ff cf 01 5d 06 85 80 .0..........]... 0000000001cfffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 0000000001cfffec 00 00 00 00 00 00 00 00 - 00 1b a9 01 c8 30 ae 01 .............0.. 0000000001cffffc 00 00 00 00 c8 00 00 00 - 7e 01 00 00 ff ee ff ee ........~....... 0000000001d0000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00 ................ 0000000001d0001c 00 20 00 00 00 02 00 00 - 00 20 00 00 da 00 00 00 . ....... ...... 0000000001d0002c ff ef fd 7f 12 00 08 06 - 00 00 00 00 00 00 00 00 ................ 0000000001d0003c 00 00 00 00 00 00 00 00 - 98 05 d0 01 0f 00 00 00 ................ 0000000001d0004c f8 ff ff ff 50 00 d0 01 - 50 00 d0 01 40 06 d0 01 ....P...P...@... *----> State Dump for Thread Id 0xf58 <----* eax=71bf2b9d ebx=001b50b0 ecx=00000000 edx=00000000 esi=7c826f3f edi=001b50b0 eip=7c8285ec esp=01e3fe88 ebp=01e3ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01e3ffb8 77e64829 001b50b0 00000000 00000000 ntdll!KiFastSystemCallRet 01e3ffec 00000000 71bf2b9d 001b50b0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001e3fe88 4b 6f 82 7c 0d 2c bf 71 - 01 00 00 00 a0 fe e3 01 Ko.|.,.q........ 0000000001e3fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 80 ................ 0000000001e3fea8 00 00 00 00 00 00 00 00 - 43 3a 5c 57 49 4e 44 4f ........C:\WINDO 0000000001e3feb8 57 53 5c 73 79 73 74 65 - 6d 33 32 5c 57 53 32 48 WS\system32\WS2H 0000000001e3fec8 45 4c 50 2e 64 6c 6c 00 - 00 00 00 00 00 00 00 00 ELP.dll......... 0000000001e3fed8 02 02 00 00 e0 bb fe b4 - d9 43 a8 80 02 00 00 00 .........C...... 0000000001e3fee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 0000000001e3fef8 f0 bb fe b4 56 44 a8 80 - 00 00 00 00 00 00 00 00 ....VD.......... 0000000001e3ff08 1c bc fe b4 c7 d5 83 80 - 18 ca a3 88 c0 ca a3 88 ................ 0000000001e3ff18 01 00 00 00 18 ca a3 88 - 01 00 00 00 ff ff ff ff ................ 0000000001e3ff28 01 00 00 00 7c fa 72 f7 - 91 bd 93 80 00 40 fd 7f ....|.r......@.. 0000000001e3ff38 18 ca a3 88 00 00 00 00 - 18 ca a3 88 30 25 a8 80 ............0%.. 0000000001e3ff48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001e3ff58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001e3ff68 00 00 00 00 20 f1 72 f7 - 00 00 00 00 00 00 00 00 .... .r......... 0000000001e3ff78 18 ca a3 88 c4 bc fe b4 - 75 06 85 80 a8 cb a3 88 ........u....... 0000000001e3ff88 05 00 00 00 00 00 00 00 - 00 00 00 00 30 25 a8 80 ............0%.. 0000000001e3ff98 01 00 00 00 01 00 00 00 - c4 bc fe b4 5e 00 85 80 ............^... 0000000001e3ffa8 00 00 00 00 00 00 00 00 - 00 02 00 00 ff 7c 00 00 .............|.. 0000000001e3ffb8 ec ff e3 01 29 48 e6 77 - b0 50 1b 00 00 00 00 00 ....)H.w.P...... *----> State Dump for Thread Id 0xf5c <----* eax=00000001 ebx=00eb802d ecx=77e41ef3 edx=7c8285ec esi=00000000 edi=0663fe28 eip=7c8285ec esp=0663fde8 ebp=0663fe50 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200206 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Symantec AntiVirus\Cliscan.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0663fe50 77e424ed 000001f4 00000000 00000fb5 ntdll!KiFastSystemCallRet 0663fe60 65efdc46 000001f4 00000000 00ec5b60 kernel32!Sleep+0xf 00000fb5 00000000 00000000 00000000 00000000 Cliscan!StopScanEngine+0x1a6 *----> Raw Stack Dump <----* 000000000663fde8 4b 6f 82 7c d1 1e e4 77 - 00 00 00 00 28 fe 63 06 Ko.|...w....(.c. 000000000663fdf8 5b f0 f5 77 60 5b ec 00 - 2d 80 eb 00 24 00 00 00 [..w`[..-...$... 000000000663fe08 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000663fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000663fe28 c0 b4 b3 ff ff ff ff ff - 00 00 00 00 28 fe 63 06 ............(.c. 000000000663fe38 f8 fd 63 06 05 00 00 00 - a8 ff 63 06 60 1a e6 77 ..c.......c.`..w 000000000663fe48 60 16 e6 77 00 00 00 00 - 60 fe 63 06 ed 24 e4 77 `..w....`.c..$.w 000000000663fe58 f4 01 00 00 00 00 00 00 - b5 0f 00 00 46 dc ef 65 ............F..e 000000000663fe68 f4 01 00 00 00 00 00 00 - 60 5b ec 00 b8 80 eb 00 ........`[...... 000000000663fe78 b8 ff 63 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ..c............. 000000000663fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000663fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000663fea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000663feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000663fec8 00 00 00 00 ae 41 a8 80 - 00 00 00 00 00 00 00 00 .....A.......... 000000000663fed8 02 02 00 00 e0 bb 1d b5 - d9 43 a8 80 02 00 00 00 .........C...... 000000000663fee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 000000000663fef8 f0 bb 1d b5 56 44 a8 80 - 00 00 00 00 00 00 00 00 ....VD.......... 000000000663ff08 1c bc 1d b5 00 00 37 00 - 00 00 00 00 30 35 ea 88 ......7.....05.. 000000000663ff18 98 00 00 00 13 00 00 00 - 01 00 01 00 6c fe 63 06 ............l.c. *----> State Dump for Thread Id 0xf64 <----* eax=ffffffff ebx=00000000 ecx=00000000 edx=7c8285ec esi=000004a0 edi=00000000 eip=7c8285ec esp=0684fed8 ebp=0684ff48 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0684ff48 77e61c8d 000004a0 000003e8 00000000 ntdll!KiFastSystemCallRet 0684ff5c 65ef15d9 000004a0 000003e8 0684ffb8 kernel32!WaitForSingleObject+0x12 0684ffb8 77e64829 0037ccc8 00000000 00000000 Cliscan!Ordinal203+0x15d9 0684ffec 00000000 7c36b1bf 0037ccc8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000684fed8 0b 7d 82 7c 1e 1d e6 77 - a0 04 00 00 00 00 00 00 .}.|...w........ 000000000684fee8 1c ff 84 06 6c 6f ea 00 - 00 00 00 00 00 00 00 00 ....lo.......... 000000000684fef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000684ff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000684ff18 00 00 00 00 80 69 67 ff - ff ff ff ff 00 70 fd 7f .....ig......p.. 000000000684ff28 1c ff 84 06 00 00 00 00 - ec fe 84 06 ac 6d f7 77 .............m.w 000000000684ff38 a8 ff 84 06 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 000000000684ff48 5c ff 84 06 8d 1c e6 77 - a0 04 00 00 e8 03 00 00 \......w........ 000000000684ff58 00 00 00 00 b8 ff 84 06 - d9 15 ef 65 a0 04 00 00 ...........e.... 000000000684ff68 e8 03 00 00 b8 ff 84 06 - 00 00 00 00 60 00 eb 00 ............`... 000000000684ff78 c8 cc 37 00 50 f1 39 00 - 00 00 00 00 00 00 00 00 ..7.P.9......... 000000000684ff88 2b b2 36 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 +.6|............ 000000000684ff98 c8 cc 37 00 01 00 00 00 - 90 ff 84 06 5e 00 85 80 ..7.........^... 000000000684ffa8 dc ff 84 06 e2 38 36 7c - 20 f6 39 7c 00 00 00 00 .....86| .9|.... 000000000684ffb8 ec ff 84 06 29 48 e6 77 - c8 cc 37 00 00 00 00 00 ....)H.w..7..... 000000000684ffc8 00 00 00 00 c8 cc 37 00 - 00 00 00 00 c4 ff 84 06 ......7......... 000000000684ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000684ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 bf b1 36 7c ..............6| 000000000684fff8 c8 cc 37 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ..7............. 0000000006850008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf68 <----* eax=00000000 ebx=0000bc04 ecx=07ed7c20 edx=7c223914 esi=083b4a10 edi=00000000 eip=62f2f81c esp=0694ee58 ebp=0694f130 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx - function: LDVPCtls!DllUnregisterServer 62f2f800 7479 jz LDVPCtls!DllUnregisterServer+0xe73b (62f2f87b) 62f2f802 f4 hlt 62f2f803 62e8 bound ebp,eax 62f2f805 c3 ret 62f2f806 2301 and eax,[ecx] 62f2f808 0085c074098b add [ebp+0x8b0974c0],al 62f2f80e 108bc8ff527c adc [ebx+0x7c52ffc8],cl 62f2f814 eb02 jmp LDVPCtls!DllUnregisterServer+0xe6d8 (62f2f818) 62f2f816 33c0 xor eax,eax 62f2f818 8b4c240c mov ecx,[esp+0xc] FAULT ->62f2f81c 8b5020 mov edx,[eax+0x20] ds:0023:00000020=???????? 62f2f81f 6a01 push 0x1 62f2f821 6a00 push 0x0 62f2f823 6a00 push 0x0 62f2f825 51 push ecx 62f2f826 6a00 push 0x0 62f2f828 52 push edx 62f2f829 ff15007bf462 call dword ptr [LDVPCtls!DllCanUnloadNow+0x5172 (62f47b00)] 62f2f82f 33c9 xor ecx,ecx 62f2f831 83f820 cmp eax,0x20 62f2f834 0f9fc1 setnle cl *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0694f130 7c1b0f28 00ec9038 00000000 0000ff9c LDVPCtls!DllUnregisterServer+0xe6dc 0694f160 7c1ade52 00000000 0000ff9c 0694f180 MFC71!Ordinal4261+0x10a 0694f188 7c1ac211 0000004e 00001388 0694f750 MFC71!Ordinal5373+0x52 0694f214 7c1acd7e 00070230 0694f2c4 00ec8e50 MFC71!Ordinal5652+0x29 0694f23c 7c1ad84f 00001388 ffffff9c 0694f2c4 MFC71!Ordinal4722+0x46 0694f2d4 7c1a9f01 0000004e 00001388 0694f750 MFC71!Ordinal5073+0x5f 0694f2f4 7c182872 0000004e 00001388 0694f750 MFC71!Ordinal6275+0x22 0694f31c 7c1ac5a9 0000004e 00001388 0694f750 MFC71!Ordinal6270+0x11c 0694f37c 7c1ac639 00000000 000901ea 0000004e MFC71!Ordinal1028+0x91 0694f39c 62f41f90 000901ea 0000004e 00001388 MFC71!Ordinal1209+0x34 0694f3c8 7739b6e3 000901ea 0000004e 00001388 LDVPCtls!DllUnregisterServer+0x20e50 0694f3f4 7739b874 62f41f62 000901ea 0000004e USER32!LoadCursorW+0x4cf5 0694f46c 7739bfce 00000000 62f41f62 000901ea USER32!LoadCursorW+0x4e86 0694f49c 773b0463 62f41f62 000901ea 0000004e USER32!CallWindowProcW+0x75 0694f4bc 7c1a9cbc 62f41f62 000901ea 0000004e USER32!CallWindowProcA+0x1b 0694f4dc 7c1a9f18 0000004e 00001388 0694f750 MFC71!Ordinal1908+0x42 0694f4f8 7c1ac5a9 0000004e 00001388 0694f750 MFC71!Ordinal6275+0x39 0694f558 7c1ac639 00000000 000901ea 0000004e MFC71!Ordinal1028+0x91 0694f578 65b6fe06 000901ea 0000004e 00001388 MFC71!Ordinal1209+0x34 0694f5a4 7739b6e3 000901ea 0000004e 00001388 scandlgs!DllUnregisterServer+0x68b6 0694f5d0 7739b874 65b6fdd8 000901ea 0000004e USER32!LoadCursorW+0x4cf5 0694f648 7739c2d3 00000000 65b6fdd8 000901ea USER32!LoadCursorW+0x4e86 0694f684 7739c337 006678a0 00667810 00001388 USER32!IsWindow+0x148 0694f6a4 77537910 000901ea 0000004e 00001388 USER32!SendMessageW+0x49 0694f73c 77541dbe 001b0388 ffffff9c 0694f750 COMCTL32!Ordinal73+0x764 0694f77c 7754187b 001b0388 00000008 00000000 COMCTL32!Ordinal330+0x1274 0694f7e4 775415d7 001b0388 0694f800 ffffffff COMCTL32!Ordinal330+0xd31 0694f830 77584c52 001b0388 00000008 00000003 COMCTL32!Ordinal330+0xa8d 0694f854 77585c5c 001b0388 00000008 00000001 COMCTL32!Ordinal384+0x22907 0694f870 77585ecd 001b0388 00000008 00000001 COMCTL32!Ordinal384+0x23911 0694f8f0 77586211 00070230 00000000 0000004e COMCTL32!Ordinal384+0x23b82 0694f910 775384d3 001b0388 00000000 0000004e COMCTL32!Ordinal384+0x23ec6 0694fa90 7739b6e3 00070230 00000201 00000001 COMCTL32!Ordinal73+0x1327 0694fabc 7739b874 77537dc7 00070230 00000201 USER32!LoadCursorW+0x4cf5 0694fb34 7739bfce 00000000 77537dc7 00070230 USER32!LoadCursorW+0x4e86 0694fb64 773b0463 ffff01e1 00070230 00000201 USER32!CallWindowProcW+0x75 0694fb84 7c1a9cbc ffff01e1 00070230 00000201 USER32!CallWindowProcA+0x1b 0694fba4 7c1a9f18 00000201 00000001 0081004e MFC71!Ordinal1908+0x42 0694fbc0 7c1ac5a9 00000201 00000001 0081004e MFC71!Ordinal6275+0x39 0694fc20 7c1ac639 00000000 00070230 00000201 MFC71!Ordinal1028+0x91 0694fc40 62f41f90 00070230 00000201 00000001 MFC71!Ordinal1209+0x34 0694fc6c 7739b6e3 00070230 00000201 00000001 LDVPCtls!DllUnregisterServer+0x20e50 0694fc98 7739b874 62f2a380 00070230 00000201 USER32!LoadCursorW+0x4cf5 0694fd10 7739ba92 00000000 62f2a380 00070230 USER32!LoadCursorW+0x4e86 0694fd78 7739bad0 04fb7d00 00000000 0694fdac USER32!TranslateMessageEx+0x10d 0694fd88 77395d78 04fb7d00 04fb7d00 04fb7d08 USER32!DispatchMessageW+0xf 0694fdac 7739fd1c 000a0256 00667958 04fb7d00 USER32!IsDialogMessageW+0xd7 0694fdcc 7c17e8dc 000a0256 04fb7d00 04fb7d00 USER32!IsDialogMessageA+0x3a 0694fe14 7c1b025a 00ec1598 04fb7d00 00ec1598 MFC71!Ordinal3919+0x200 7739cb50 084d8bec ffebb3e8 74c085ff 68788314 MFC71!Ordinal3920+0x20 8b55ff8b 00000000 00000000 00000000 00000000 0x84d8bec *----> Raw Stack Dump <----* 000000000694ee58 01 00 00 00 10 4a 3b 08 - 4e bc 00 00 20 7c ed 07 .....J;.N... |.. 000000000694ee68 e0 38 22 7c 20 7c ed 07 - 98 3a f9 00 04 01 00 00 .8"| |...:...... 000000000694ee78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000694ee88 05 10 00 00 50 ca 0a 05 - 0e 00 00 00 01 00 00 00 ....P........... 000000000694ee98 b8 ee 94 06 bc 9c 1a 7c - e1 01 ff ff 30 02 07 00 .......|....0... 000000000694eea8 05 10 00 00 00 00 00 00 - d8 c9 0a 05 38 90 ec 00 ............8... 000000000694eeb8 d4 ee 94 06 18 9f 1a 7c - 0b 00 00 00 38 8a 37 00 .......|....8.7. 000000000694eec8 9c f0 94 06 98 eb f4 00 - 01 00 00 00 34 ef 94 06 ............4... 000000000694eed8 10 c0 02 08 98 01 37 00 - 58 e3 f4 00 0e 00 00 00 ......7.X....... 000000000694eee8 f8 ef 94 06 80 f9 34 07 - 00 00 00 00 ea 01 09 00 ......4......... 000000000694eef8 4e 00 00 00 0f 00 00 00 - 00 00 00 00 00 00 00 00 N............... 000000000694ef08 00 00 00 00 00 00 00 00 - d0 01 14 00 24 f0 94 06 ............$... 000000000694ef18 30 b9 14 05 2c ef 94 06 - f8 c9 0a 05 40 ef 94 06 0...,.......@... 000000000694ef28 71 a7 82 7c 0b 00 00 00 - f8 c9 0a 05 00 00 14 00 q..|............ 000000000694ef38 04 00 00 00 4c ef 94 06 - 01 00 00 00 b5 9f 82 7c ....L..........| 000000000694ef48 50 92 1c 00 2c f0 94 06 - 3d 9f 82 7c 18 07 14 00 P...,...=..|.... 000000000694ef58 59 9f 82 7c 01 00 00 00 - c4 f0 94 06 58 92 1c 00 Y..|........X... 000000000694ef68 d8 c9 0a 05 00 00 00 00 - 00 00 00 00 01 00 00 00 ................ 000000000694ef78 b5 9f 82 7c 80 1b e4 07 - 60 f0 94 06 58 e3 f4 00 ...|....`...X... 000000000694ef88 78 07 37 00 59 9f 82 7c - b0 eb f4 00 88 1b e4 07 x.7.Y..|........ *----> State Dump for Thread Id 0xf7c <----* eax=06e0fa70 ebx=06e0fb8c ecx=00000004 edx=00000002 esi=06e0fb94 edi=7ffd7000 eip=7c8285ec esp=06e0fb40 ebp=06e0fbe8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090220.004\ccEraser.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 06e0fbe8 7739bbd1 00000003 06e0fc10 00000000 ntdll!KiFastSystemCallRet 06e0fc44 6d418954 00000002 06e0fd34 ffffffff USER32!MsgWaitForMultipleObjectsEx+0xd7 00000000 00000000 00000000 00000000 00000000 ccEraser!RemediateCacheW+0x11419b *----> Raw Stack Dump <----* 0000000006e0fb40 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 8c fb e0 06 .|.|, .w........ 0000000006e0fb50 01 00 00 00 00 00 00 00 - 00 00 00 00 03 00 00 00 ................ 0000000006e0fb60 00 00 00 00 00 00 00 00 - 24 00 00 00 01 00 00 00 ........$....... 0000000006e0fb70 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000006e0fb80 00 00 00 00 00 00 00 00 - 00 00 00 00 ac 03 00 00 ................ 0000000006e0fb90 9c 03 00 00 f8 04 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000006e0fba0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000006e0fbb0 00 00 00 00 00 70 fd 7f - 00 00 00 00 00 00 00 00 .....p.......... 0000000006e0fbc0 8c fb e0 06 01 00 00 00 - 01 00 00 00 03 00 00 00 ................ 0000000006e0fbd0 5c fb e0 06 00 00 00 00 - c0 fc e0 06 60 1a e6 77 \...........`..w 0000000006e0fbe0 f8 1f e6 77 00 00 00 00 - 44 fc e0 06 d1 bb 39 77 ...w....D.....9w 0000000006e0fbf0 03 00 00 00 10 fc e0 06 - 00 00 00 00 ff ff ff ff ................ 0000000006e0fc00 00 00 00 00 d8 43 a2 01 - d1 19 e6 77 ff ff ff ff .....C.....w.... 0000000006e0fc10 ac 03 00 00 9c 03 00 00 - f8 04 00 00 00 00 00 00 ................ 0000000006e0fc20 74 f3 52 6d 00 00 00 00 - 74 f3 52 6d 00 00 00 00 t.Rm....t.Rm.... 0000000006e0fc30 00 00 00 00 00 00 00 00 - 00 00 00 00 f8 04 00 00 ................ 0000000006e0fc40 10 fc e0 06 00 00 00 00 - 54 89 41 6d 02 00 00 00 ........T.Am.... 0000000006e0fc50 34 fd e0 06 ff ff ff ff - ff 04 00 00 00 00 00 00 4............... 0000000006e0fc60 7e ec ef e1 d8 43 a2 01 - 28 fd e0 06 e4 fc e0 06 ~....C..(....... 0000000006e0fc70 00 00 00 00 92 ec ef e1 - 10 fb e0 06 ff ff ff ff ................ Application exception occurred: App: C:\Program Files\NetLimiter\NetLimiter.exe (pid=2848) When: 22.02.2009 @ 00:09:42.203 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 448 lsass.exe 636 svchost.exe 708 svchost.exe 780 svchost.exe 796 svchost.exe 844 svchost.exe 900 ccSetMgr.exe 932 ccEvtMgr.exe 1040 SPBBCSvc.exe 1236 spoolsv.exe 1268 msdtc.exe 1368 DefWatch.exe 1392 svchost.exe 1416 jqs.exe 1528 svchost.exe 1588 Rtvscan.exe 1708 tssdis.exe 2020 svchost.exe 2072 alg.exe 2260 csrss.exe 2288 winlogon.exe 2468 rdpclip.exe 2556 Explorer.EXE 2788 ccApp.exe 2800 VPTray.exe 2848 NetLimiter.exe 2860 jusched.exe 2872 ctfmon.exe 2960 svchost.exe 3052 uTorrent.exe 3104 G6FTPSrv.exe 3184 Defraggler.exe 3356 wmiprvse.exe 4056 logon.scr 1696 csrss.exe 3192 winlogon.exe 3464 rdpclip.exe 3656 Explorer.EXE 4084 ccApp.exe 2988 VPTray.exe 3548 NetLimiter.exe 612 jusched.exe 3948 ctfmon.exe 344 uTorrent.exe 3380 G6FTPSrv.exe 3316 drwtsn32.exe *----> Module List <----* 0000000000400000 - 00000000004d2000: C:\Program Files\NetLimiter\NetLimiter.exe 0000000010000000 - 000000001000d000: C:\WINDOWS\system32\nl_msgs.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 0000000067510000 - 00000000676b5000: C:\Program Files\NetLimiter\SPORDER.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV 0000000074b40000 - 0000000074b63000: C:\WINDOWS\system32\oledlg.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\SHFOLDER.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076b80000 - 0000000076bae000: C:\WINDOWS\system32\credui.dll 0000000076cd0000 - 0000000076ce9000: C:\WINDOWS\system32\MPRAPI.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076dc0000 - 0000000076de8000: C:\WINDOWS\system32\adsldpc.dll 0000000076df0000 - 0000000076e24000: C:\WINDOWS\system32\ACTIVEDS.dll 0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll *----> State Dump for Thread Id 0xb24 <----* eax=010cc890 ebx=7c81a306 ecx=010de1f8 edx=00d09c08 esi=010dee38 edi=010de1f8 eip=00000000 esp=0012fbd4 ebp=00d09c20 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> No prior disassembly possible : 00000000 ?? ??? 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? FAULT ->: *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\NetLimiter.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\NetLimiter\NetLimiter.exe 00000000 ?? ??? Error 0x00000001 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? 00000010 ?? ??? 00000012 ?? ??? 00000014 ?? ??? *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - ChildEBP RetAddr Args to Child 0012fbd0 0041d76c 0012fbe8 010dee38 00d09b50 0x0 WARNING: Stack unwind information not available. Following frames may be wrong. 00d09c20 ffffffff 00000000 00000000 000001ec NetLimiter+0x1d76c 0017bd50 00d09c20 0017bf80 0017bb38 00000000 0xffffffff 00000000 00000000 00000000 00000000 00000000 0xd09c20 *----> Raw Stack Dump <----* 000000000012fbd4 6c d7 41 00 e8 fb 12 00 - 38 ee 0d 01 50 9b d0 00 l.A.....8...P... 000000000012fbe4 55 f3 41 00 00 00 0d 01 - 50 9b d0 00 38 ee 0d 01 U.A.....P...8... 000000000012fbf4 60 a3 81 7c 1a f8 41 00 - 38 ee 0d 01 50 9b d0 00 `..|..A.8...P... 000000000012fc04 00 00 00 00 a0 fc 12 00 - 40 f8 41 00 45 f8 41 00 [email protected]. 000000000012fc14 19 62 45 00 00 00 00 00 - 00 00 00 00 50 9b d0 00 .bE.........P... 000000000012fc24 50 9b d0 00 e8 79 17 00 - a0 fc 12 00 ef 59 45 00 P....y.......YE. 000000000012fc34 a5 00 ff ff a6 00 01 00 - 1a 00 00 00 00 00 00 00 ................ 000000000012fc44 1c fe 12 00 18 fd 12 00 - d4 58 45 00 00 00 00 00 .........XE..... 000000000012fc54 00 00 00 00 00 00 00 00 - 7c fc 12 00 eb 5a 47 00 ........|....ZG. 000000000012fc64 ff ff ff ff 88 fc 12 00 - e8 79 17 00 34 fc 12 00 .........y..4... 000000000012fc74 d4 58 45 00 00 00 00 00 - 18 fd 12 00 e4 2e 4b 00 .XE...........K. 000000000012fc84 c8 2e 4b 00 e4 2e 4b 00 - dc f2 47 00 00 00 00 00 ..K...K...G..... 000000000012fc94 14 fd 12 00 e7 4d 47 00 - ff ff ff ff c0 fc 12 00 .....MG......... 000000000012fca4 85 2b 45 00 64 04 00 00 - 00 00 00 00 78 ff 47 00 .+E.d.......x.G. 000000000012fcb4 bc fc 12 00 64 04 00 00 - 00 00 00 00 20 fd 12 00 ....d....... ... 000000000012fcc4 2f 4b 45 00 64 04 00 00 - 00 00 00 00 00 00 00 00 /KE.d........... 000000000012fcd4 b8 fd 12 00 90 00 01 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fcf4 00 00 00 00 00 00 00 00 - 1c fd 12 00 eb 5a 47 00 .............ZG. 000000000012fd04 ff ff ff ff 28 fd 12 00 - e8 79 17 00 d4 fc 12 00 ....(....y...... *----> State Dump for Thread Id 0xb54 <----* eax=0043f1f5 ebx=00d07a48 ecx=00000000 edx=00000000 esi=000000f8 edi=00000000 eip=7c8285ec esp=00fcfed8 ebp=00fcff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00fcff48 77e61c8d 000000f8 ffffffff 00000000 ntdll!KiFastSystemCallRet 00fcff5c 0042ad03 000000f8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 77e61c7b ff006aec 75ff0c75 0009e808 c25d0000 NetLimiter+0x2ad03 8b55ff8b 00000000 00000000 00000000 00000000 0xff006aec *----> Raw Stack Dump <----* 0000000000fcfed8 0b 7d 82 7c 1e 1d e6 77 - f8 00 00 00 00 00 00 00 .}.|...w........ 0000000000fcfee8 00 00 00 00 00 00 00 00 - 00 47 d0 00 48 7a d0 00 .........G..Hz.. 0000000000fcfef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000000fcff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000fcff18 00 00 00 00 48 29 ba 88 - 01 00 00 00 00 70 fd 7f ....H).......p.. 0000000000fcff28 00 00 00 00 7c fa df ff - ec fe fc 00 00 d0 fd 7f ....|........... 0000000000fcff38 7c ff fc 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 |...`..wH..w.... 0000000000fcff48 5c ff fc 00 8d 1c e6 77 - f8 00 00 00 ff ff ff ff \......w........ 0000000000fcff58 00 00 00 00 7b 1c e6 77 - 03 ad 42 00 f8 00 00 00 ....{..w..B..... 0000000000fcff68 ff ff ff ff 00 00 00 00 - 48 7a d0 00 b8 ff fc 00 ........Hz...... 0000000000fcff78 48 7a d0 00 a8 ff fc 00 - 38 48 47 00 ff ff ff ff Hz......8HG..... 0000000000fcff88 64 f2 43 00 00 47 d0 00 - 00 00 00 00 00 00 00 00 d.C..G.......... 0000000000fcff98 48 7a d0 00 01 00 00 00 - 90 ff fc 00 5e 00 85 80 Hz..........^... 0000000000fcffa8 dc ff fc 00 18 e6 43 00 - 28 89 48 00 00 00 00 00 ......C.(.H..... 0000000000fcffb8 ec ff fc 00 29 48 e6 77 - 48 7a d0 00 00 00 00 00 ....)H.wHz...... 0000000000fcffc8 00 00 00 00 48 7a d0 00 - 00 00 00 00 c4 ff fc 00 ....Hz.......... 0000000000fcffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000000fcffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f5 f1 43 00 ..............C. 0000000000fcfff8 48 7a d0 00 00 00 00 00 - 00 00 00 00 00 00 00 00 Hz.............. 0000000000fd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xb58 <----* eax=00000001 ebx=00000009 ecx=010c7f00 edx=00000000 esi=00000108 edi=00000000 eip=7c8285ec esp=012dfec0 ebp=012dff30 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 012dff30 77e61c8d 00000108 000003e8 00000000 ntdll!KiFastSystemCallRet 012dff44 0040786c 00000108 000003e8 00000000 kernel32!WaitForSingleObject+0x12 012dff84 0043f264 004abd50 00000000 00000000 NetLimiter+0x786c 012dffb8 77e64829 010271e0 00000000 00000000 NetLimiter+0x3f264 012dffec 00000000 0043f1f5 010271e0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000012dfec0 0b 7d 82 7c 1e 1d e6 77 - 08 01 00 00 00 00 00 00 .}.|...w........ 00000000012dfed0 04 ff 2d 01 18 00 00 00 - 50 bd 4a 00 09 00 00 00 ..-.....P.J..... 00000000012dfee0 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000012dfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000012dff00 00 00 00 00 80 69 67 ff - ff ff ff ff 00 70 fd 7f .....ig......p.. 00000000012dff10 04 ff 2d 01 68 07 00 00 - d4 fe 2d 01 2c 0b 00 00 ..-.h.....-.,... 00000000012dff20 74 ff 2d 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 t.-.`..wH..w.... 00000000012dff30 44 ff 2d 01 8d 1c e6 77 - 08 01 00 00 e8 03 00 00 D.-....w........ 00000000012dff40 00 00 00 00 84 ff 2d 01 - 6c 78 40 00 08 01 00 00 ......-.lx@..... 00000000012dff50 e8 03 00 00 00 00 00 00 - e0 71 02 01 e0 71 02 01 .........q...q.. 00000000012dff60 50 bd 4a 00 09 00 00 00 - 18 00 00 00 20 f1 72 f7 P.J......... .r. 00000000012dff70 a8 ff 2d 01 a8 ff 2d 01 - 18 e6 43 00 58 a3 47 00 ..-...-...C.X.G. 00000000012dff80 ff ff ff ff b8 ff 2d 01 - 64 f2 43 00 50 bd 4a 00 ......-.d.C.P.J. 00000000012dff90 00 00 00 00 00 00 00 00 - e0 71 02 01 01 00 00 00 .........q...... 00000000012dffa0 90 ff 2d 01 5e 00 85 80 - dc ff 2d 01 18 e6 43 00 ..-.^.....-...C. 00000000012dffb0 28 89 48 00 00 00 00 00 - ec ff 2d 01 29 48 e6 77 (.H.......-.)H.w 00000000012dffc0 e0 71 02 01 00 00 00 00 - 00 00 00 00 e0 71 02 01 .q...........q.. 00000000012dffd0 00 00 00 00 c4 ff 2d 01 - 5d 06 85 80 ff ff ff ff ......-.]....... 00000000012dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000012dfff0 00 00 00 00 f5 f1 43 00 - e0 71 02 01 00 00 00 00 ......C..q...... *----> State Dump for Thread Id 0xb60 <----* eax=0043f1f5 ebx=77e424de ecx=00000000 edx=00000000 esi=004abc34 edi=00000000 eip=7c8285ec esp=013dff20 ebp=013dff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 013dff4c 0043028e 0000018c 013dff84 013dff78 ntdll!KiFastSystemCallRet 77e5bedd 10ec83ec 0c758b56 7589f685 8337740c NetLimiter+0x3028e 8b55ff8b 00000000 00000000 00000000 00000000 0x10ec83ec *----> Raw Stack Dump <----* 00000000013dff20 db 77 82 7c a2 be e5 77 - 8c 01 00 00 78 ff 3d 01 .w.|...w....x.=. 00000000013dff30 64 ff 3d 01 44 ff 3d 01 - 00 00 00 00 00 00 00 00 d.=.D.=......... 00000000013dff40 68 e7 b7 88 30 25 a8 80 - 12 55 e6 77 dd be e5 77 h...0%...U.w...w 00000000013dff50 8e 02 43 00 8c 01 00 00 - 84 ff 3d 01 78 ff 3d 01 ..C.......=.x.=. 00000000013dff60 80 ff 3d 01 ff ff ff ff - 00 00 00 00 f8 84 02 01 ..=............. 00000000013dff70 b8 ff 3d 01 f8 84 02 01 - 18 55 e6 77 ff ff ff ff ..=......U.w.... 00000000013dff80 12 55 e6 77 23 f2 43 00 - 64 f2 43 00 34 bc 4a 00 .U.w#.C.d.C.4.J. 00000000013dff90 00 00 00 00 00 00 00 00 - f8 84 02 01 01 00 00 00 ................ 00000000013dffa0 90 ff 3d 01 5e 00 85 80 - dc ff 3d 01 18 e6 43 00 ..=.^.....=...C. 00000000013dffb0 28 89 48 00 00 00 00 00 - ec ff 3d 01 29 48 e6 77 (.H.......=.)H.w 00000000013dffc0 f8 84 02 01 00 00 00 00 - 00 00 00 00 f8 84 02 01 ................ 00000000013dffd0 00 00 00 00 c4 ff 3d 01 - 5d 06 85 80 ff ff ff ff ......=.]....... 00000000013dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000013dfff0 00 00 00 00 f5 f1 43 00 - f8 84 02 01 00 00 00 00 ......C......... 00000000013e0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xc40 <----* eax=00000000 ebx=003f3240 ecx=00168ff0 edx=00168f48 esi=000000c4 edi=00000000 eip=7c8285ec esp=0154fec8 ebp=0154ff38 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgs.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgs.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0154ff38 77e61c8d 000000c4 ffffffff 00000000 ntdll!KiFastSystemCallRet 0154ff4c 77cb07d6 000000c4 ffffffff 00168f48 kernel32!WaitForSingleObject+0x12 0154ff60 77ca6ce9 ffffffff 003f3218 003f3240 RPCRT4!RpcMgmtSetAuthorizationFn+0x27a5 0154ff78 1000124c 00000000 003f32d8 10001b1e RPCRT4!I_RpcServerCheckClientRestriction+0x3a4 0154ffb8 77e64829 003f3240 00000000 00000000 nl_msgs!CreateNLMsgServer+0x15c 0154ffec 00000000 10001aaf 003f3240 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000154fec8 0b 7d 82 7c 1e 1d e6 77 - c4 00 00 00 00 00 00 00 .}.|...w........ 000000000154fed8 00 00 00 00 00 00 00 00 - f0 8f 16 00 40 32 3f 00 ............@2?. 000000000154fee8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000154fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff08 00 00 00 00 24 ff 54 01 - b3 41 c7 77 00 70 fd 7f ....$.T..A.w.p.. 000000000154ff18 00 00 00 00 48 8f 16 00 - dc fe 54 01 78 6d 18 00 ....H.....T.xm.. 000000000154ff28 a8 ff 54 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..T.`..wH..w.... 000000000154ff38 4c ff 54 01 8d 1c e6 77 - c4 00 00 00 ff ff ff ff L.T....w........ 000000000154ff48 00 00 00 00 60 ff 54 01 - d6 07 cb 77 c4 00 00 00 ....`.T....w.... 000000000154ff58 ff ff ff ff 48 8f 16 00 - 78 ff 54 01 e9 6c ca 77 ....H...x.T..l.w 000000000154ff68 ff ff ff ff 18 32 3f 00 - 40 32 3f 00 48 8f 16 00 .....2?.@2?.H... 000000000154ff78 b8 ff 54 01 4c 12 00 10 - 00 00 00 00 d8 32 3f 00 ..T.L........2?. 000000000154ff88 1e 1b 00 10 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff98 40 32 3f 00 01 00 00 00 - 90 ff 54 01 5e 00 85 80 @2?.......T.^... 000000000154ffa8 dc ff 54 01 6c 20 00 10 - e0 83 00 10 00 00 00 00 ..T.l .......... 000000000154ffb8 ec ff 54 01 29 48 e6 77 - 40 32 3f 00 00 00 00 00 ..T.)H.w@2?..... 000000000154ffc8 00 00 00 00 40 32 3f 00 - 00 00 00 00 c4 ff 54 01 ....@2?.......T. 000000000154ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000154ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 af 1a 00 10 ................ 000000000154fff8 40 32 3f 00 00 00 00 00 - da da 01 00 00 00 0b 00 @2?............. *----> State Dump for Thread Id 0xc44 <----* eax=00000000 ebx=0018e3d8 ecx=00d0d380 edx=00cb002a esi=001958d0 edi=00000000 eip=7c8285ec esp=0165fe1c ebp=0165ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0165ff84 77c88792 0165ffac 77c8872d 001958d0 ntdll!KiFastSystemCallRet 0165ff8c 77c8872d 001958d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0165ffac 77c7b110 00168f48 0165ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0165ffb8 77e64829 00194118 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0165ffec 00000000 77c7b0f5 00194118 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000165fe1c 3b 78 82 7c ac 85 c8 77 - a4 01 00 00 74 ff 65 01 ;x.|...w....t.e. 000000000165fe2c 38 fe 65 01 d8 e3 18 00 - 54 ff 65 01 58 00 70 00 8.e.....T.e.X.p. 000000000165fe3c 00 00 00 00 ec 0b 00 00 - 10 0c 00 00 c9 3b 46 00 .............;F. 000000000165fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000165fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fe6c 00 00 00 00 34 00 00 00 - ec 0b 00 00 10 0c 00 00 ....4........... 000000000165fe7c e8 02 00 00 00 00 00 00 - 1f 40 00 00 9c de 64 01 [email protected]. 000000000165fe8c 64 01 00 00 92 fd 62 7a - 79 94 c9 01 5e 00 00 00 d.....bzy...^... 000000000165fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 000000000165fedc e0 bb 0c b5 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .....C.......... 000000000165feec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 bb 0c b5 .C.............. 000000000165fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c bc 0c b5 VD.............. 000000000165ff0c c7 d5 83 80 b0 fd af 88 - 58 fe af 88 00 00 00 00 ........X....... 000000000165ff1c b0 fd af 88 01 00 00 00 - ff ff ff ff 00 00 00 00 ................ 000000000165ff2c 7c fa df ff 84 ff 65 01 - a6 84 c8 77 4c ff 65 01 |.....e....wL.e. 000000000165ff3c b6 84 c8 77 ab a3 81 7c - e8 3a 19 00 18 41 19 00 ...w...|.:...A.. 000000000165ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xc4c <----* eax=00000000 ebx=0018e2c8 ecx=00d0d3f8 edx=00cb002a esi=001958d0 edi=00000000 eip=7c8285ec esp=0185fe1c ebp=0185ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0185ff84 77c88792 0185ffac 77c8872d 001958d0 ntdll!KiFastSystemCallRet 0185ff8c 77c8872d 001958d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0185ffac 77c7b110 00168f48 0185ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0185ffb8 77e64829 0018f330 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0185ffec 00000000 77c7b0f5 0018f330 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000185fe1c 3b 78 82 7c ac 85 c8 77 - a4 01 00 00 74 ff 85 01 ;x.|...w....t... 000000000185fe2c 38 fe 85 01 c8 e2 18 00 - 54 ff 85 01 58 00 70 00 8.......T...X.p. 000000000185fe3c 00 00 00 00 ec 0b 00 00 - 10 0c 00 00 c8 3b 46 00 .............;F. 000000000185fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000185fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fe6c 00 00 00 00 34 00 00 00 - ec 0b 00 00 10 0c 00 00 ....4........... 000000000185fe7c e8 02 00 00 00 00 00 00 - 1f 40 00 00 53 9a 04 6c [email protected] 000000000185fe8c 1a e1 00 00 92 fd 62 7a - 79 94 c9 01 30 01 00 00 ......bzy...0... 000000000185fe9c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fedc 70 1a ec 88 f4 43 a8 80 - 00 00 00 00 00 00 00 00 p....C.......... 000000000185feec f4 43 a8 80 00 00 00 00 - 00 00 00 00 f0 bb f3 b4 .C.............. 000000000185fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c bc f3 b4 VD.............. 000000000185ff0c c7 d5 83 80 f8 19 ec 88 - a0 1a ec 88 01 00 00 00 ................ 000000000185ff1c f8 19 ec 88 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185ff2c 7c fa 72 f7 84 ff 85 01 - a6 84 c8 77 4c ff 85 01 |.r........wL... 000000000185ff3c b6 84 c8 77 ab a3 81 7c - 08 f3 18 00 30 f3 18 00 ...w...|....0... 000000000185ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xc5c <----* eax=00000000 ebx=00190bf8 ecx=00d0d3f8 edx=00cb002a esi=001958d0 edi=00000000 eip=7c8285ec esp=0195fe1c ebp=0195ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0195ff84 77c88792 0195ffac 77c8872d 001958d0 ntdll!KiFastSystemCallRet 0195ff8c 77c8872d 001958d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0195ffac 77c7b110 00168f48 0195ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0195ffb8 77e64829 00190940 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0195ffec 00000000 77c7b0f5 00190940 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000195fe1c 3b 78 82 7c ac 85 c8 77 - a4 01 00 00 74 ff 95 01 ;x.|...w....t... 000000000195fe2c 38 fe 95 01 f8 0b 19 00 - 54 ff 95 01 58 00 70 00 8.......T...X.p. 000000000195fe3c 00 00 00 00 ec 0b 00 00 - 10 0c 00 00 ca 3b 46 00 .............;F. 000000000195fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000195fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000195fe6c 00 00 00 00 34 00 00 00 - ec 0b 00 00 10 0c 00 00 ....4........... 000000000195fe7c e8 02 00 00 00 00 00 00 - 1f 40 00 00 53 9a 04 6c [email protected] 000000000195fe8c 1a e1 00 00 92 fd 62 7a - 79 94 c9 01 30 01 00 00 ......bzy...0... 000000000195fe9c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000195feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000195febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000195fecc 00 00 00 00 20 f1 df ff - 00 00 00 00 00 f1 df ff .... ........... 000000000195fedc 00 00 00 00 00 00 00 00 - 00 f1 df ff 00 00 00 00 ................ 000000000195feec e4 fb f2 b4 56 44 a8 80 - 20 f1 df ff 00 00 00 00 ....VD.. ....... 000000000195fefc 00 fc f2 b4 0c d6 83 80 - 01 00 00 00 7c fa df ff ............|... 000000000195ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 fc f2 b4 ................ 000000000195ff1c 5c e5 83 80 00 00 00 00 - 50 96 ad 88 f8 96 ad 88 \.......P....... 000000000195ff2c 80 93 8b 80 84 ff 95 01 - a6 84 c8 77 4c ff 95 01 ...........wL... 000000000195ff3c b6 84 c8 77 ab a3 81 7c - 18 09 19 00 40 09 19 00 ...w...|....@... 000000000195ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... Application exception occurred: App: C:\Program Files\Symantec AntiVirus\VPC32.exe (pid=960) When: 28.02.2009 @ 09:53:49.906 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 372 csrss.exe 396 winlogon.exe 444 services.exe 456 lsass.exe 628 svchost.exe 700 svchost.exe 780 svchost.exe 820 svchost.exe 844 svchost.exe 900 ccSetMgr.exe 928 ccEvtMgr.exe 1036 SPBBCSvc.exe 1208 spoolsv.exe 1248 msdtc.exe 1360 DefWatch.exe 1416 svchost.exe 1456 jqs.exe 1524 svchost.exe 1548 Rtvscan.exe 1696 tssdis.exe 2020 svchost.exe 2080 alg.exe 2628 wmiprvse.exe 2884 csrss.exe 2912 winlogon.exe 3088 rdpclip.exe 3164 Explorer.EXE 3232 ccApp.exe 3272 VPTray.exe 3288 NetLimiter.exe 3296 jusched.exe 3324 ctfmon.exe 3368 uTorrent.exe 3436 G6FTPSrv.exe 3468 svchost.exe 4020 logon.scr 960 VPC32.exe 2556 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000447000: C:\Program Files\Symantec AntiVirus\VPC32.exe 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000004b750000 - 000000004b7d9000: C:\WINDOWS\system32\hhctrl.ocx 000000005d360000 - 000000005d36e000: C:\WINDOWS\system32\MFC71ENU.DLL 0000000061f80000 - 0000000061f93000: C:\Program Files\Symantec AntiVirus\SDSTP32I.DLL 0000000061fa0000 - 0000000061faf000: C:\Program Files\Symantec AntiVirus\SDSOK32I.DLL 0000000062f10000 - 0000000062f97000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx 0000000065470000 - 00000000654ab000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx 00000000654b0000 - 00000000654f4000: C:\Program Files\Common Files\Symantec Shared\SSC\LDVPTask.ocx 0000000065aa0000 - 0000000065af2000: C:\Program Files\Symantec AntiVirus\scandres.dll 0000000065b00000 - 0000000065b43000: C:\Program Files\Symantec AntiVirus\SCANDLVR.DLL 0000000065b50000 - 0000000065b97000: C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll 0000000065e10000 - 0000000065e20000: C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL 0000000065ef0000 - 0000000065fa3000: C:\Program Files\Symantec AntiVirus\Cliscan.dll 0000000065fb0000 - 0000000065ffd000: C:\Program Files\Symantec AntiVirus\Cliproxy.dll 0000000068000000 - 0000000068035000: C:\WINDOWS\system32\rsaenh.dll 0000000071b20000 - 0000000071b61000: C:\WINDOWS\system32\MSWSOCK.dll 0000000071bb0000 - 0000000071bb9000: C:\WINDOWS\system32\WSOCK32.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\netapi32.dll 00000000745e0000 - 000000007489e000: C:\WINDOWS\system32\msi.dll 0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\SXS.DLL 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\shfolder.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\userenv.dll 0000000076b10000 - 0000000076b15000: C:\WINDOWS\system32\SFC.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll 0000000076be0000 - 0000000076c0b000: C:\WINDOWS\system32\sfc_os.dll 0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c140000 - 000000007c246000: C:\WINDOWS\system32\MFC71.DLL 000000007c360000 - 000000007c3b6000: C:\WINDOWS\system32\MSVCR71.dll 000000007c3c0000 - 000000007c43c000: C:\WINDOWS\system32\MSVCP71.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll *----> State Dump for Thread Id 0x600 <----* eax=00000000 ebx=0000bc04 ecx=00e439c0 edx=7c223914 esi=0037def0 edi=00000000 eip=62f2f81c esp=0012efac ebp=0012f284 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx - function: LDVPCtls!DllUnregisterServer 62f2f800 7479 jz LDVPCtls!DllUnregisterServer+0xe73b (62f2f87b) 62f2f802 f4 hlt 62f2f803 62e8 bound ebp,eax 62f2f805 c3 ret 62f2f806 2301 and eax,[ecx] 62f2f808 0085c074098b add [ebp+0x8b0974c0],al 62f2f80e 108bc8ff527c adc [ebx+0x7c52ffc8],cl 62f2f814 eb02 jmp LDVPCtls!DllUnregisterServer+0xe6d8 (62f2f818) 62f2f816 33c0 xor eax,eax 62f2f818 8b4c240c mov ecx,[esp+0xc] FAULT ->62f2f81c 8b5020 mov edx,[eax+0x20] ds:0023:00000020=???????? 62f2f81f 6a01 push 0x1 62f2f821 6a00 push 0x0 62f2f823 6a00 push 0x0 62f2f825 51 push ecx 62f2f826 6a00 push 0x0 62f2f828 52 push edx 62f2f829 ff15007bf462 call dword ptr [LDVPCtls!DllCanUnloadNow+0x5172 (62f47b00)] 62f2f82f 33c9 xor ecx,ecx 62f2f831 83f820 cmp eax,0x20 62f2f834 0f9fc1 setnle cl *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MFC71.DLL - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0012f284 7c1b0f28 00e4c698 00000000 0000ff9c LDVPCtls!DllUnregisterServer+0xe6dc 0012f2b4 7c1ade52 00000000 0000ff9c 0012f2d4 MFC71!Ordinal4261+0x10a 0012f2dc 7c1ac211 0000004e 00001388 0012f8a4 MFC71!Ordinal5373+0x52 0012f368 7c1acd7e 00090242 0012f418 00e4c4b0 MFC71!Ordinal5652+0x29 0012f390 7c1ad84f 00001388 ffffff9c 0012f418 MFC71!Ordinal4722+0x46 0012f428 7c1a9f01 0000004e 00001388 0012f8a4 MFC71!Ordinal5073+0x5f 0012f448 7c182872 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x22 0012f470 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6270+0x11c 0012f4d0 7c1ac639 00000000 000d0194 0000004e MFC71!Ordinal1028+0x91 0012f4f0 62f41f90 000d0194 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f51c 7739b6e3 000d0194 0000004e 00001388 LDVPCtls!DllUnregisterServer+0x20e50 0012f548 7739b874 62f41f62 000d0194 0000004e USER32!LoadCursorW+0x4cf5 0012f5c0 7739bfce 00000000 62f41f62 000d0194 USER32!LoadCursorW+0x4e86 0012f5f0 773b0463 62f41f62 000d0194 0000004e USER32!CallWindowProcW+0x75 0012f610 7c1a9cbc 62f41f62 000d0194 0000004e USER32!CallWindowProcA+0x1b 0012f630 7c1a9f18 0000004e 00001388 0012f8a4 MFC71!Ordinal1908+0x42 0012f64c 7c1ac5a9 0000004e 00001388 0012f8a4 MFC71!Ordinal6275+0x39 0012f6ac 7c1ac639 00000000 000d0194 0000004e MFC71!Ordinal1028+0x91 0012f6cc 65b6fe06 000d0194 0000004e 00001388 MFC71!Ordinal1209+0x34 0012f6f8 7739b6e3 000d0194 0000004e 00001388 scandlgs!DllUnregisterServer+0x68b6 0012f724 7739b874 65b6fdd8 000d0194 0000004e USER32!LoadCursorW+0x4cf5 0012f79c 7739c2d3 00000000 65b6fdd8 000d0194 USER32!LoadCursorW+0x4e86 0012f7d8 7739c337 0065a800 0065d078 00001388 USER32!IsWindow+0x148 0012f7f8 77537910 000d0194 0000004e 00001388 USER32!SendMessageW+0x49 0012f890 77541dbe 001aff68 ffffff9c 0012f8a4 COMCTL32!Ordinal73+0x764 0012f8d0 7754187b 001aff68 00000000 00000000 COMCTL32!Ordinal330+0x1274 0012f938 775415d7 001aff68 0012f954 ffffffff COMCTL32!Ordinal330+0xd31 0012f984 77584c52 001aff68 00000000 00000003 COMCTL32!Ordinal330+0xa8d 0012f9a8 77585c5c 001aff68 00000000 00000001 COMCTL32!Ordinal384+0x22907 0012f9c4 77585ecd 001aff68 00000000 00000001 COMCTL32!Ordinal384+0x23911 0012fa44 77586211 00090242 00000000 00000064 COMCTL32!Ordinal384+0x23b82 0012fa64 775384d3 001aff68 00000000 00000064 COMCTL32!Ordinal384+0x23ec6 0012fbe4 7739b6e3 00090242 00000201 00000001 COMCTL32!Ordinal73+0x1327 0012fc10 7739b874 77537dc7 00090242 00000201 USER32!LoadCursorW+0x4cf5 0012fc88 7739bfce 00000000 77537dc7 00090242 USER32!LoadCursorW+0x4e86 0012fcb8 773b0463 ffff011d 00090242 00000201 USER32!CallWindowProcW+0x75 0012fcd8 7c1a9cbc ffff011d 00090242 00000201 USER32!CallWindowProcA+0x1b 0012fcf8 7c1a9f18 00000201 00000001 00200064 MFC71!Ordinal1908+0x42 0012fd14 7c1ac5a9 00000201 00000001 00200064 MFC71!Ordinal6275+0x39 0012fd74 7c1ac639 00000000 00090242 00000201 MFC71!Ordinal1028+0x91 0012fd94 62f41f90 00090242 00000201 00000001 MFC71!Ordinal1209+0x34 0012fdc0 7739b6e3 00090242 00000201 00000001 LDVPCtls!DllUnregisterServer+0x20e50 0012fdec 7739b874 62f2a380 00090242 00000201 USER32!LoadCursorW+0x4cf5 0012fe64 7739ba92 00000000 62f2a380 00090242 USER32!LoadCursorW+0x4e86 0012fecc 773a16e5 00145488 00000001 00000000 USER32!TranslateMessageEx+0x10d 0012fedc 7c1b1645 00145488 00145488 0042c130 USER32!DispatchMessageA+0xf 00000000 00000000 00000000 00000000 00000000 MFC71!Ordinal1106+0x3e *----> Raw Stack Dump <----* 000000000012efac 01 00 00 00 f0 de 37 00 - 4e bc 00 00 c0 39 e4 00 ......7.N....9.. 000000000012efbc e0 38 22 7c c0 39 e4 00 - d0 36 e4 00 04 01 00 00 .8"|.9...6...... 000000000012efcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012efdc 05 10 00 00 a0 ea 16 00 - f0 f1 12 00 01 00 00 00 ................ 000000000012efec 38 02 14 00 bc 9c 1a 7c - 1d 01 ff ff 78 01 37 00 8......|....x.7. 000000000012effc 05 10 00 00 c8 84 e4 00 - 28 ea 16 00 50 16 e5 00 ........(...P... 000000000012f00c 28 f0 12 00 78 01 37 00 - 14 00 00 00 00 00 00 00 (...x.7......... 000000000012f01c 09 00 00 00 05 10 00 00 - 78 01 37 00 88 f0 12 00 ........x.7..... 000000000012f02c c0 01 14 00 38 02 14 00 - 00 00 00 00 c8 84 e4 00 ....8........... 000000000012f03c 4c f1 12 00 98 1e e5 00 - 00 00 00 00 c0 84 e4 00 L............... 000000000012f04c 4e 00 00 00 78 01 37 00 - 00 00 00 00 00 00 00 00 N...x.7......... 000000000012f05c 18 02 14 00 00 00 00 05 - 84 f0 12 00 78 f1 12 00 ............x... 000000000012f06c 88 48 16 00 80 f0 12 00 - 48 ea 16 00 94 f0 12 00 .H......H....... 000000000012f07c 71 a7 82 7c 14 00 00 00 - 48 ea 16 00 78 01 37 00 q..|....H...x.7. 000000000012f08c 2e 06 00 00 a0 f0 12 00 - 01 00 00 00 b5 9f 82 7c ...............| 000000000012f09c f0 2b 16 00 80 f1 12 00 - 58 16 e5 00 18 07 14 00 .+......X....... 000000000012f0ac 59 9f 82 7c 01 00 00 00 - 18 f2 12 00 f8 2b 16 00 Y..|.........+.. 000000000012f0bc 28 ea 16 00 00 00 00 00 - 00 00 00 00 01 00 00 00 (............... 000000000012f0cc b5 9f 82 7c c8 71 37 00 - b4 f1 12 00 58 16 e5 00 ...|.q7.....X... 000000000012f0dc 78 07 37 00 59 9f 82 7c - a0 8c e4 00 d0 71 37 00 x.7.Y..|.....q7. *----> State Dump for Thread Id 0x79c <----* eax=7c80e1fa ebx=00bafef0 ecx=00000000 edx=00000000 esi=00000002 edi=00000000 eip=7c8285ec esp=00bafea4 ebp=00baff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00baff48 7c80e4a2 00000002 00baff70 00000000 ntdll!KiFastSystemCallRet 00baffb8 77e64829 00000000 00000000 00000000 ntdll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus+0x301 00baffec 00000000 7c80e1fa 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000bafea4 fb 7c 82 7c bb e5 80 7c - 02 00 00 00 f0 fe ba 00 .|.|...|........ 0000000000bafeb4 01 00 00 00 01 00 00 00 - 10 ff ba 00 00 10 00 00 ................ 0000000000bafec4 88 1f 9b 00 c0 83 88 7c - 24 00 00 00 01 00 00 00 .......|$....... 0000000000bafed4 00 00 00 00 00 00 00 00 - 30 00 00 00 ff ff ff ff ........0....... 0000000000bafee4 ff ff ff ff 61 d3 80 7c - 00 00 00 00 70 00 00 00 ....a..|....p... 0000000000bafef4 7c 00 00 00 08 00 00 c0 - 00 10 00 00 30 ff ba 00 |...........0... 0000000000baff04 d1 96 82 7c d6 96 82 7c - 00 10 00 00 00 a2 2f 4d ...|...|....../M 0000000000baff14 ff ff ff ff 00 f0 fd 7f - c0 83 88 7c 10 ff ba 00 ...........|.... 0000000000baff24 f0 fe ba 00 e0 96 82 7c - 02 00 00 00 c0 fe ba 00 .......|........ 0000000000baff34 ae e1 80 7c dc ff ba 00 - 70 82 82 7c c8 d3 80 7c ...|....p..|...| 0000000000baff44 00 00 00 00 b8 ff ba 00 - a2 e4 80 7c 02 00 00 00 ...........|.... 0000000000baff54 70 ff ba 00 00 00 00 00 - e0 93 04 00 01 00 00 00 p............... 0000000000baff64 00 00 00 00 00 00 00 00 - 00 00 00 00 70 00 00 00 ............p... 0000000000baff74 7c 00 00 00 00 10 00 00 - 88 1f 9b 00 00 10 00 00 |............... 0000000000baff84 90 2f 9b 00 80 70 88 7c - 00 00 00 00 20 00 00 00 ./...p.|.... ... 0000000000baff94 a0 70 88 7c 00 10 00 00 - 80 70 88 7c 88 1f 9b 00 .p.|.....p.|.... 0000000000baffa4 00 00 00 00 a0 70 88 7c - e5 03 00 00 00 10 00 00 .....p.|........ 0000000000baffb4 90 2f 9b 00 ec ff ba 00 - 29 48 e6 77 00 00 00 00 ./......)H.w.... 0000000000baffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000baffd4 c4 ff ba 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w *----> State Dump for Thread Id 0xae4 <----* eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001 eip=7c8285ec esp=0113fcf0 ebp=0113ffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0113ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet 0113ffec 00000000 7c83c643 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000113fcf0 fb 7c 82 7c 8e c7 83 7c - 13 00 00 00 34 fd 13 01 .|.|...|....4... 000000000113fd00 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fd10 00 00 00 00 00 00 00 00 - 88 96 88 7c 88 96 88 7c ...........|...| 000000000113fd20 04 02 00 00 e4 0a 00 00 - 13 00 00 00 13 00 00 00 ................ 000000000113fd30 12 00 00 00 4c 02 00 00 - 68 01 00 00 14 02 00 00 ....L...h....... 000000000113fd40 88 02 00 00 7c 02 00 00 - 70 02 00 00 24 02 00 00 ....|...p...$... 000000000113fd50 34 02 00 00 2c 02 00 00 - 48 02 00 00 40 02 00 00 4...,...H...@... 000000000113fd60 9c 02 00 00 a8 02 00 00 - b4 02 00 00 bc 02 00 00 ................ 000000000113fd70 c8 02 00 00 d4 02 00 00 - e0 02 00 00 e8 02 00 00 ................ 000000000113fd80 04 03 00 00 10 03 00 00 - 1c 03 00 00 28 03 00 00 ............(... 000000000113fd90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fda0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fde0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fdf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fe00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000113fe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0x650 <----* eax=76929dd9 ebx=0123ff10 ecx=00000000 edx=00000000 esi=0123ff18 edi=7ffdf000 eip=7c8285ec esp=0123fec4 ebp=0123ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\userenv.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0123ff6c 77e62fbe 00000003 769cd34c 00000000 ntdll!KiFastSystemCallRet 0123ff88 76929e35 00000003 769cd34c 00000000 kernel32!WaitForMultipleObjects+0x18 0123ffb8 77e64829 00000000 00000000 00000000 userenv!ExpandEnvironmentStringsForUserW+0x6f2 0123ffec 00000000 76929dd9 00000000 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000123fec4 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 10 ff 23 01 .|.|, .w......#. 000000000123fed4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000123fee4 f8 d3 9c 76 6f 3e e6 77 - 24 00 00 00 01 00 00 00 ...vo>.w$....... 000000000123fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000123ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 18 02 00 00 ................ 000000000123ff14 54 02 00 00 98 02 00 00 - 59 9f 82 7c 20 1c e4 77 T.......Y..| ..w 000000000123ff24 00 00 14 00 00 00 00 00 - 30 1c e4 77 00 00 00 00 ........0..w.... 000000000123ff34 00 00 00 00 00 f0 fd 7f - 66 01 68 01 00 00 00 00 ........f.h..... 000000000123ff44 10 ff 23 01 00 00 00 00 - 00 00 00 00 03 00 00 00 ..#............. 000000000123ff54 e0 fe 23 01 00 00 00 00 - dc ff 23 01 60 1a e6 77 ..#.......#.`..w 000000000123ff64 f8 1f e6 77 00 00 00 00 - 88 ff 23 01 be 2f e6 77 ...w......#../.w 000000000123ff74 03 00 00 00 4c d3 9c 76 - 00 00 00 00 ff ff ff ff ....L..v........ 000000000123ff84 00 00 00 00 b8 ff 23 01 - 35 9e 92 76 03 00 00 00 ......#.5..v.... 000000000123ff94 4c d3 9c 76 00 00 00 00 - ff ff ff ff 00 00 00 00 L..v............ 000000000123ffa4 00 00 00 00 00 00 00 00 - 00 00 92 76 03 00 00 00 ...........v.... 000000000123ffb4 00 00 00 00 ec ff 23 01 - 29 48 e6 77 00 00 00 00 ......#.)H.w.... 000000000123ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000123ffd4 c4 ff 23 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..#.].......`..w 000000000123ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............ 000000000123fff4 d9 9d 92 76 00 00 00 00 - 00 00 00 00 08 00 00 00 ...v............ *----> State Dump for Thread Id 0xb10 <----* eax=77575eb2 ebx=00164d68 ecx=00000000 edx=00000000 esi=000001d0 edi=00000000 eip=7c8285ec esp=0103ff1c ebp=0103ff8c iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0103ff8c 77e61c8d 000001d0 00001046 00000000 ntdll!KiFastSystemCallRet 0103ffa0 77575eeb 000001d0 00001046 00000000 kernel32!WaitForSingleObject+0x12 0103ffb8 77e64829 00164d68 00000000 00000000 COMCTL32!Ordinal384+0x13ba0 0103ffec 00000000 77575eb2 00164d68 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000103ff1c 0b 7d 82 7c 1e 1d e6 77 - d0 01 00 00 00 00 00 00 .}.|...w........ 000000000103ff2c 60 ff 03 01 a0 0f 00 00 - 68 4d 16 00 68 4d 16 00 `.......hM..hM.. 000000000103ff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000103ff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000103ff5c 00 00 00 00 a0 51 84 fd - ff ff ff ff 00 f0 fd 7f .....Q.......... 000000000103ff6c 60 ff 03 01 68 4d 16 00 - 30 ff 03 01 ff ff ff ff `...hM..0....... 000000000103ff7c dc ff 03 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w.... 000000000103ff8c a0 ff 03 01 8d 1c e6 77 - d0 01 00 00 46 10 00 00 .......w....F... 000000000103ff9c 00 00 00 00 b8 ff 03 01 - eb 5e 57 77 d0 01 00 00 .........^Ww.... 000000000103ffac 46 10 00 00 00 00 00 00 - 00 00 00 00 ec ff 03 01 F............... 000000000103ffbc 29 48 e6 77 68 4d 16 00 - 00 00 00 00 00 00 00 00 )H.whM.......... 000000000103ffcc 68 4d 16 00 00 00 00 00 - c4 ff 03 01 5d 06 85 80 hM..........]... 000000000103ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000103ffec 00 00 00 00 00 00 00 00 - b2 5e 57 77 68 4d 16 00 .........^WwhM.. 000000000103fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000104000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000104001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000104002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000104003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000104004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Application exception occurred: App: C:\Program Files\NetLimiter\NetLimiter.exe (pid=3568) When: 28.02.2009 @ 17:48:41.718 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 448 lsass.exe 644 svchost.exe 716 svchost.exe 788 svchost.exe 804 svchost.exe 852 svchost.exe 908 ccSetMgr.exe 936 ccEvtMgr.exe 1044 SPBBCSvc.exe 1220 spoolsv.exe 1244 msdtc.exe 1360 DefWatch.exe 1408 svchost.exe 1456 jqs.exe 1516 svchost.exe 1584 Rtvscan.exe 1716 tssdis.exe 2012 svchost.exe 2064 alg.exe 2576 wmiprvse.exe 2828 logon.scr 3136 csrss.exe 3164 winlogon.exe 3356 rdpclip.exe 3436 Explorer.EXE 3512 ccApp.exe 3524 VPTray.exe 3568 NetLimiter.exe 3580 jusched.exe 3588 ctfmon.exe 3636 uTorrent.exe 3680 svchost.exe 3852 G6FTPSrv.exe 180 drwtsn32.exe *----> Module List <----* 0000000000400000 - 00000000004d2000: C:\Program Files\NetLimiter\NetLimiter.exe 0000000010000000 - 000000001000d000: C:\WINDOWS\system32\nl_msgs.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 0000000067510000 - 00000000676b5000: C:\Program Files\NetLimiter\SPORDER.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV 0000000074b40000 - 0000000074b63000: C:\WINDOWS\system32\oledlg.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\SHFOLDER.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076b80000 - 0000000076bae000: C:\WINDOWS\system32\credui.dll 0000000076cd0000 - 0000000076ce9000: C:\WINDOWS\system32\MPRAPI.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076dc0000 - 0000000076de8000: C:\WINDOWS\system32\adsldpc.dll 0000000076df0000 - 0000000076e24000: C:\WINDOWS\system32\ACTIVEDS.dll 0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll *----> State Dump for Thread Id 0xdf4 <----* eax=010e64e8 ebx=7c81a306 ecx=010e8560 edx=00d098b8 esi=0111fb30 edi=010e8560 eip=00000000 esp=0012fbd4 ebp=00d098d0 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> No prior disassembly possible : 00000000 ?? ??? 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? FAULT ->: *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\NetLimiter.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\NetLimiter\NetLimiter.exe 00000000 ?? ??? Error 0x00000001 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? 00000010 ?? ??? 00000012 ?? ??? 00000014 ?? ??? *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - ChildEBP RetAddr Args to Child 0012fbd0 0041d76c 0012fbe8 0111fb30 00d09800 0x0 WARNING: Stack unwind information not available. Following frames may be wrong. 00d098d0 ffffffff 00000000 00000000 000001dc NetLimiter+0x1d76c 0017bd50 00d098d0 0017bf80 0017bb38 00000000 0xffffffff 00000000 00000000 00000000 00000000 00000000 0xd098d0 *----> Raw Stack Dump <----* 000000000012fbd4 6c d7 41 00 e8 fb 12 00 - 30 fb 11 01 00 98 d0 00 l.A.....0....... 000000000012fbe4 55 f3 41 00 00 00 11 01 - 00 98 d0 00 30 fb 11 01 U.A.........0... 000000000012fbf4 60 a3 81 7c 1a f8 41 00 - 30 fb 11 01 00 98 d0 00 `..|..A.0....... 000000000012fc04 00 00 00 00 a0 fc 12 00 - 40 f8 41 00 45 f8 41 00 [email protected]. 000000000012fc14 19 62 45 00 00 00 00 00 - 00 00 00 00 00 98 d0 00 .bE............. 000000000012fc24 00 98 d0 00 e8 79 17 00 - 8c fc 12 00 2f 4b 45 00 .....y....../KE. 000000000012fc34 08 00 00 00 00 00 00 00 - 07 00 00 00 24 fd 12 00 ............$... 000000000012fc44 82 00 01 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fc54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fc64 00 00 00 00 88 fc 12 00 - eb 5a 47 00 ff ff ff ff .........ZG..... 000000000012fc74 94 fc 12 00 e8 79 17 00 - 40 fc 12 00 8b 4b 45 00 [email protected]. 000000000012fc84 c8 2e 4b 00 e4 2e 4b 00 - dc f2 47 00 00 00 00 00 ..K...K...G..... 000000000012fc94 14 fd 12 00 e7 4d 47 00 - ff ff ff ff c0 fc 12 00 .....MG......... 000000000012fca4 85 2b 45 00 64 04 00 00 - 00 00 00 00 78 ff 47 00 .+E.d.......x.G. 000000000012fcb4 bc fc 12 00 64 04 00 00 - 00 00 00 00 20 fd 12 00 ....d....... ... 000000000012fcc4 2f 4b 45 00 64 04 00 00 - 00 00 00 00 00 00 00 00 /KE.d........... 000000000012fcd4 b8 fd 12 00 90 00 01 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fcf4 00 00 00 00 00 00 00 00 - 1c fd 12 00 eb 5a 47 00 .............ZG. 000000000012fd04 ff ff ff ff 28 fd 12 00 - e8 79 17 00 d4 fc 12 00 ....(....y...... *----> State Dump for Thread Id 0xe24 <----* eax=0043f1f5 ebx=00d073b8 ecx=00000000 edx=00000000 esi=000000f8 edi=00000000 eip=7c8285ec esp=00fcfed8 ebp=00fcff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00fcff48 77e61c8d 000000f8 ffffffff 00000000 ntdll!KiFastSystemCallRet 00fcff5c 0042ad03 000000f8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 77e61c7b ff006aec 75ff0c75 0009e808 c25d0000 NetLimiter+0x2ad03 8b55ff8b 00000000 00000000 00000000 00000000 0xff006aec *----> Raw Stack Dump <----* 0000000000fcfed8 0b 7d 82 7c 1e 1d e6 77 - f8 00 00 00 00 00 00 00 .}.|...w........ 0000000000fcfee8 00 00 00 00 00 00 00 00 - 30 42 d0 00 b8 73 d0 00 ........0B...s.. 0000000000fcfef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000000fcff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000fcff18 00 00 00 00 30 66 b1 88 - 01 00 00 00 00 e0 fd 7f ....0f.......... 0000000000fcff28 00 00 00 00 7c fa 72 f7 - ec fe fc 00 00 b0 fd 7f ....|.r......... 0000000000fcff38 7c ff fc 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 |...`..wH..w.... 0000000000fcff48 5c ff fc 00 8d 1c e6 77 - f8 00 00 00 ff ff ff ff \......w........ 0000000000fcff58 00 00 00 00 7b 1c e6 77 - 03 ad 42 00 f8 00 00 00 ....{..w..B..... 0000000000fcff68 ff ff ff ff 00 00 00 00 - b8 73 d0 00 b8 ff fc 00 .........s...... 0000000000fcff78 b8 73 d0 00 a8 ff fc 00 - 38 48 47 00 ff ff ff ff .s......8HG..... 0000000000fcff88 64 f2 43 00 30 42 d0 00 - 00 00 00 00 00 00 00 00 d.C.0B.......... 0000000000fcff98 b8 73 d0 00 01 00 00 00 - 90 ff fc 00 5e 00 85 80 .s..........^... 0000000000fcffa8 dc ff fc 00 18 e6 43 00 - 28 89 48 00 00 00 00 00 ......C.(.H..... 0000000000fcffb8 ec ff fc 00 29 48 e6 77 - b8 73 d0 00 00 00 00 00 ....)H.w.s...... 0000000000fcffc8 00 00 00 00 b8 73 d0 00 - 00 00 00 00 c4 ff fc 00 .....s.......... 0000000000fcffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000000fcffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f5 f1 43 00 ..............C. 0000000000fcfff8 b8 73 d0 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .s.............. 0000000000fd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xe28 <----* eax=01c999c4 ebx=0000000e ecx=01102fc8 edx=00000022 esi=00000108 edi=00000000 eip=7c8285ec esp=012dfec0 ebp=012dff30 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 012dff30 77e61c8d 00000108 000003e8 00000000 ntdll!KiFastSystemCallRet 012dff44 0040786c 00000108 000003e8 00000000 kernel32!WaitForSingleObject+0x12 012dff84 0043f264 004abd50 00000000 00000000 NetLimiter+0x786c 012dffb8 77e64829 00d0fd80 00000000 00000000 NetLimiter+0x3f264 012dffec 00000000 0043f1f5 00d0fd80 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000012dfec0 0b 7d 82 7c 1e 1d e6 77 - 08 01 00 00 00 00 00 00 .}.|...w........ 00000000012dfed0 04 ff 2d 01 27 00 00 00 - 50 bd 4a 00 0e 00 00 00 ..-.'...P.J..... 00000000012dfee0 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000012dfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000012dff00 00 00 00 00 80 69 67 ff - ff ff ff ff 00 e0 fd 7f .....ig......... 00000000012dff10 04 ff 2d 01 30 04 00 00 - d4 fe 2d 01 34 0e 00 00 ..-.0.....-.4... 00000000012dff20 74 ff 2d 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 t.-.`..wH..w.... 00000000012dff30 44 ff 2d 01 8d 1c e6 77 - 08 01 00 00 e8 03 00 00 D.-....w........ 00000000012dff40 00 00 00 00 84 ff 2d 01 - 6c 78 40 00 08 01 00 00 ......-.lx@..... 00000000012dff50 e8 03 00 00 00 00 00 00 - 80 fd d0 00 80 fd d0 00 ................ 00000000012dff60 50 bd 4a 00 0e 00 00 00 - 27 00 00 00 00 00 00 00 P.J.....'....... 00000000012dff70 a8 ff 2d 01 a8 ff 2d 01 - 18 e6 43 00 58 a3 47 00 ..-...-...C.X.G. 00000000012dff80 ff ff ff ff b8 ff 2d 01 - 64 f2 43 00 50 bd 4a 00 ......-.d.C.P.J. 00000000012dff90 00 00 00 00 00 00 00 00 - 80 fd d0 00 01 00 00 00 ................ 00000000012dffa0 90 ff 2d 01 5e 00 85 80 - dc ff 2d 01 18 e6 43 00 ..-.^.....-...C. 00000000012dffb0 28 89 48 00 00 00 00 00 - ec ff 2d 01 29 48 e6 77 (.H.......-.)H.w 00000000012dffc0 80 fd d0 00 00 00 00 00 - 00 00 00 00 80 fd d0 00 ................ 00000000012dffd0 00 00 00 00 c4 ff 2d 01 - 5d 06 85 80 ff ff ff ff ......-.]....... 00000000012dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000012dfff0 00 00 00 00 f5 f1 43 00 - 80 fd d0 00 00 00 00 00 ......C......... *----> State Dump for Thread Id 0xe2c <----* eax=0043f1f5 ebx=77e424de ecx=00000000 edx=00000000 esi=004abc34 edi=00000000 eip=7c8285ec esp=013dff20 ebp=013dff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 013dff4c 0043028e 0000018c 013dff84 013dff78 ntdll!KiFastSystemCallRet 77e5bedd 10ec83ec 0c758b56 7589f685 8337740c NetLimiter+0x3028e 8b55ff8b 00000000 00000000 00000000 00000000 0x10ec83ec *----> Raw Stack Dump <----* 00000000013dff20 db 77 82 7c a2 be e5 77 - 8c 01 00 00 78 ff 3d 01 .w.|...w....x.=. 00000000013dff30 64 ff 3d 01 44 ff 3d 01 - 00 00 00 00 00 00 00 00 d.=.D.=......... 00000000013dff40 b0 23 b6 88 30 25 a8 80 - 12 55 e6 77 dd be e5 77 .#..0%...U.w...w 00000000013dff50 8e 02 43 00 8c 01 00 00 - 84 ff 3d 01 78 ff 3d 01 ..C.......=.x.=. 00000000013dff60 80 ff 3d 01 ff ff ff ff - 00 00 00 00 58 ff d0 00 ..=.........X... 00000000013dff70 b8 ff 3d 01 58 ff d0 00 - 18 55 e6 77 ff ff ff ff ..=.X....U.w.... 00000000013dff80 12 55 e6 77 23 f2 43 00 - 64 f2 43 00 34 bc 4a 00 .U.w#.C.d.C.4.J. 00000000013dff90 00 00 00 00 00 00 00 00 - 58 ff d0 00 01 00 00 00 ........X....... 00000000013dffa0 90 ff 3d 01 5e 00 85 80 - dc ff 3d 01 18 e6 43 00 ..=.^.....=...C. 00000000013dffb0 28 89 48 00 00 00 00 00 - ec ff 3d 01 29 48 e6 77 (.H.......=.)H.w 00000000013dffc0 58 ff d0 00 00 00 00 00 - 00 00 00 00 58 ff d0 00 X...........X... 00000000013dffd0 00 00 00 00 c4 ff 3d 01 - 5d 06 85 80 ff ff ff ff ......=.]....... 00000000013dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000013dfff0 00 00 00 00 f5 f1 43 00 - 58 ff d0 00 00 00 00 00 ......C.X....... 00000000013e0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf2c <----* eax=00000000 ebx=003f2238 ecx=00168ff0 edx=00168f48 esi=000000c4 edi=00000000 eip=7c8285ec esp=0154fec8 ebp=0154ff38 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgs.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgs.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0154ff38 77e61c8d 000000c4 ffffffff 00000000 ntdll!KiFastSystemCallRet 0154ff4c 77cb07d6 000000c4 ffffffff 00168f48 kernel32!WaitForSingleObject+0x12 0154ff60 77ca6ce9 ffffffff 003f2210 003f2238 RPCRT4!RpcMgmtSetAuthorizationFn+0x27a5 0154ff78 1000124c 00000000 003f2ff0 10001b1e RPCRT4!I_RpcServerCheckClientRestriction+0x3a4 0154ffb8 77e64829 003f2238 00000000 00000000 nl_msgs!CreateNLMsgServer+0x15c 0154ffec 00000000 10001aaf 003f2238 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000154fec8 0b 7d 82 7c 1e 1d e6 77 - c4 00 00 00 00 00 00 00 .}.|...w........ 000000000154fed8 00 00 00 00 00 00 00 00 - f0 8f 16 00 38 22 3f 00 ............8"?. 000000000154fee8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000154fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff08 00 00 00 00 24 ff 54 01 - b3 41 c7 77 00 e0 fd 7f ....$.T..A.w.... 000000000154ff18 00 00 00 00 48 8f 16 00 - dc fe 54 01 78 6d 18 00 ....H.....T.xm.. 000000000154ff28 a8 ff 54 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..T.`..wH..w.... 000000000154ff38 4c ff 54 01 8d 1c e6 77 - c4 00 00 00 ff ff ff ff L.T....w........ 000000000154ff48 00 00 00 00 60 ff 54 01 - d6 07 cb 77 c4 00 00 00 ....`.T....w.... 000000000154ff58 ff ff ff ff 48 8f 16 00 - 78 ff 54 01 e9 6c ca 77 ....H...x.T..l.w 000000000154ff68 ff ff ff ff 10 22 3f 00 - 38 22 3f 00 48 8f 16 00 ....."?.8"?.H... 000000000154ff78 b8 ff 54 01 4c 12 00 10 - 00 00 00 00 f0 2f 3f 00 ..T.L......../?. 000000000154ff88 1e 1b 00 10 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff98 38 22 3f 00 01 00 00 00 - 90 ff 54 01 5e 00 85 80 8"?.......T.^... 000000000154ffa8 dc ff 54 01 6c 20 00 10 - e0 83 00 10 00 00 00 00 ..T.l .......... 000000000154ffb8 ec ff 54 01 29 48 e6 77 - 38 22 3f 00 00 00 00 00 ..T.)H.w8"?..... 000000000154ffc8 00 00 00 00 38 22 3f 00 - 00 00 00 00 c4 ff 54 01 ....8"?.......T. 000000000154ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000154ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 af 1a 00 10 ................ 000000000154fff8 38 22 3f 00 00 00 00 00 - da da 01 00 00 00 08 00 8"?............. *----> State Dump for Thread Id 0xf30 <----* eax=00000000 ebx=0018edb0 ecx=00d0d090 edx=02ce0029 esi=001958d0 edi=00000000 eip=7c8285ec esp=0165fe1c ebp=0165ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0165ff84 77c88792 0165ffac 77c8872d 001958d0 ntdll!KiFastSystemCallRet 0165ff8c 77c8872d 001958d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0165ffac 77c7b110 00168f48 0165ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0165ffb8 77e64829 0018b0f8 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0165ffec 00000000 77c7b0f5 0018b0f8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000165fe1c 3b 78 82 7c ac 85 c8 77 - a4 01 00 00 74 ff 65 01 ;x.|...w....t.e. 000000000165fe2c 38 fe 65 01 b0 ed 18 00 - 54 ff 65 01 58 00 70 00 8.e.....T.e.X.p. 000000000165fe3c 00 00 00 00 34 0e 00 00 - d0 0e 00 00 dd 92 00 00 ....4........... 000000000165fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000165fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fe6c 00 00 00 00 34 00 00 00 - 34 0e 00 00 d0 0e 00 00 ....4...4....... 000000000165fe7c f4 06 00 00 00 00 00 00 - 49 26 b2 71 90 ec 64 01 ........I&.q..d. 000000000165fe8c c8 51 07 01 ac 26 5e 69 - c4 99 c9 01 68 0b 00 00 .Q...&^i....h... 000000000165fe9c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000165fedc 28 7e eb 88 f4 43 a8 80 - 00 00 00 00 00 00 00 00 (~...C.......... 000000000165feec f4 43 a8 80 00 00 00 00 - 00 00 00 00 f0 db 1c b6 .C.............. 000000000165fefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c dc 1c b6 VD.............. 000000000165ff0c c7 d5 83 80 b0 7d eb 88 - 58 7e eb 88 00 00 00 00 .....}..X~...... 000000000165ff1c b0 7d eb 88 00 00 00 00 - 00 00 00 00 58 7e eb 88 .}..........X~.. 000000000165ff2c 7c fa 72 f7 84 ff 65 01 - a6 84 c8 77 4c ff 65 01 |.r...e....wL.e. 000000000165ff3c b6 84 c8 77 ab a3 81 7c - e0 b8 18 00 f8 b0 18 00 ...w...|........ 000000000165ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xf38 <----* eax=00000000 ebx=0018a718 ecx=00d0d090 edx=02900029 esi=001958d0 edi=00000000 eip=7c8285ec esp=0185fe1c ebp=0185ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0185ff84 77c88792 0185ffac 77c8872d 001958d0 ntdll!KiFastSystemCallRet 0185ff8c 77c8872d 001958d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0185ffac 77c7b110 00168f48 0185ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0185ffb8 77e64829 0018ea00 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0185ffec 00000000 77c7b0f5 0018ea00 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000185fe1c 3b 78 82 7c ac 85 c8 77 - a4 01 00 00 74 ff 85 01 ;x.|...w....t... 000000000185fe2c 38 fe 85 01 18 a7 18 00 - 54 ff 85 01 58 00 70 00 8.......T...X.p. 000000000185fe3c 00 00 00 00 34 0e 00 00 - d0 0e 00 00 dc 92 00 00 ....4........... 000000000185fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000185fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fe6c 00 00 00 00 34 00 00 00 - 34 0e 00 00 d0 0e 00 00 ....4...4....... 000000000185fe7c f4 06 00 00 00 00 00 00 - 49 26 b2 71 9c ec 64 01 ........I&.q..d. 000000000185fe8c c8 51 07 01 44 9d 54 69 - c4 99 c9 01 d0 16 00 00 .Q..D.Ti........ 000000000185fe9c 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185feac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000185fecc 00 00 00 00 20 f1 df ff - 00 00 00 00 00 f1 df ff .... ........... 000000000185fedc 00 00 00 00 00 00 00 00 - 00 f1 df ff 00 00 00 00 ................ 000000000185feec e4 1b 50 b6 56 44 a8 80 - 20 f1 df ff 00 00 00 00 ..P.VD.. ....... 000000000185fefc 00 1c 50 b6 0c d6 83 80 - 01 00 00 00 7c fa df ff ..P.........|... 000000000185ff0c 00 00 00 00 00 00 00 00 - 00 00 00 00 18 1c 50 b6 ..............P. 000000000185ff1c 5c e5 83 80 00 00 00 00 - 50 69 01 89 f8 69 01 89 \.......Pi...i.. 000000000185ff2c 80 93 8b 80 84 ff 85 01 - a6 84 c8 77 4c ff 85 01 ...........wL... 000000000185ff3c b6 84 c8 77 ab a3 81 7c - e8 0c 19 00 00 ea 18 00 ...w...|........ 000000000185ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xfa0 <----* eax=00000000 ebx=00199958 ecx=000005b4 edx=00000000 esi=001958d0 edi=00000000 eip=7c8285ec esp=019efe1c ebp=019eff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 019eff84 77c88792 019effac 77c8872d 001958d0 ntdll!KiFastSystemCallRet 019eff8c 77c8872d 001958d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 019effac 77c7b110 00168f48 019effec 77e64829 RPCRT4!I_RpcFree+0xb6b 019effb8 77e64829 001998b0 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 019effec 00000000 77c7b0f5 001998b0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000019efe1c 3b 78 82 7c ac 85 c8 77 - a4 01 00 00 74 ff 9e 01 ;x.|...w....t... 00000000019efe2c 38 fe 9e 01 58 99 19 00 - 54 ff 9e 01 58 00 70 00 8...X...T...X.p. 00000000019efe3c 00 00 00 00 34 0e 00 00 - d0 0e 00 00 d6 92 00 00 ....4........... 00000000019efe4c 00 00 00 00 02 ab 0e b8 - 01 00 84 80 64 ab 0e b8 ............d... 00000000019efe5c de df 84 80 00 00 00 00 - b0 2d 00 89 18 0e 00 e1 .........-...... 00000000019efe6c 00 00 00 00 34 00 00 00 - 34 0e 00 00 d0 0e 00 00 ....4...4....... 00000000019efe7c f4 06 00 00 00 00 00 00 - 49 26 b2 71 90 ec 64 01 ........I&.q..d. 00000000019efe8c c8 51 07 01 1a 28 3f 69 - c4 99 c9 01 b4 05 00 00 .Q...(?i........ 00000000019efe9c 01 00 00 00 00 00 00 00 - 00 00 00 00 0c b0 63 89 ..............c. 00000000019efeac 00 00 00 00 a8 ab 0e b8 - b0 2d 00 89 0c b0 63 89 .........-....c. 00000000019efebc b0 2d 00 89 e8 d4 0e b7 - 00 00 00 00 00 00 00 00 .-.............. 00000000019efecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 00000000019efedc e0 ab 0e b8 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .....C.......... 00000000019efeec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 ab 0e b8 .C.............. 00000000019efefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c ac 0e b8 VD.............. 00000000019eff0c c7 d5 83 80 a0 1c eb 88 - 48 1d eb 88 01 00 00 00 ........H....... 00000000019eff1c a0 1c eb 88 01 00 00 00 - ff ff ff ff 01 00 00 00 ................ 00000000019eff2c 7c fa 72 f7 84 ff 9e 01 - a6 84 c8 77 4c ff 9e 01 |.r........wL... 00000000019eff3c b6 84 c8 77 ab a3 81 7c - 58 12 19 00 b0 98 19 00 ...w...|X....... 00000000019eff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... Application exception occurred: App: C:\Program Files\NetLimiter\NetLimiter.exe (pid=3668) When: 06.03.2009 @ 15:37:21.440 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 448 lsass.exe 644 svchost.exe 716 svchost.exe 788 svchost.exe 804 svchost.exe 852 svchost.exe 908 ccSetMgr.exe 936 ccEvtMgr.exe 1044 SPBBCSvc.exe 1220 spoolsv.exe 1244 msdtc.exe 1360 DefWatch.exe 1408 svchost.exe 1456 jqs.exe 1516 svchost.exe 1584 Rtvscan.exe 1716 tssdis.exe 2012 svchost.exe 2064 alg.exe 2576 wmiprvse.exe 2828 logon.scr 3136 csrss.exe 3164 winlogon.exe 3356 rdpclip.exe 3436 Explorer.EXE 3512 ccApp.exe 3524 VPTray.exe 3580 jusched.exe 3588 ctfmon.exe 3680 svchost.exe 3852 G6FTPSrv.exe 3668 NetLimiter.exe 3896 uTorrent.exe 3796 drwtsn32.exe *----> Module List <----* 0000000000400000 - 00000000004d2000: C:\Program Files\NetLimiter\NetLimiter.exe 0000000010000000 - 000000001000d000: C:\WINDOWS\system32\nl_msgs.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 0000000067510000 - 00000000676b5000: C:\Program Files\NetLimiter\SPORDER.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV 0000000074b40000 - 0000000074b63000: C:\WINDOWS\system32\oledlg.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll 00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 00000000766d0000 - 00000000766d9000: C:\WINDOWS\system32\SHFOLDER.dll 0000000076a80000 - 0000000076a98000: C:\WINDOWS\system32\ATL.DLL 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076b80000 - 0000000076bae000: C:\WINDOWS\system32\credui.dll 0000000076cd0000 - 0000000076ce9000: C:\WINDOWS\system32\MPRAPI.dll 0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll 0000000076dc0000 - 0000000076de8000: C:\WINDOWS\system32\adsldpc.dll 0000000076df0000 - 0000000076e24000: C:\WINDOWS\system32\ACTIVEDS.dll 0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 0000000077210000 - 00000000772bb000: C:\WINDOWS\system32\WININET.dll 00000000772c0000 - 000000007736f000: C:\WINDOWS\system32\urlmon.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\SHELL32.dll 000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll *----> State Dump for Thread Id 0xe6c <----* eax=01cc9008 ebx=7c81a306 ecx=021e0760 edx=00d098c0 esi=021d71e8 edi=021e0760 eip=00000000 esp=0012fbd4 ebp=00d098d8 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 function: <nosymbols> No prior disassembly possible : 00000000 ?? ??? 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? FAULT ->: *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\NetLimiter.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\NetLimiter\NetLimiter.exe 00000000 ?? ??? Error 0x00000001 00000002 ?? ??? 00000004 ?? ??? 00000006 ?? ??? 00000008 ?? ??? 0000000a ?? ??? 0000000c ?? ??? 0000000e ?? ??? 00000010 ?? ??? 00000012 ?? ??? 00000014 ?? ??? *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - ChildEBP RetAddr Args to Child 0012fbd0 0041d76c 0012fbe8 021d71e8 00d09808 0x0 WARNING: Stack unwind information not available. Following frames may be wrong. 00d098d8 ffffffff 00000000 00000000 00000240 NetLimiter+0x1d76c 0017bd90 00d098d8 0017bfc0 0017bb78 00000000 0xffffffff 00000000 00000000 00000000 00000000 00000000 0xd098d8 *----> Raw Stack Dump <----* 000000000012fbd4 6c d7 41 00 e8 fb 12 00 - e8 71 1d 02 08 98 d0 00 l.A......q...... 000000000012fbe4 55 f3 41 00 00 00 1d 02 - 08 98 d0 00 e8 71 1d 02 U.A..........q.. 000000000012fbf4 60 a3 81 7c 1a f8 41 00 - e8 71 1d 02 08 98 d0 00 `..|..A..q...... 000000000012fc04 00 00 00 00 a0 fc 12 00 - 40 f8 41 00 45 f8 41 00 [email protected]. 000000000012fc14 19 62 45 00 00 00 00 00 - 00 00 00 00 08 98 d0 00 .bE............. 000000000012fc24 08 98 d0 00 e0 77 17 00 - a0 fc 12 00 ef 59 45 00 .....w.......YE. 000000000012fc34 df 00 ff ff 9e 00 02 00 - 1a 00 00 00 00 00 00 00 ................ 000000000012fc44 1c fe 12 00 18 fd 12 00 - d4 58 45 00 00 00 00 00 .........XE..... 000000000012fc54 00 00 00 00 00 00 00 00 - 7c fc 12 00 eb 5a 47 00 ........|....ZG. 000000000012fc64 ff ff ff ff 88 fc 12 00 - e0 77 17 00 34 fc 12 00 .........w..4... 000000000012fc74 d4 58 45 00 00 00 00 00 - 18 fd 12 00 a0 fc 12 00 .XE............. 000000000012fc84 c8 2e 4b 00 e4 2e 4b 00 - dc f2 47 00 00 00 00 00 ..K...K...G..... 000000000012fc94 14 fd 12 00 e7 4d 47 00 - ff ff ff ff c0 fc 12 00 .....MG......... 000000000012fca4 85 2b 45 00 64 04 00 00 - 00 00 00 00 78 ff 47 00 .+E.d.......x.G. 000000000012fcb4 bc fc 12 00 64 04 00 00 - 00 00 00 00 20 fd 12 00 ....d....... ... 000000000012fcc4 2f 4b 45 00 64 04 00 00 - 00 00 00 00 00 00 00 00 /KE.d........... 000000000012fcd4 b8 fd 12 00 d2 00 16 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fce4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000012fcf4 00 00 00 00 00 00 00 00 - 1c fd 12 00 eb 5a 47 00 .............ZG. 000000000012fd04 ff ff ff ff 28 fd 12 00 - e0 77 17 00 d4 fc 12 00 ....(....w...... *----> State Dump for Thread Id 0xca8 <----* eax=00000005 ebx=7c81a360 ecx=00d042d4 edx=00d074e8 esi=000000f8 edi=00000000 eip=7c8285ec esp=00fcfed8 ebp=00fcff48 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00fcff48 77e61c8d 000000f8 ffffffff 00000000 ntdll!KiFastSystemCallRet 00fcff5c 0042ad6d 000000f8 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 77e61c7b ff006aec 75ff0c75 0009e808 c25d0000 NetLimiter+0x2ad6d 8b55ff8b 00000000 00000000 00000000 00000000 0xff006aec *----> Raw Stack Dump <----* 0000000000fcfed8 0b 7d 82 7c 1e 1d e6 77 - f8 00 00 00 00 00 00 00 .}.|...w........ 0000000000fcfee8 00 00 00 00 90 4a d0 00 - 38 42 d0 00 60 a3 81 7c .....J..8B..`..| 0000000000fcfef8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 0000000000fcff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000fcff18 00 00 00 00 66 bc 45 00 - 68 d8 d0 00 00 d0 fd 7f ....f.E.h....... 0000000000fcff28 00 00 00 00 2f 4e 47 00 - ec fe fc 00 7b 1c e6 77 ..../NG.....{..w 0000000000fcff38 7c ff fc 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 |...`..wH..w.... 0000000000fcff48 5c ff fc 00 8d 1c e6 77 - f8 00 00 00 ff ff ff ff \......w........ 0000000000fcff58 00 00 00 00 7b 1c e6 77 - 6d ad 42 00 f8 00 00 00 ....{..wm.B..... 0000000000fcff68 ff ff ff ff 00 00 00 00 - c0 73 d0 00 b8 ff fc 00 .........s...... 0000000000fcff78 c0 73 d0 00 a8 ff fc 00 - 38 48 47 00 ff ff ff ff .s......8HG..... 0000000000fcff88 64 f2 43 00 38 42 d0 00 - 00 00 00 00 00 00 00 00 d.C.8B.......... 0000000000fcff98 c0 73 d0 00 01 00 00 00 - 90 ff fc 00 5e 00 85 80 .s..........^... 0000000000fcffa8 dc ff fc 00 18 e6 43 00 - 28 89 48 00 00 00 00 00 ......C.(.H..... 0000000000fcffb8 ec ff fc 00 29 48 e6 77 - c0 73 d0 00 00 00 00 00 ....)H.w.s...... 0000000000fcffc8 00 00 00 00 c0 73 d0 00 - 00 00 00 00 c4 ff fc 00 .....s.......... 0000000000fcffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 0000000000fcffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 f5 f1 43 00 ..............C. 0000000000fcfff8 c0 73 d0 00 00 00 00 00 - 00 00 00 00 00 00 00 00 .s.............. 0000000000fd0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xcc4 <----* eax=00000001 ebx=00000009 ecx=010b8c48 edx=00000000 esi=00000120 edi=00000000 eip=7c8285ec esp=012dfec0 ebp=012dff30 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 012dff30 77e61c8d 00000120 000003e8 00000000 ntdll!KiFastSystemCallRet 012dff44 0040786c 00000120 000003e8 00000000 kernel32!WaitForSingleObject+0x12 012dff84 0043f264 004abd50 00000000 00000000 NetLimiter+0x786c 012dffb8 77e64829 0104cb80 00000000 00000000 NetLimiter+0x3f264 012dffec 00000000 0043f1f5 0104cb80 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000012dfec0 0b 7d 82 7c 1e 1d e6 77 - 20 01 00 00 00 00 00 00 .}.|...w ....... 00000000012dfed0 04 ff 2d 01 27 00 00 00 - 50 bd 4a 00 09 00 00 00 ..-.'...P.J..... 00000000012dfee0 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000012dfef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000012dff00 00 00 00 00 80 69 67 ff - ff ff ff ff 00 d0 fd 7f .....ig......... 00000000012dff10 04 ff 2d 01 34 04 00 00 - d4 fe 2d 01 38 0f 00 00 ..-.4.....-.8... 00000000012dff20 74 ff 2d 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 t.-.`..wH..w.... 00000000012dff30 44 ff 2d 01 8d 1c e6 77 - 20 01 00 00 e8 03 00 00 D.-....w ....... 00000000012dff40 00 00 00 00 84 ff 2d 01 - 6c 78 40 00 20 01 00 00 ......-.lx@. ... 00000000012dff50 e8 03 00 00 00 00 00 00 - 80 cb 04 01 80 cb 04 01 ................ 00000000012dff60 50 bd 4a 00 09 00 00 00 - 27 00 00 00 20 f1 72 f7 P.J.....'... .r. 00000000012dff70 a8 ff 2d 01 a8 ff 2d 01 - 18 e6 43 00 58 a3 47 00 ..-...-...C.X.G. 00000000012dff80 ff ff ff ff b8 ff 2d 01 - 64 f2 43 00 50 bd 4a 00 ......-.d.C.P.J. 00000000012dff90 00 00 00 00 00 00 00 00 - 80 cb 04 01 01 00 00 00 ................ 00000000012dffa0 90 ff 2d 01 5e 00 85 80 - dc ff 2d 01 18 e6 43 00 ..-.^.....-...C. 00000000012dffb0 28 89 48 00 00 00 00 00 - ec ff 2d 01 29 48 e6 77 (.H.......-.)H.w 00000000012dffc0 80 cb 04 01 00 00 00 00 - 00 00 00 00 80 cb 04 01 ................ 00000000012dffd0 00 00 00 00 c4 ff 2d 01 - 5d 06 85 80 ff ff ff ff ......-.]....... 00000000012dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000012dfff0 00 00 00 00 f5 f1 43 00 - 80 cb 04 01 00 00 00 00 ......C......... *----> State Dump for Thread Id 0x238 <----* eax=004abc48 ebx=77e424de ecx=013dff7c edx=00000007 esi=004abc34 edi=004abc70 eip=7c8285ec esp=013dff20 ebp=013dff4c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 013dff4c 0043028e 000001a4 013dff84 013dff78 ntdll!KiFastSystemCallRet 77e5bedd 10ec83ec 0c758b56 7589f685 8337740c NetLimiter+0x3028e 8b55ff8b 00000000 00000000 00000000 00000000 0x10ec83ec *----> Raw Stack Dump <----* 00000000013dff20 db 77 82 7c a2 be e5 77 - a4 01 00 00 78 ff 3d 01 .w.|...w....x.=. 00000000013dff30 64 ff 3d 01 44 ff 3d 01 - 00 00 00 00 34 bc 4a 00 d.=.D.=.....4.J. 00000000013dff40 de 24 e4 77 58 ff 3d 01 - d0 d9 cf 76 dd be e5 77 .$.wX.=....v...w 00000000013dff50 8e 02 43 00 a4 01 00 00 - 84 ff 3d 01 78 ff 3d 01 ..C.......=.x.=. 00000000013dff60 80 ff 3d 01 ff ff ff ff - 00 00 00 00 30 ce 04 01 ..=.........0... 00000000013dff70 b8 ff 3d 01 30 ce 04 01 - d3 04 00 00 3c 01 00 00 ..=.0.......<... 00000000013dff80 48 bc 4a 00 00 00 00 00 - 64 f2 43 00 34 bc 4a 00 H.J.....d.C.4.J. 00000000013dff90 00 00 00 00 00 00 00 00 - 30 ce 04 01 01 00 00 00 ........0....... 00000000013dffa0 90 ff 3d 01 5e 00 85 80 - dc ff 3d 01 18 e6 43 00 ..=.^.....=...C. 00000000013dffb0 28 89 48 00 00 00 00 00 - ec ff 3d 01 29 48 e6 77 (.H.......=.)H.w 00000000013dffc0 30 ce 04 01 00 00 00 00 - 00 00 00 00 30 ce 04 01 0...........0... 00000000013dffd0 00 00 00 00 c4 ff 3d 01 - 5d 06 85 80 ff ff ff ff ......=.]....... 00000000013dffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 00000000013dfff0 00 00 00 00 f5 f1 43 00 - 30 ce 04 01 00 00 00 00 ......C.0....... 00000000013e0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000013e0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xc78 <----* eax=00000000 ebx=003f2238 ecx=00169038 edx=00168f90 esi=000000c4 edi=00000000 eip=7c8285ec esp=0154fec8 ebp=0154ff38 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgs.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgs.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0154ff38 77e61c8d 000000c4 ffffffff 00000000 ntdll!KiFastSystemCallRet 0154ff4c 77cb07d6 000000c4 ffffffff 00168f90 kernel32!WaitForSingleObject+0x12 0154ff60 77ca6ce9 ffffffff 003f2210 003f2238 RPCRT4!RpcMgmtSetAuthorizationFn+0x27a5 0154ff78 1000124c 00000000 003f2ff8 10001b1e RPCRT4!I_RpcServerCheckClientRestriction+0x3a4 0154ffb8 77e64829 003f2238 00000000 00000000 nl_msgs!CreateNLMsgServer+0x15c 0154ffec 00000000 10001aaf 003f2238 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000154fec8 0b 7d 82 7c 1e 1d e6 77 - c4 00 00 00 00 00 00 00 .}.|...w........ 000000000154fed8 00 00 00 00 00 00 00 00 - 38 90 16 00 38 22 3f 00 ........8...8"?. 000000000154fee8 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000154fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff08 00 00 00 00 24 ff 54 01 - b3 41 c7 77 00 d0 fd 7f ....$.T..A.w.... 000000000154ff18 00 00 00 00 90 8f 16 00 - dc fe 54 01 38 8d 18 00 ..........T.8... 000000000154ff28 a8 ff 54 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..T.`..wH..w.... 000000000154ff38 4c ff 54 01 8d 1c e6 77 - c4 00 00 00 ff ff ff ff L.T....w........ 000000000154ff48 00 00 00 00 60 ff 54 01 - d6 07 cb 77 c4 00 00 00 ....`.T....w.... 000000000154ff58 ff ff ff ff 90 8f 16 00 - 78 ff 54 01 e9 6c ca 77 ........x.T..l.w 000000000154ff68 ff ff ff ff 10 22 3f 00 - 38 22 3f 00 90 8f 16 00 ....."?.8"?..... 000000000154ff78 b8 ff 54 01 4c 12 00 10 - 00 00 00 00 f8 2f 3f 00 ..T.L......../?. 000000000154ff88 1e 1b 00 10 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000154ff98 38 22 3f 00 01 00 00 00 - 90 ff 54 01 5e 00 85 80 8"?.......T.^... 000000000154ffa8 dc ff 54 01 6c 20 00 10 - e0 83 00 10 00 00 00 00 ..T.l .......... 000000000154ffb8 ec ff 54 01 29 48 e6 77 - 38 22 3f 00 00 00 00 00 ..T.)H.w8"?..... 000000000154ffc8 00 00 00 00 38 22 3f 00 - 00 00 00 00 c4 ff 54 01 ....8"?.......T. 000000000154ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w 000000000154ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 af 1a 00 10 ................ 000000000154fff8 38 22 3f 00 00 00 00 00 - 00 00 00 00 00 00 01 00 8"?............. *----> State Dump for Thread Id 0xb38 <----* eax=00000000 ebx=00190bb0 ecx=00d0d868 edx=01a80015 esi=001976d0 edi=00000000 eip=7c8285ec esp=0175fe1c ebp=0175ff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0175ff84 77c88792 0175ffac 77c8872d 001976d0 ntdll!KiFastSystemCallRet 0175ff8c 77c8872d 001976d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 0175ffac 77c7b110 00168f90 0175ffec 77e64829 RPCRT4!I_RpcFree+0xb6b 0175ffb8 77e64829 0018d008 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 0175ffec 00000000 77c7b0f5 0018d008 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000175fe1c 3b 78 82 7c ac 85 c8 77 - c0 01 00 00 74 ff 75 01 ;x.|...w....t.u. 000000000175fe2c 38 fe 75 01 b0 0b 19 00 - 54 ff 75 01 58 00 70 00 8.u.....T.u.X.p. 000000000175fe3c 00 00 00 00 0c 0f 00 00 - 10 0f 00 00 02 c9 89 02 ................ 000000000175fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 000000000175fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000175fe6c 00 00 00 00 34 00 00 00 - 0c 0f 00 00 10 0f 00 00 ....4........... 000000000175fe7c 70 03 00 00 00 00 00 00 - 49 26 b2 71 84 f6 12 00 p.......I&.q.... 000000000175fe8c 40 34 55 01 46 38 d3 0e - 69 9e c9 01 11 00 00 00 @4U.F8..i....... 000000000175fe9c 01 00 00 00 00 00 00 00 - 00 00 00 00 88 fd 55 89 ..............U. 000000000175feac 00 00 00 00 00 00 00 00 - 03 00 00 00 84 fc e2 b8 ................ 000000000175febc 00 00 00 00 ea 97 83 80 - e4 fb e2 b8 88 fd 55 89 ..............U. 000000000175fecc 20 f1 df ff 20 f1 72 f7 - 00 00 00 00 00 f1 72 f7 ... .r.......r. 000000000175fedc 30 4b 76 89 00 00 00 00 - 00 f1 72 f7 00 00 00 00 0Kv.......r..... 000000000175feec e4 fb e2 b8 56 44 a8 80 - 20 f1 72 f7 00 00 00 00 ....VD.. .r..... 000000000175fefc 00 fc e2 b8 0c d6 83 80 - 01 00 00 00 7c fa 72 f7 ............|.r. 000000000175ff0c 00 00 00 00 00 00 00 00 - 00 fd 55 89 18 fc e2 b8 ..........U..... 000000000175ff1c 5c e5 83 80 00 00 00 00 - 28 4b 76 89 d0 4b 76 89 \.......(Kv..Kv. 000000000175ff2c 80 93 8b 80 84 ff 75 01 - a6 84 c8 77 4c ff 75 01 ......u....wL.u. 000000000175ff3c b6 84 c8 77 ab a3 81 7c - 70 23 18 00 08 d0 18 00 ...w...|p#...... 000000000175ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xff8 <----* eax=00000000 ebx=0019a888 ecx=00d0d7f0 edx=01a80015 esi=001976d0 edi=00000000 eip=7c8285ec esp=00cefe1c ebp=00ceff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 00ceff84 77c88792 00ceffac 77c8872d 001976d0 ntdll!KiFastSystemCallRet 00ceff8c 77c8872d 001976d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 00ceffac 77c7b110 00168f90 00ceffec 77e64829 RPCRT4!I_RpcFree+0xb6b 00ceffb8 77e64829 0019a7e0 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 00ceffec 00000000 77c7b0f5 0019a7e0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000000cefe1c 3b 78 82 7c ac 85 c8 77 - c0 01 00 00 74 ff ce 00 ;x.|...w....t... 0000000000cefe2c 38 fe ce 00 88 a8 19 00 - 54 ff ce 00 58 00 70 00 8.......T...X.p. 0000000000cefe3c 00 00 00 00 38 0f 00 00 - ac 09 00 00 01 c9 89 02 ....8........... 0000000000cefe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................ 0000000000cefe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000cefe6c 00 00 00 00 34 00 00 00 - 38 0f 00 00 ac 09 00 00 ....4...8....... 0000000000cefe7c 68 03 00 00 da 24 b2 71 - 44 ee 64 01 30 43 07 01 h....$.qD.d.0C.. 0000000000cefe8c d0 72 47 00 46 38 d3 0e - 69 9e c9 01 a8 00 00 00 .rG.F8..i....... 0000000000cefe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000cefeac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000cefebc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000000cefecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 0000000000cefedc e0 5b 1e b6 d9 43 a8 80 - 02 00 00 00 00 00 00 00 .[...C.......... 0000000000cefeec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 5b 1e b6 .C...........[.. 0000000000cefefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c 5c 1e b6 VD...........\.. 0000000000ceff0c c7 d5 83 80 d0 67 7e 89 - 78 68 7e 89 01 00 00 00 .....g~.xh~..... 0000000000ceff1c d0 67 7e 89 01 00 00 00 - ff ff ff ff 01 00 00 00 .g~............. 0000000000ceff2c 7c fa 72 f7 84 ff ce 00 - a6 84 c8 77 4c ff ce 00 |.r........wL... 0000000000ceff3c b6 84 c8 77 ab a3 81 7c - 30 8b 19 00 e0 a7 19 00 ...w...|0....... 0000000000ceff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... *----> State Dump for Thread Id 0xb34 <----* eax=00000259 ebx=001995f8 ecx=00000210 edx=0044c86d esi=001976d0 edi=00000000 eip=7c8285ec esp=018efe1c ebp=018eff84 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 018eff84 77c88792 018effac 77c8872d 001976d0 ntdll!KiFastSystemCallRet 018eff8c 77c8872d 001976d0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0 018effac 77c7b110 00168f90 018effec 77e64829 RPCRT4!I_RpcFree+0xb6b 018effb8 77e64829 0019ae00 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba 018effec 00000000 77c7b0f5 0019ae00 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000018efe1c 3b 78 82 7c ac 85 c8 77 - c0 01 00 00 74 ff 8e 01 ;x.|...w....t... 00000000018efe2c 38 fe 8e 01 f8 95 19 00 - 54 ff 8e 01 40 00 58 00 [email protected]. 00000000018efe3c 00 00 00 00 0c 0f 00 00 - 10 0f 00 00 03 c9 89 02 ................ 00000000018efe4c 00 00 00 00 02 f0 eb 02 - 01 00 62 89 a0 ec 7d b6 ..........b...}. 00000000018efe5c 62 6c 84 80 2c 00 30 c0 - a8 bb 62 89 72 6d 84 80 bl..,.0...b.rm.. 00000000018efe6c 01 00 00 c0 1c 00 00 00 - 0c 0f 00 00 10 0f 00 00 ................ 00000000018efe7c 84 0e 00 00 02 00 01 00 - 06 00 e6 77 00 00 00 00 ...........w.... 00000000018efe8c 00 00 00 00 46 38 d3 0e - 69 9e c9 01 95 00 00 00 ....F8..i....... 00000000018efe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 a4 d5 81 89 ................ 00000000018efeac ec eb 7d b6 00 13 b9 89 - b5 b8 89 80 88 bc 62 89 ..}...........b. 00000000018efebc 70 cc 57 89 a8 bb 62 89 - 00 00 00 00 00 00 00 00 p.W...b......... 00000000018efecc ae 41 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 .A.............. 00000000018efedc e0 eb 7d b6 d9 43 a8 80 - 02 00 00 00 00 00 00 00 ..}..C.......... 00000000018efeec f4 43 a8 80 00 00 00 00 - 02 00 00 00 f0 eb 7d b6 .C............}. 00000000018efefc 56 44 a8 80 00 00 00 00 - 00 00 00 00 1c ec 7d b6 VD............}. 00000000018eff0c c7 d5 83 80 f0 98 ae 88 - 98 99 ae 88 00 00 00 00 ................ 00000000018eff1c f0 98 ae 88 01 00 00 00 - ff ff ff ff 00 00 00 00 ................ 00000000018eff2c 7c fa df ff 84 ff 8e 01 - a6 84 c8 77 4c ff 8e 01 |..........wL... 00000000018eff3c b6 84 c8 77 ab a3 81 7c - 28 8a 19 00 00 ae 19 00 ...w...|(....... 00000000018eff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[..... Application exception occurred: App: C:\Program Files\G6 FTP Server\G6FTPSrv.exe (pid=3852) When: 06.03.2009 @ 15:58:45.096 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: SERVER User Name: Felles Terminal Session Id: 1 Number of Processors: 2 Processor Type: x86 Family 15 Model 2 Stepping 9 Windows Version: 5.2 Current Build: 3790 Service Pack: 2 Current Type: Multiprocessor Free Registered Organization: Registered Owner: Felles *----> Task List <----* 0 System Process 4 System 316 smss.exe 364 csrss.exe 388 winlogon.exe 436 services.exe 448 lsass.exe 644 svchost.exe 716 svchost.exe 788 svchost.exe 804 svchost.exe 852 svchost.exe 908 ccSetMgr.exe 936 ccEvtMgr.exe 1044 SPBBCSvc.exe 1220 spoolsv.exe 1244 msdtc.exe 1360 DefWatch.exe 1408 svchost.exe 1456 jqs.exe 1516 svchost.exe 1584 Rtvscan.exe 1716 tssdis.exe 2012 svchost.exe 2064 alg.exe 2576 wmiprvse.exe 2828 logon.scr 3136 csrss.exe 3164 winlogon.exe 3356 rdpclip.exe 3436 Explorer.EXE 3512 ccApp.exe 3524 VPTray.exe 3580 jusched.exe 3588 ctfmon.exe 3680 svchost.exe 3852 G6FTPSrv.exe 3896 uTorrent.exe 668 drwtsn32.exe *----> Module List <----* 0000000000400000 - 0000000000570000: C:\Program Files\G6 FTP Server\G6FTPSrv.exe 0000000001520000 - 0000000001531000: C:\WINDOWS\system32\nl_msgc.dll 0000000010000000 - 0000000010015000: C:\Program Files\NetLimiter\nl_lsp.dll 000000004b3c0000 - 000000004b410000: C:\WINDOWS\system32\MSCTF.dll 000000005f270000 - 000000005f2ca000: C:\WINDOWS\system32\hnetcfg.dll 0000000071ae0000 - 0000000071ae8000: C:\WINDOWS\System32\wshtcpip.dll 0000000071b20000 - 0000000071b61000: C:\WINDOWS\System32\mswsock.dll 0000000071bb0000 - 0000000071bb9000: C:\WINDOWS\system32\wsock32.dll 0000000071bc0000 - 0000000071bc8000: C:\WINDOWS\system32\rdpsnd.dll 0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\mpr.dll 0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll 0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll 0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll 0000000073070000 - 0000000073097000: C:\WINDOWS\system32\winspool.drv 0000000073440000 - 0000000073445000: C:\WINDOWS\system32\RICHED32.DLL 0000000074c40000 - 0000000074caf000: C:\WINDOWS\system32\RICHED20.dll 0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll 00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll 0000000076520000 - 000000007653d000: C:\WINDOWS\System32\CSCDLL.dll 00000000768e0000 - 00000000768e8000: C:\WINDOWS\system32\LINKINFO.dll 00000000768f0000 - 0000000076915000: C:\WINDOWS\system32\ntshrui.dll 0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\USERENV.dll 0000000076aa0000 - 0000000076acd000: C:\WINDOWS\system32\winmm.dll 0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL 0000000076ed0000 - 0000000076efa000: C:\WINDOWS\system32\DNSAPI.dll 0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\WLDAP32.dll 0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll 0000000076f70000 - 0000000076f77000: C:\WINDOWS\System32\winrnr.dll 0000000076f80000 - 0000000076f85000: C:\WINDOWS\system32\rasadhlp.dll 0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll 00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll 00000000771f0000 - 0000000077201000: C:\WINDOWS\system32\WINSTA.dll 0000000077380000 - 0000000077411000: C:\WINDOWS\system32\user32.dll 0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll 0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\comctl32.dll 0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll 00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL 0000000077b00000 - 0000000077b54000: C:\WINDOWS\System32\cscui.dll 0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\version.dll 0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll 0000000077c00000 - 0000000077c49000: C:\WINDOWS\system32\GDI32.dll 0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll 0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\oleaut32.dll 0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll 0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll 0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll 000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll 000000007c8d0000 - 000000007d0cf000: C:\WINDOWS\system32\shell32.dll *----> State Dump for Thread Id 0xf10 <----* eax=036dc368 ebx=00000000 ecx=0000002d edx=00000060 esi=00000000 edi=00000000 eip=7c8285ec esp=0012ff00 ebp=0012ff30 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\Program Files\G6 FTP Server\G6FTPSrv.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\G6 FTP Server\G6FTPSrv.exe *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0012ff30 0043c7f4 00010112 00000113 00000001 ntdll!KiFastSystemCallRet 0012ff6c 00504550 0012ffb4 0050456b 0012ffc0 G6FTPSrv+0x3c7f4 0012ffc0 77e6f23b 00000000 00000000 7ffdb000 G6FTPSrv+0x104550 0012fff0 00000000 00401000 00000000 78746341 kernel32!ProcessIdToSessionId+0x209 *----> Raw Stack Dump <----* 000000000012ff00 53 bf 39 77 40 d0 43 00 - 5c ff 12 00 5b d0 43 00 [email protected].\...[.C. 000000000012ff10 30 ff 12 00 00 00 00 00 - 00 00 00 00 60 13 f5 00 0...........`... 000000000012ff20 00 00 00 00 00 00 00 00 - 00 00 00 01 60 13 f5 00 ............`... 000000000012ff30 6c ff 12 00 f4 c7 43 00 - 12 01 01 00 13 01 00 00 l.....C......... 000000000012ff40 01 00 00 00 00 00 00 00 - e0 c3 b5 1e 9e 03 00 00 ................ 000000000012ff50 16 00 00 00 e0 bf 45 00 - f2 c9 43 00 74 ff 12 00 ......E...C.t... 000000000012ff60 16 ca 43 00 6c ff 12 00 - 60 13 f5 00 c0 ff 12 00 ..C.l...`....... 000000000012ff70 50 45 50 00 b4 ff 12 00 - 6b 45 50 00 c0 ff 12 00 PEP.....kEP..... 000000000012ff80 00 00 00 00 00 b0 fd 7f - fc dd f6 00 40 96 f6 00 ............@... 000000000012ff90 78 96 f6 00 ac 1b f5 00 - 00 00 00 00 00 00 00 00 x............... 000000000012ffa0 f4 1b f5 00 2c 1c f5 00 - cc 1a f5 00 04 1b f5 00 ....,........... 000000000012ffb0 a4 19 f5 00 e0 ff 12 00 - 30 39 40 00 c0 ff 12 00 ........09@..... 000000000012ffc0 f0 ff 12 00 3b f2 e6 77 - 00 00 00 00 00 00 00 00 ....;..w........ 000000000012ffd0 00 b0 fd 7f 00 00 00 00 - c8 ff 12 00 e4 ec 68 b6 ..............h. 000000000012ffe0 ff ff ff ff 60 1a e6 77 - 48 f2 e6 77 00 00 00 00 ....`..wH..w.... 000000000012fff0 00 00 00 00 00 00 00 00 - 00 10 40 00 00 00 00 00 ..........@..... 0000000000130000 41 63 74 78 20 00 00 00 - 01 00 00 00 80 4f 00 00 Actx ........O.. 0000000000130010 24 01 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 $....... ....... 0000000000130020 14 00 00 00 01 00 00 00 - 0a 00 00 00 34 00 00 00 ............4... 0000000000130030 b4 01 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf20 <----* eax=00000000 ebx=00f51a70 ecx=0118ff64 edx=00000030 esi=00000000 edi=0118ff2c eip=7c8285ec esp=0118feec ebp=0118ff54 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0118ff54 00471506 00124f80 ffffffff 0118ff8c ntdll!KiFastSystemCallRet 0118ff84 0041a1f7 0118ffac 0041a232 0118ffa4 G6FTPSrv+0x71506 0118ffa4 00403d26 0118ffdc 00403930 0118ffb8 G6FTPSrv+0x1a1f7 0118ffb8 77e64829 00f51aac 00000000 00000000 G6FTPSrv+0x3d26 0118ffec 00000000 00403cfc 00f51aac 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000118feec 4b 6f 82 7c d1 1e e4 77 - ff ff ff ff 2c ff 18 01 Ko.|...w....,... 000000000118fefc 00 00 00 00 00 00 00 00 - 70 1a f5 00 24 00 00 00 ........p...$... 000000000118ff0c 01 00 00 00 00 00 00 00 - 00 00 00 00 30 00 00 00 ............0... 000000000118ff1c ff ff ff ff ff ff ff ff - 01 1f e4 77 00 00 00 00 ...........w.... 000000000118ff2c 00 88 be 34 fd ff ff ff - 00 00 00 00 2c ff 18 01 ...4........,... 000000000118ff3c fc fe 18 01 da 00 02 00 - 64 ff 18 01 60 1a e6 77 ........d...`..w 000000000118ff4c 60 16 e6 77 00 00 00 00 - 84 ff 18 01 06 15 47 00 `..w..........G. 000000000118ff5c 80 4f 12 00 ff ff ff ff - 8c ff 18 01 61 15 47 00 .O..........a.G. 000000000118ff6c 84 ff 18 01 ac 1a f5 00 - 00 00 00 00 00 00 00 00 ................ 000000000118ff7c c0 1b f5 00 d4 1b f5 00 - a4 ff 18 01 f7 a1 41 00 ..............A. 000000000118ff8c ac ff 18 01 32 a2 41 00 - a4 ff 18 01 00 00 00 00 ....2.A......... 000000000118ff9c ac 1a f5 00 70 1a f5 00 - b8 ff 18 01 26 3d 40 00 ....p.......&=@. 000000000118ffac dc ff 18 01 30 39 40 00 - b8 ff 18 01 ec ff 18 01 ....09@......... 000000000118ffbc 29 48 e6 77 ac 1a f5 00 - 00 00 00 00 00 00 00 00 )H.w............ 000000000118ffcc ac 1a f5 00 00 00 00 00 - c4 ff 18 01 5d 06 85 80 ............]... 000000000118ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000118ffec 00 00 00 00 00 00 00 00 - fc 3c 40 00 ac 1a f5 00 .........<@..... 000000000118fffc 00 00 00 00 1f 7c 1f 7c - 1f 7c 1f 7c 1f 7c 1f 7c .....|.|.|.|.|.| 000000000119000c 1f 7c 1f 7c 1f 7c 1f 7c - 1f 7c 1f 7c 1f 7c 1f 7c .|.|.|.|.|.|.|.| 000000000119001c 1f 7c 1f 7c 1f 7c 1f 7c - 1f 7c 1f 7c 1f 7c 1f 7c .|.|.|.|.|.|.|.| *----> State Dump for Thread Id 0xf24 <----* eax=00000000 ebx=00f61060 ecx=0131fee0 edx=7c8285ec esi=00000000 edi=0131ff2c eip=7c8285ec esp=0131feec ebp=0131ff54 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0131ff54 00471506 000003e8 ffffffff 0131ff8c ntdll!KiFastSystemCallRet 0131ff84 0041a1f7 0131ffac 0041a232 0131ffa4 G6FTPSrv+0x71506 0131ffa4 00403d26 0131ffdc 00403930 0131ffb8 G6FTPSrv+0x1a1f7 0131ffb8 77e64829 00f55448 00000000 00000000 G6FTPSrv+0x3d26 0131ffec 00000000 00403cfc 00f55448 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000131feec 4b 6f 82 7c d1 1e e4 77 - ff ff ff ff 2c ff 31 01 Ko.|...w....,.1. 000000000131fefc 00 00 00 00 00 00 00 00 - 60 10 f6 00 24 00 00 00 ........`...$... 000000000131ff0c 01 00 00 00 00 00 00 00 - 00 00 00 00 30 00 00 00 ............0... 000000000131ff1c ff ff ff ff ff ff ff ff - 01 1f e4 77 00 00 00 00 ...........w.... 000000000131ff2c 80 69 67 ff ff ff ff ff - 00 00 00 00 2c ff 31 01 .ig.........,.1. 000000000131ff3c fc fe 31 01 da 00 02 00 - 64 ff 31 01 60 1a e6 77 ..1.....d.1.`..w 000000000131ff4c 60 16 e6 77 00 00 00 00 - 84 ff 31 01 06 15 47 00 `..w......1...G. 000000000131ff5c e8 03 00 00 ff ff ff ff - 8c ff 31 01 61 15 47 00 ..........1.a.G. 000000000131ff6c 84 ff 31 01 48 54 f5 00 - 00 00 00 00 00 00 00 00 ..1.HT.......... 000000000131ff7c 0c fa f6 00 50 a7 f6 00 - a4 ff 31 01 f7 a1 41 00 ....P.....1...A. 000000000131ff8c ac ff 31 01 32 a2 41 00 - a4 ff 31 01 00 00 00 00 ..1.2.A...1..... 000000000131ff9c 48 54 f5 00 60 10 f6 00 - b8 ff 31 01 26 3d 40 00 HT..`.....1.&=@. 000000000131ffac dc ff 31 01 30 39 40 00 - b8 ff 31 01 ec ff 31 01 [email protected]. 000000000131ffbc 29 48 e6 77 48 54 f5 00 - 00 00 00 00 00 00 00 00 )H.wHT.......... 000000000131ffcc 48 54 f5 00 00 00 00 00 - c4 ff 31 01 5d 06 85 80 HT........1.]... 000000000131ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000131ffec 00 00 00 00 00 00 00 00 - fc 3c 40 00 48 54 f5 00 .........<@.HT.. 000000000131fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000132000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000132001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf28 <----* eax=00000000 ebx=00f614ac ecx=0141fee0 edx=7c8285ec esi=00000000 edi=0141ff2c eip=7c8285ec esp=0141feec ebp=0141ff54 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0141ff54 00471506 000003e8 ffffffff 0141ff8c ntdll!KiFastSystemCallRet 0141ff84 0041a1f7 0141ffac 0041a232 0141ffa4 G6FTPSrv+0x71506 0141ffa4 00403d26 0141ffdc 00403930 0141ffb8 G6FTPSrv+0x1a1f7 0141ffb8 77e64829 00f62a70 00000000 00000000 G6FTPSrv+0x3d26 0141ffec 00000000 00403cfc 00f62a70 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000141feec 4b 6f 82 7c d1 1e e4 77 - ff ff ff ff 2c ff 41 01 Ko.|...w....,.A. 000000000141fefc 00 00 00 00 00 00 00 00 - ac 14 f6 00 24 00 00 00 ............$... 000000000141ff0c 01 00 00 00 00 00 00 00 - 00 00 00 00 30 00 00 00 ............0... 000000000141ff1c ff ff ff ff ff ff ff ff - 01 1f e4 77 00 00 00 00 ...........w.... 000000000141ff2c 80 69 67 ff ff ff ff ff - 00 00 00 00 2c ff 41 01 .ig.........,.A. 000000000141ff3c fc fe 41 01 da 00 02 00 - 64 ff 41 01 60 1a e6 77 ..A.....d.A.`..w 000000000141ff4c 60 16 e6 77 00 00 00 00 - 84 ff 41 01 06 15 47 00 `..w......A...G. 000000000141ff5c e8 03 00 00 ff ff ff ff - 8c ff 41 01 61 15 47 00 ..........A.a.G. 000000000141ff6c 84 ff 41 01 70 2a f6 00 - 00 00 00 00 00 00 00 00 ..A.p*.......... 000000000141ff7c 2c 3c f6 00 40 3c f6 00 - a4 ff 41 01 f7 a1 41 00 ,<..@<....A...A. 000000000141ff8c ac ff 41 01 32 a2 41 00 - a4 ff 41 01 00 00 00 00 ..A.2.A...A..... 000000000141ff9c 70 2a f6 00 ac 14 f6 00 - b8 ff 41 01 26 3d 40 00 p*........A.&=@. 000000000141ffac dc ff 41 01 30 39 40 00 - b8 ff 41 01 ec ff 41 01 [email protected]. 000000000141ffbc 29 48 e6 77 70 2a f6 00 - 00 00 00 00 00 00 00 00 )H.wp*.......... 000000000141ffcc 70 2a f6 00 00 00 00 00 - c4 ff 41 01 5d 06 85 80 p*........A.]... 000000000141ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000141ffec 00 00 00 00 00 00 00 00 - fc 3c 40 00 70 2a f6 00 .........<@.p*.. 000000000141fffc 00 00 00 00 c8 00 00 00 - c9 01 00 00 ff ee ff ee ................ 000000000142000c 02 10 01 00 00 00 01 00 - 00 fe 00 00 00 00 10 00 ................ 000000000142001c 00 20 00 00 00 02 00 00 - 00 20 00 00 26 02 00 00 . ....... ..&... *----> State Dump for Thread Id 0xf40 <----* eax=00000000 ebx=01541fe8 ecx=71b3a269 edx=00000010 esi=000001ac edi=00000000 eip=7c8285ec esp=0167fefc ebp=0167ff6c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nl_msgc.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nl_msgc.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0167ff6c 01521ced 000001ac ffffffff 00000001 ntdll!KiFastSystemCallRet 0167ffb8 77e64829 01541fe8 00000000 00000000 nl_msgc+0x1ced 0167ffec 00000000 01524129 01541fe8 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 000000000167fefc 0b 7d 82 7c 1e 1d e6 77 - ac 01 00 00 01 00 00 00 .}.|...w........ 000000000167ff0c 00 00 00 00 96 1c e6 77 - b0 1f 54 01 e8 1f 54 01 .......w..T...T. 000000000167ff1c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000167ff2c 30 00 00 00 ff ff ff ff - ff ff ff ff ef 13 e5 77 0..............w 000000000167ff3c 00 00 00 00 e8 1f 54 01 - 96 1c e6 77 00 b0 fd 7f ......T....w.... 000000000167ff4c 00 00 00 00 90 20 55 01 - 10 ff 67 01 b8 ff 67 01 ..... U...g...g. 000000000167ff5c a8 ff 67 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..g.`..wH..w.... 000000000167ff6c b8 ff 67 01 ed 1c 52 01 - ac 01 00 00 ff ff ff ff ..g...R......... 000000000167ff7c 01 00 00 00 00 00 00 00 - 80 20 54 01 98 41 52 01 ......... T..AR. 000000000167ff8c b0 1f 54 01 00 00 00 00 - 00 00 00 00 e8 1f 54 01 ..T...........T. 000000000167ff9c 01 00 00 00 90 ff 67 01 - 5e 00 85 80 dc ff 67 01 ......g.^.....g. 000000000167ffac 20 36 52 01 28 a7 52 01 - 00 00 00 00 ec ff 67 01 6R.(.R.......g. 000000000167ffbc 29 48 e6 77 e8 1f 54 01 - 00 00 00 00 00 00 00 00 )H.w..T......... 000000000167ffcc e8 1f 54 01 00 00 00 00 - c4 ff 67 01 5d 06 85 80 ..T.......g.]... 000000000167ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000167ffec 00 00 00 00 00 00 00 00 - 29 41 52 01 e8 1f 54 01 ........)AR...T. 000000000167fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000168002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ *----> State Dump for Thread Id 0xf44 <----* eax=10001b00 ebx=01552058 ecx=00000000 edx=00000000 esi=000001c4 edi=00000000 eip=7c8285ec esp=0177ff1c ebp=0177ff8c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* *** WARNING: Unable to verify checksum for C:\Program Files\NetLimiter\nl_lsp.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\NetLimiter\nl_lsp.dll - ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 0177ff8c 77e61c8d 000001c4 ffffffff 00000000 ntdll!KiFastSystemCallRet 0177ffa0 1000198f 000001c4 ffffffff 00000000 kernel32!WaitForSingleObject+0x12 0177ffec 00000000 10001b00 01552058 00000000 nl_lsp+0x198f *----> Raw Stack Dump <----* 000000000177ff1c 0b 7d 82 7c 1e 1d e6 77 - c4 01 00 00 00 00 00 00 .}.|...w........ 000000000177ff2c 00 00 00 00 7b 1c e6 77 - 58 20 55 01 58 20 55 01 ....{..wX U.X U. 000000000177ff3c 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 000000000177ff4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000177ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 b0 fd 7f ................ 000000000177ff6c 00 00 00 00 00 00 00 00 - 30 ff 77 01 90 d2 ba 88 ........0.w..... 000000000177ff7c dc ff 77 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..w.`..wH..w.... 000000000177ff8c a0 ff 77 01 8d 1c e6 77 - c4 01 00 00 ff ff ff ff ..w....w........ 000000000177ff9c 00 00 00 00 ec ff 77 01 - 8f 19 00 10 c4 01 00 00 ......w......... 000000000177ffac ff ff ff ff 00 00 00 00 - 00 00 00 00 0d 1b 00 10 ................ 000000000177ffbc 29 48 e6 77 58 20 55 01 - 00 00 00 00 00 00 00 00 )H.wX U......... 000000000177ffcc 58 20 55 01 00 00 00 00 - c4 ff 77 01 5d 06 85 80 X U.......w.]... 000000000177ffdc ff ff ff ff 60 1a e6 77 - 30 48 e6 77 00 00 00 00 ....`..w0H.w.... 000000000177ffec 00 00 00 00 00 00 00 00 - 00 1b 00 10 58 20 55 01 ............X U. 000000000177fffc 00 00 00 00 c8 00 00 00 - d4 01 00 00 ff ee ff ee ................ 000000000178000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 20 00 .............. . 000000000178001c 00 20 00 00 00 02 00 00 - 00 20 00 00 f5 01 00 00 . ....... ...... 000000000178002c ff ef fd 7f 0e 00 08 06 - 00 00 00 00 00 00 00 00 ................ 000000000178003c 00 00 00 00 00 00 00 00 - 98 05 78 01 0f 00 00 00 ..........x..... 000000000178004c f8 ff ff ff 50 00 78 01 - 50 00 78 01 40 06 78 01 [email protected]. *----> State Dump for Thread Id 0xf48 <----* eax=71bf2b9d ebx=0016c9d0 ecx=00000000 edx=00000000 esi=7c826f3f edi=0016c9d0 eip=7c8285ec esp=018bfe88 ebp=018bffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 018bffb8 77e64829 0016c9d0 00000000 00000000 ntdll!KiFastSystemCallRet 018bffec 00000000 71bf2b9d 0016c9d0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 00000000018bfe88 4b 6f 82 7c 0d 2c bf 71 - 01 00 00 00 a0 fe 8b 01 Ko.|.,.q........ 00000000018bfe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 80 ................ 00000000018bfea8 00 00 00 00 00 00 00 00 - 43 3a 5c 57 49 4e 44 4f ........C:\WINDO 00000000018bfeb8 57 53 5c 73 79 73 74 65 - 6d 33 32 5c 57 53 32 48 WS\system32\WS2H 00000000018bfec8 45 4c 50 2e 64 6c 6c 00 - 00 00 00 00 00 00 00 00 ELP.dll......... 00000000018bfed8 02 02 00 00 e0 db 4f b6 - d9 43 a8 80 02 00 00 00 ......O..C...... 00000000018bfee8 00 00 00 00 f4 43 a8 80 - 00 00 00 00 02 00 00 00 .....C.......... 00000000018bfef8 f0 db 4f b6 56 44 a8 80 - 00 00 00 00 00 00 00 00 ..O.VD.......... 00000000018bff08 1c dc 4f b6 c7 d5 83 80 - 20 c0 ba 88 c8 c0 ba 88 ..O..... ....... 00000000018bff18 01 00 00 00 20 c0 ba 88 - 01 00 00 00 ff ff ff ff .... ........... 00000000018bff28 01 00 00 00 7c fa 72 f7 - 91 bd 93 80 00 70 fd 7f ....|.r......p.. 00000000018bff38 20 c0 ba 88 00 00 00 00 - 20 c0 ba 88 30 25 a8 80 ....... ...0%.. 00000000018bff48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000018bff58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00000000018bff68 00 00 00 00 20 f1 72 f7 - 00 00 00 00 00 00 00 00 .... .r......... 00000000018bff78 20 c0 ba 88 c4 dc 4f b6 - 75 06 85 80 b0 c1 ba 88 .....O.u....... 00000000018bff88 05 00 00 00 00 00 00 00 - 00 00 00 00 30 25 a8 80 ............0%.. 00000000018bff98 01 00 00 00 01 00 00 00 - c4 dc 4f b6 5e 00 85 80 ..........O.^... 00000000018bffa8 00 00 00 00 00 00 00 00 - 00 02 00 00 8d 7f 00 00 ................ 00000000018bffb8 ec ff 8b 01 29 48 e6 77 - d0 c9 16 00 00 00 00 00 ....)H.w........ *----> State Dump for Thread Id 0xf4c <----* eax=00000000 ebx=01da51e4 ecx=fffffffc edx=00000000 esi=01da51e0 edi=00000004 eip=7c84afb2 esp=019bfdcc ebp=019bfdf4 iopl=0 nv up ei pl nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213 function: ntdll!RtlIpv4StringToAddressExW 7c84af98 5b pop ebx 7c84af99 8be5 mov esp,ebp 7c84af9b 5d pop ebp 7c84af9c c20800 ret 0x8 7c84af9f 33c0 xor eax,eax 7c84afa1 8945f0 mov [ebp-0x10],eax 7c84afa4 8945f8 mov [ebp-0x8],eax 7c84afa7 8b06 mov eax,[esi] 7c84afa9 83f8ff cmp eax,0xffffffff 7c84afac 0f845122ffff je ntdll!RtlLockHeap+0x1de (7c83d203) FAULT ->7c84afb2 ff4014 inc dword ptr [eax+0x14] ds:0023:00000014=???????? 7c84afb5 e94922ffff jmp ntdll!RtlLockHeap+0x1de (7c83d203) 7c84afba a0ecb5887c mov al,[ntdll!NlsMbOemCodePageTag+0x3ec4 (7c88b5ec)] 7c84afbf 84c0 test al,al 7c84afc1 7513 jnz ntdll!RtlIpv4StringToAddressExW+0x9658 (7c84afd6) 7c84afc3 0fb715f202fe7f movzx edx,word ptr [sharedUserData+0x2f2 (7ffe02f2)] 7c84afca 3915f0b5887c cmp [ntdll!NlsMbOemCodePageTag+0x3ec8 (7c88b5f0)],edx 7c84afd0 0f844922ffff je ntdll!RtlLockHeap+0x1fa (7c83d21f) 7c84afd6 64a118000000 mov eax,fs:[00000018] 7c84afdc f680680f000001 test byte ptr [eax+0xf68],0x1 7c84afe3 0f853622ffff jne ntdll!RtlLockHeap+0x1fa (7c83d21f) *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 019bfdf4 7c83d281 00001590 00000004 00000002 ntdll!RtlIpv4StringToAddressExW+0x9634 019bfe14 10003666 01da51e0 00010140 0155ef08 ntdll!RtlLockHeap+0x25c 7c81a360 558b51ec 728d5608 75895704 0000b8fc nl_lsp+0x3666 8b55ff8b 00000000 00000000 00000000 00000000 0x558b51ec *----> Raw Stack Dump <----* 00000000019bfdcc 01 00 00 00 e4 51 da 01 - 00 00 00 00 00 00 00 00 .....Q.......... 00000000019bfddc 08 00 00 00 00 60 fd 7f - 00 00 00 00 00 00 00 00 .....`.......... 00000000019bfdec 00 00 00 00 00 00 00 00 - 14 fe 9b 01 81 d2 83 7c ...............| 00000000019bfdfc 90 15 00 00 04 00 00 00 - 02 00 00 00 00 00 00 00 ................ 00000000019bfe0c 58 51 da 01 04 00 00 00 - 60 a3 81 7c 66 36 00 10 XQ......`..|f6.. 00000000019bfe1c e0 51 da 01 40 01 01 00 - 08 ef 55 01 ea c0 00 00 [email protected]..... 00000000019bfe2c 02 00 00 00 90 20 55 01 - e0 51 da 01 08 ef 55 01 ..... U..Q....U. 00000000019bfe3c ba 10 00 10 02 00 00 00 - c0 38 00 00 3c 11 00 10 .........8..<... 00000000019bfe4c ea c0 00 00 c0 38 00 00 - c0 38 00 00 02 00 00 00 .....8...8...... 00000000019bfe5c e0 fe 9b 01 10 11 00 10 - 94 fe 9b 01 00 00 00 00 ................ 00000000019bfe6c e3 b6 39 77 40 01 01 00 - ea c0 00 00 c0 38 00 00 [email protected].. 00000000019bfe7c 02 00 00 00 10 11 00 10 - cd ab ba dc 00 00 00 00 ................ 00000000019bfe8c e0 fe 9b 01 10 11 00 10 - 0c ff 9b 01 74 b8 39 77 ............t.9w 00000000019bfe9c 10 11 00 10 40 01 01 00 - ea c0 00 00 c0 38 00 00 [email protected].. 00000000019bfeac 02 00 00 00 a8 ff 9b 01 - a0 ff 9b 01 40 7d 76 00 ............@}v. 00000000019bfebc 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $............... 00000000019bfecc 30 00 00 00 ff ff ff ff - ff ff ff ff 2a b8 39 77 0...........*.9w 00000000019bfedc 00 00 00 00 00 00 00 00 - ff ff ff ff 00 00 00 00 ................ 00000000019bfeec 00 00 00 00 00 00 00 00 - b0 fe 9b 01 f8 f9 9b 01 ................ 00000000019bfefc 64 ff 9b 01 18 af 3a 77 - 90 b8 39 77 00 00 00 00 d.....:w..9w.... *----> State Dump for Thread Id 0xf50 <----* eax=71c126e5 ebx=c0000000 ecx=00000002 edx=01f77420 esi=00000000 edi=71b591fc eip=7c8285ec esp=01abff80 ebp=01abffb8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function: ntdll!KiFastSystemCallRet 7c8285ce e82c000000 call ntdll!RtlRaiseException (7c8285ff) 7c8285d3 8b0424 mov eax,[esp] 7c8285d6 8be5 mov esp,ebp 7c8285d8 5d pop ebp 7c8285d9 c3 ret 7c8285da 8da42400000000 lea esp,[esp] 7c8285e1 8da42400000000 lea esp,[esp] ntdll!KiFastSystemCall: 7c8285e8 8bd4 mov edx,esp 7c8285ea 0f34 sysenter ntdll!KiFastSystemCallRet: 7c8285ec c3 ret 7c8285ed 8da42400000000 lea esp,[esp] 7c8285f4 8d642400 lea esp,[esp] ntdll!KiIntSystemCall: 7c8285f8 8d542408 lea edx,[esp+0x8] 7c8285fc cd2e int 2e 7c8285fe c3 ret ntdll!RtlRaiseException: 7c8285ff 55 push ebp 7c828600 8bec mov ebp,esp 7c828602 8da42430fdffff lea esp,[esp-0x2d0] *----> Stack Back Trace <----* ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 01abffb8 77e64829 71b36383 00000000 00000000 ntdll!KiFastSystemCallRet 01abffec 00000000 71b258ab 001658e0 00000000 kernel32!GetModuleHandleA+0xdf *----> Raw Stack Dump <----* 0000000001abff80 db 77 82 7c 14 59 b2 71 - ec 01 00 00 c0 ff ab 01 .w.|.Y.q........ 0000000001abff90 b4 ff ab 01 a8 ff ab 01 - 00 00 00 00 00 00 00 00 ................ 0000000001abffa0 00 00 00 00 e0 58 16 00 - 00 00 00 00 1c 00 00 00 .....X.......... 0000000001abffb0 00 00 b2 71 00 32 78 01 - ec ff ab 01 29 48 e6 77 ...q.2x.....)H.w 0000000001abffc0 83 63 b3 71 00 00 00 00 - 00 00 00 00 e0 58 16 00 .c.q.........X.. 0000000001abffd0 00 00 00 00 c4 ff ab 01 - 5d 06 85 80 ff ff ff ff ........]....... 0000000001abffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........ 0000000001abfff0 00 00 00 00 ab 58 b2 71 - e0 58 16 00 00 00 00 00 .....X.q.X...... 0000000001ac0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0000000001ac00b0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå