Faulting Application Explorer.exe ,v 6.0.2800.1221,faulting module shell32.dll,error

ah ysterday before i installed fresh windows xp i had installed a trojan scanner on my pc and when i uninstalled it,it started giving me strange exe errors like this one.'Faulting Application Explorer.exe ,v 6.0.2800.1221,faulting module shell32.dll,version 6.0'.this happened on the previous installation of windows before i reformatted it that whenever i tried to copy paste any folder or anything it wld give me this exact same error.today just a few minutes back i received this error while copying and pasting a file again.i just dont know where the problem is lying as i was hoping on a fresh install nothing like this wld happen.Hoping for a reply soon.

Siro

 

Have you tried an "SFC /SCANNOW" http://support.microsoft.com/default.aspx?scid=kb;en-us;310747

It sounds like there is some reminant of the scanner left as a shell extension. Can you post your dr watson log entry for one of these crashes? This might be a good canidate to give microsoft a call for to analyze the crash.

 

How Do I Copy the log with dr watson

Well i am initially checking the microsoft article that u have provided me with but what is the way of copying the error log with dr watson.please help....

 

Open Drwtsn32.log with notepad. Contents is all text.

 

Dr Watson Log

Application exception occurred:
App: C:\WINDOWS\explorer.exe (pid=3324)
When: 6/28/2004 @ 13:09:39.734
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: BLICK-TZ7QMEPM
User Name: ***
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Uniprocessor Free
Registered Organization: ***
Registered Owner: ***

*----> Task List <----*
0 System Process
4 System
480 smss.exe
536 csrss.exe
560 winlogon.exe
604 services.exe
616 lsass.exe
776 svchost.exe
840 svchost.exe
940 svchost.exe
1000 svchost.exe
1292 spoolsv.exe
1476 CTHELPER.EXE
1512 FSM32.EXE
1548 MsgPlus.exe
1556 jusched.exe
1740 msnmsgr.exe
1820 SERVIC~1.EXE
1844 DkService.exe
1880 fsgk32st.exe
1908 FSGK32.EXE
1920 fsbwsys.exe
1952 fssm32.exe
1956 FSMA32.EXE
1980 nvsvc32.exe
620 BackWeb-7681197.exe
800 FSMB32.EXE
1080 FCH32.EXE
1600 FAMEH32.EXE
1620 FNRB32.EXE
2056 FIH32.EXE
2068 fsav32.exe
2288 fsdfwd.exe
3728 mozilla.exe
3324 explorer.exe
3556 drwtsn32.exe

*----> Module List <----*
(0000000000900000 - 0000000000a38000: h:\Program Files\Messenger Plus! 3\MsgPlusH.dll
(0000000001000000 - 00000000010f7000: C:\WINDOWS\explorer.exe
(00000000011c0000 - 00000000011d0000: C:\WINDOWS\System32\ctagent.dll
(00000000011e0000 - 00000000013e1000: C:\WINDOWS\System32\msi.dll
(0000000001960000 - 0000000001992000: C:\WINDOWS\System32\ODBC32.dll
(00000000019d0000 - 00000000019d9000: h:\Program Files\F-Secure\Common\fpshx.dll
(00000000019e0000 - 00000000019ec000: h:\Program Files\F-Secure\Common\FSHXENG.DLL
(0000000001be0000 - 0000000001bfa000: h:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
(0000000010000000 - 0000000010006000: C:\DOCUME~1\MOHAMM~1\LOCALS~1\Temp\IadHide4.dll
(0000000017000000 - 0000000017016000: h:\Program Files\F-Secure\Common\FSMA32.dll
(0000000018000000 - 0000000018011000: h:\Program Files\F-Secure\Common\FSPMAPI.dll
(000000001a400000 - 000000001a47a000: C:\WINDOWS\system32\urlmon.dll
(000000001f850000 - 000000001f866000: C:\WINDOWS\System32\odbcint.dll
(0000000055900000 - 0000000055961000: C:\WINDOWS\System32\MSVCP60.dll
(00000000559e0000 - 0000000055a51000: C:\WINDOWS\System32\themeui.dll
(000000005ad70000 - 000000005ada4000: C:\WINDOWS\System32\UxTheme.dll
(000000005b0a0000 - 000000005b0a7000: C:\WINDOWS\System32\umdmxfrm.dll
(000000005cd70000 - 000000005cd77000: C:\WINDOWS\System32\serwvdrv.dll
(0000000063000000 - 0000000063096000: C:\WINDOWS\system32\WININET.dll
(000000006c1b0000 - 000000006c1f4000: C:\WINDOWS\System32\DUSER.dll
(0000000070a70000 - 0000000070ad5000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000071500000 - 00000000715fd000: C:\WINDOWS\System32\BROWSEUI.dll
(0000000071700000 - 0000000071849000: C:\WINDOWS\System32\SHDOCVW.dll
(0000000071950000 - 0000000071a34000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\System32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac4000: C:\WINDOWS\System32\WS2_32.dll
(0000000071b20000 - 0000000071b31000: C:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c01000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071c10000 - 0000000071c1d000: C:\WINDOWS\System32\ntlanman.dll
(0000000071c20000 - 0000000071c6e000: C:\WINDOWS\System32\NETAPI32.dll
(0000000071c80000 - 0000000071c86000: C:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071ccc000: C:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce6000: C:\WINDOWS\System32\NETUI0.dll
(0000000071d40000 - 0000000071d5b000: C:\WINDOWS\System32\actxprxy.dll
(0000000072430000 - 0000000072442000: C:\WINDOWS\System32\browselc.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\System32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\System32\wdmaud.drv
(0000000073000000 - 0000000073023000: C:\WINDOWS\System32\WINSPOOL.DRV
(0000000073dd0000 - 0000000073ec2000: C:\WINDOWS\System32\MFC42.DLL
(0000000074ad0000 - 0000000074ad7000: C:\WINDOWS\System32\POWRPROF.dll
(0000000074ae0000 - 0000000074ae7000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074af0000 - 0000000074af9000: C:\WINDOWS\System32\BatMeter.dll
(0000000074b00000 - 0000000074b20000: C:\WINDOWS\System32\stobject.dll
(0000000074b30000 - 0000000074b71000: C:\WINDOWS\System32\webcheck.dll
(0000000074b80000 - 0000000074c02000: C:\WINDOWS\System32\printui.dll
(0000000075970000 - 0000000075a62000: C:\WINDOWS\System32\MSGINA.dll
(0000000075a70000 - 0000000075b15000: C:\WINDOWS\system32\USERENV.dll
(0000000075cf0000 - 0000000075e81000: C:\WINDOWS\system32\NETSHELL.dll
(0000000075f40000 - 0000000075f5f000: C:\WINDOWS\system32\appHelp.dll
(0000000075f60000 - 0000000075f66000: C:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f79000: C:\WINDOWS\System32\davclnt.dll
(00000000762a0000 - 00000000762b0000: C:\WINDOWS\system32\MSASN1.dll
(00000000762c0000 - 000000007634b000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076360000 - 000000007636f000: C:\WINDOWS\System32\WINSTA.dll
(0000000076380000 - 0000000076385000: C:\WINDOWS\System32\MSIMG32.dll
(00000000763b0000 - 00000000763f5000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661b000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076620000 - 000000007666e000: C:\WINDOWS\System32\cscui.dll
(0000000076670000 - 0000000076757000: C:\WINDOWS\System32\SETUPAPI.dll
(0000000076980000 - 0000000076987000: C:\WINDOWS\System32\LINKINFO.dll
(0000000076990000 - 00000000769b4000: C:\WINDOWS\System32\ntshrui.dll
(0000000076b20000 - 0000000076b35000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6c000: C:\WINDOWS\System32\WINMM.dll
(0000000076c00000 - 0000000076c2d000: C:\WINDOWS\system32\credui.dll
(0000000076d60000 - 0000000076d76000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: C:\WINDOWS\System32\adsldpc.dll
(0000000076e40000 - 0000000076e6f000: C:\WINDOWS\System32\ACTIVEDS.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\System32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f90000 - 0000000076fa0000: C:\WINDOWS\System32\Secur32.dll
(0000000077050000 - 0000000077115000: C:\WINDOWS\System32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 00000000772d4000: C:\WINDOWS\system32\ole32.dll
(0000000077340000 - 00000000773cb000: C:\WINDOWS\system32\comctl32.dll
(00000000773d0000 - 0000000077bc9000: C:\WINDOWS\system32\SHELL32.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\System32\midimap.dll
(0000000077be0000 - 0000000077bf4000: C:\WINDOWS\System32\MSACM32.dll
(0000000077c00000 - 0000000077c07000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007c890000 - 000000007c911000: C:\WINDOWS\System32\CLBCATQ.DLL
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll

 

*----> State Dump for Thread Id 0xd00 <----*

eax=00000000 ebx=000c51f8 ecx=0006e7f4 edx=00000000 esi=000c51f8 edi=00000000
eip=7ffe0304 esp=0006fefc ebp=0006ff14 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0006fef8 77d43c53 774249e4 77e7a29b 000c51f8 *SharedUserSystemCall+0xc (FPO: [0,0,0])
0006ff14 7741aedd 00000000 0100b571 000c51f8 USER32!WaitMessage+0xc
0006ff5c 0100b6af 01000000 00000000 00020642 SHELL32!Ordinal201+0x24
0006ffc0 77e814c7 77e82441 0006fd1c 7ffdf000 explorer+0xb6af
0006fff0 00000000 0100b644 00000000 78746341 kernel32!GetCurrentDirectoryW+0x44

*----> Raw Stack Dump <----*
000000000006fefc 53 3c d4 77 e4 49 42 77 - 9b a2 e7 77 f8 51 0c 00 S<.w.IBw...w.Q..
000000000006ff0c f8 51 0c 00 5c ff 06 00 - 5c ff 06 00 dd ae 41 77 .Q..\...\.....Aw
000000000006ff1c 00 00 00 00 71 b5 00 01 - f8 51 0c 00 00 f0 fd 7f ....q....Q......
000000000006ff2c c0 ff 06 00 00 00 00 00 - 18 ff 06 00 41 60 f7 77 ............A`.w
000000000006ff3c 99 ef e7 77 ff ff ff ff - 0c 00 00 00 97 64 f7 77 ...w.........d.w
000000000006ff4c 7c ef e7 77 00 00 00 00 - 07 c0 1d 00 60 00 00 00 |..w........`...
000000000006ff5c c0 ff 06 00 af b6 00 01 - 00 00 00 01 00 00 00 00 ................
000000000006ff6c 42 06 02 00 05 00 00 00 - 41 24 e8 77 1c fd 06 00 B.......A$.w....
000000000006ff7c 44 00 00 00 94 06 02 00 - 74 06 02 00 44 06 02 00 D.......t...D...
000000000006ff8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ff9c 2e 00 00 00 00 00 00 00 - 66 f1 06 00 01 00 00 00 ........f.......
000000000006ffac 05 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006ffbc 00 00 00 00 f0 ff 06 00 - c7 14 e8 77 41 24 e8 77 ...........wA$.w
000000000006ffcc 1c fd 06 00 00 f0 fd 7f - f0 0c ec f4 c8 ff 06 00 ................
000000000006ffdc 8f c8 53 80 ff ff ff ff - 09 48 e9 77 10 12 e9 77 ..S......H.w...w
000000000006ffec 00 00 00 00 00 00 00 00 - 00 00 00 00 44 b6 00 01 ............D...
000000000006fffc 00 00 00 00 41 63 74 78 - 20 00 00 00 01 00 00 00 ....Actx .......
000000000007000c 4c 06 00 00 7c 00 00 00 - 00 00 00 00 20 00 00 00 L...|....... ...
000000000007001c 00 00 00 00 14 00 00 00 - 01 00 00 00 03 00 00 00 ................
000000000007002c 34 00 00 00 ac 00 00 00 - 01 00 00 00 00 00 00 00 4...............

*----> State Dump for Thread Id 0xd04 <----*

eax=00000000 ebx=0013a8d0 ecx=00e3fe28 edx=00000000 esi=00000100 edi=00000000
eip=7ffe0304 esp=00e3fe28 ebp=00e3ff90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202

function: <nosymbols>
7ffe02f2 0000 add [eax],al
7ffe02f4 0000 add [eax],al
7ffe02f6 0000 add [eax],al
*SharedUserSystemCall:
7ffe02f8 0000 add [eax],al
7ffe02fa 0000 add [eax],al
7ffe02fc 0000 add [eax],al
7ffe02fe 0000 add [eax],al
7ffe0300 8bd4 mov edx,esp
7ffe0302 0f34 sysenter
7ffe0304 c3 ret
7ffe0305 8bd4 mov edx,esp
7ffe0307 0f05 syscall
7ffe0309 c3 ret
7ffe030a 8ac8 mov cl,al
7ffe030c ff1570464d80 call dword ptr [804d4670]
7ffe0312 8b4510 mov eax,[ebp+0x10]
7ffe0315 33c9 xor ecx,ecx
7ffe0317 663908 cmp [eax],cx
7ffe031a 894dfc mov [ebp-0x4],ecx
7ffe031d 0f840d000000 je 7ffe0330

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\GDI32.dll -
ChildEBP RetAddr Args to Child
00e3fe24 77f762b7 780016a4 00000148 00e3ff80 *SharedUserSystemCall+0xc (FPO: [0,0,0])
00e3ff90 78001601 780019d4 0009a040 77f79005 ntdll!ZwReplyWaitReceivePortEx+0xc
000a2320 ffffffff 00000158 0000015c 00000000 RPCRT4+0x1601
00000000 00000000 00000000 00000000 00000000 0xffffffff

 

There will be several of the sections with this header: *----> Stack Back Trace <----*

Look for the word FAULT, it will be on the left side in a back trace section. Paste that entire stack back trace into a post for me.

 

I cant find what u stated in the log

i cant find what u stated if u got a mail address can i send u it as a txt file in wordpad form so u can study it if possible.i am really worried whether is it the OS or what.if u got a mail address please pm to me.i dont know what the hell is happening it was working okay my previous OS before i installed that trojan scanner.....

Downtoearth

 

pasted log u wanted

FAULT ->77416767 8b11 mov edx,[ecx] ds:0023:025d22b8=????????
77416769 ff7510 push dword ptr [ebp+0x10]
7741676c 56 push esi
7741676d 51 push ecx
7741676e ff5214 call dword ptr [edx+0x14]
77416771 8945fc mov [ebp-0x4],eax
77416774 8b45fc mov eax,[ebp-0x4]
77416777 5e pop esi
77416778 5f pop edi
77416779 5b pop ebx
7741677a c9 leave

*----> Stack Back Trace <----*

 

Ok, first off, please get current on the security patches.
you are specifically missing: MS03-027: An Unchecked Buffer in the Windows Shell Could Permit Your System to Be Compromised http://support.microsoft.com/default.aspx?scid=KB;EN-US;821557

After you do that, please report back if you are still experiencing the phenomenon, and email me your drwatson log to joehobart AT hotmail.com