DUMP DATA Debuglog Help?

Hello,

As has been suggested to other users, I ran my system through the debug wizard... and now I need help reading it.

My system is prone to randomly closing programs without warnings. I reloaded my OS and only installed the latest versions of IE and my service packs, but I'm still having problems, mostly when I try to run plug-in content in the browser. Dr. Watson and the Event Viewer keep pointing to various dll's in 1000-1001 errors, but Google hasn't been able to help me find the right info to correct any of this.

I'm currently running Win2k Server, but I've got my hands on a copy of WinXP Prof. Should I give up and just install the new OS? Is there a chance this programs will linger, regardless?

My eternally grateful thanks in advance:

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\All Users\Documents\DrWatson\user.dmp]
User Dump File: Only application data is available

Windows 2000 Version 2195 UP Free x86 compatible
Product: Server
Debug session time: Sun Mar 13 23:52:25.328 2005 (GMT-5)
System Uptime: 0 days 1:02:39.171
Process Uptime: not available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINNT;C:\WINNT\system32;C:\WINNT\system32\drivers
.............................................................................
(490.364): Access violation - code c0000005 (!!! second chance !!!)
eax=000000ff ebx=046ca5c0 ecx=0a63e7b4 edx=00000000 esi=00000000 edi=046ca75c
eip=100299c0 esp=0a63e7a8 ebp=0a63e99c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Flash.ocx -
Flash+0x299c0:
100299c0 6689853afeffff mov [ebp-0x1c6],ax ss:0023:0a63e7d6=00ff
0:024> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************

FAULTING_IP:
Flash+299c0
100299c0 6689853afeffff mov [ebp-0x1c6],ax

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 100299c0 (Flash+0x000299c0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0a622239
Attempt to read from address 0a622239

FAULTING_THREAD: 00000364

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: IEXPLORE.EXE

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

READ_ADDRESS: 0a622239

BUGCHECK_STR: ACCESS_VIOLATION

THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 10029d43 to 100299c0

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0a63e99c 10029d43 0a63e9b4 000001ae 0a63ea2c Flash+0x299c0
0a63e9c8 100698c8 01010057 05801cb0 0a63eaa4 Flash+0x29d43
0a63ea00 1006c113 01010057 0a63ea3c 00000226 Flash!DllUnregisterServer+0xd502
0a63ea50 1005db68 0a63eaa4 05801cf8 00000001 Flash!DllUnregisterServer+0xfd4d
0a63eaf0 1005d876 0000000f 00000000 00000000 Flash!DllUnregisterServer+0x17a2
0a63eb14 10060436 00010330 0000000f 00000000 Flash!DllUnregisterServer+0x14b0
0a63eb5c 77e13eb0 05801cf8 0000000f 00000000 Flash!DllUnregisterServer+0x4070
0a63eb7c 77e1591b 05801d00 00010330 0000000f USER32!UserCallWinProc+0x18
0a63eb98 77e1595d 004979e0 0000000f 00000000 USER32!DispatchClientMessage+0x4b
0a63ebc0 77f9fb83 0a63ebd0 00000018 004979e0 USER32!__fnDWORD+0x22
0a63ebe4 77e1671b 00010330 00000050 10069662 ntdll!KiUserCallbackDispatcher+0x13
0a63ebf0 10069662 00010330 046ca008 046cac88 USER32!UpdateWindow+0x2f
0a63ec28 10044799 00000001 0a63ecc0 00000000 Flash!DllUnregisterServer+0xd29c
0a63ec48 10043b29 00000001 046ca008 000000c0 Flash+0x44799
0a63ecd8 10068738 000000c0 000000b3 00000000 Flash+0x43b29
0a63ed00 1006bda5 00000200 00000001 00b300c0 Flash!DllUnregisterServer+0xc372
0a63ed44 10060436 00010330 00000200 00000001 Flash!DllUnregisterServer+0xf9df
0a63ed8c 77e13eb0 05801cf8 00000200 00000001 Flash!DllUnregisterServer+0x4070
0a63edac 77e1401a 05801d00 00010330 00000200 USER32!UserCallWinProc+0x18
0a63ee38 77e13f0f 0a63ee74 00000000 76e2468f USER32!DispatchMessageWorker+0x2d0
0a63ee44 76e2468f 0a63ee74 00000000 02a33008 USER32!DispatchMessageW+0xb
0a63ee5c 76e32d09 0a63ee74 0a63ffa4 00106c10 BROWSEUI!TimedDispatchMessage+0x35
0a63eea8 76e32af4 00070248 0a63ffa4 00106c10 BROWSEUI!BrowserThreadProc+0x240
0a63ef30 76e2c550 00106c10 00000000 00000000 BROWSEUI!BrowserProtectedThreadProc+0xa1
0a63ffac 76ca7bb4 00106c10 77e92ca8 00106c10 BROWSEUI!SHOpenFolderWindow+0x209
0a63ffb4 77e92ca8 00106c10 00000000 00000000 shdocvw!SHOpenFolderWindow+0x29
0a63ffec 00000000 76ca7b8b 00106c10 00000000 KERNEL32!BaseThreadStart+0x52


FOLLOWUP_IP:
Flash+299c0
100299c0 6689853afeffff mov [ebp-0x1c6],ax

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Flash+299c0

MODULE_NAME: Flash

IMAGE_NAME: Flash.ocx

DEBUG_FLR_IMAGE_TIMESTAMP: 3fd4f4d4

STACK_COMMAND: ~24s ; kb

FAILURE_BUCKET_ID: ACCESS_VIOLATION_Flash+299c0

BUCKET_ID: ACCESS_VIOLATION_Flash+299c0

Followup: MachineOwner
---------

eax=000000ff ebx=046ca5c0 ecx=0a63e7b4 edx=00000000 esi=00000000 edi=046ca75c
eip=100299c0 esp=0a63e7a8 ebp=0a63e99c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
Flash+0x299c0:
100299c0 6689853afeffff mov [ebp-0x1c6],ax ss:0023:0a63e7d6=00ff
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0a63e99c 10029d43 0a63e9b4 000001ae 0a63ea2c Flash+0x299c0
0a63e9c8 100698c8 01010057 05801cb0 0a63eaa4 Flash+0x29d43
0a63ea00 1006c113 01010057 0a63ea3c 00000226 Flash!DllUnregisterServer+0xd502
0a63ea50 1005db68 0a63eaa4 05801cf8 00000001 Flash!DllUnregisterServer+0xfd4d
0a63eaf0 1005d876 0000000f 00000000 00000000 Flash!DllUnregisterServer+0x17a2
0a63eb14 10060436 00010330 0000000f 00000000 Flash!DllUnregisterServer+0x14b0
0a63eb5c 77e13eb0 05801cf8 0000000f 00000000 Flash!DllUnregisterServer+0x4070
0a63eb7c 77e1591b 05801d00 00010330 0000000f USER32!UserCallWinProc+0x18
0a63eb98 77e1595d 004979e0 0000000f 00000000 USER32!DispatchClientMessage+0x4b (FPO: [Non-Fpo])
0a63ebc0 77f9fb83 0a63ebd0 00000018 004979e0 USER32!__fnDWORD+0x22 (FPO: [Non-Fpo])
0a63ebe4 77e1671b 00010330 00000050 10069662 ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0])
0a63ebf0 10069662 00010330 046ca008 046cac88 USER32!UpdateWindow+0x2f (FPO: [1,0,0])
0a63ec28 10044799 00000001 0a63ecc0 00000000 Flash!DllUnregisterServer+0xd29c
0a63ec48 10043b29 00000001 046ca008 000000c0 Flash+0x44799
0a63ecd8 10068738 000000c0 000000b3 00000000 Flash+0x43b29
0a63ed00 1006bda5 00000200 00000001 00b300c0 Flash!DllUnregisterServer+0xc372
0a63ed44 10060436 00010330 00000200 00000001 Flash!DllUnregisterServer+0xf9df
0a63ed8c 77e13eb0 05801cf8 00000200 00000001 Flash!DllUnregisterServer+0x4070
0a63edac 77e1401a 05801d00 00010330 00000200 USER32!UserCallWinProc+0x18
0a63ee38 77e13f0f 0a63ee74 00000000 76e2468f USER32!DispatchMessageWorker+0x2d0 (FPO: [Non-Fpo])
start end module name
00400000 00412000 IEXPLORE IEXPLORE.EXE Sat Sep 25 07:15:52 1999 (37ECAEE8)
10000000 101a7000 Flash Flash.ocx Mon Dec 08 17:01:56 2003 (3FD4F4D4)
4a000000 4a02c000 pdm pdm.dll Sun Feb 28 04:32:15 1999 (36D90D1F)
4aa00000 4aa15000 msdbg msdbg.dll Sun Feb 28 04:31:25 1999 (36D90CED)
69000000 6900e000 SwSupport SwSupport.dll Thu Sep 09 03:09:07 2004 (41400193)
69190000 6919e000 pngfilt pngfilt.dll Tue Nov 30 04:34:02 1999 (38439A0A)
6b3d0000 6b40c000 mshtmled mshtmled.dll Tue Nov 30 04:33:30 1999 (384399EA)
6e490000 6e49a000 imgutil imgutil.dll Tue Nov 30 04:32:46 1999 (384399BE)
6e800000 6e81a000 iepeers iepeers.dll Tue Nov 30 04:32:42 1999 (384399BA)
72200000 7220b000 dispex dispex.dll Tue Nov 30 04:31:57 1999 (3843998D)
727f0000 727f9000 ddrawex ddrawex.dll Tue Nov 30 04:31:53 1999 (38439989)
72800000 72846000 DDRAW DDRAW.dll Tue Nov 30 04:31:52 1999 (38439988)
728a0000 728a6000 DCIMAN32 DCIMAN32.dll Tue Nov 30 04:31:52 1999 (38439988)
74fd0000 74fe1000 msafd msafd.dll Tue Nov 30 04:31:09 1999 (3843995D)
75010000 75017000 wshtcpip wshtcpip.dll Tue Nov 30 04:31:09 1999 (3843995D)
75020000 75028000 WS2HELP WS2HELP.DLL Tue Nov 30 04:31:09 1999 (3843995D)
75030000 75044000 WS2_32 WS2_32.DLL Tue Nov 30 04:31:09 1999 (3843995D)
75050000 75058000 wsock32 wsock32.dll Tue Nov 30 04:31:09 1999 (3843995D)
75090000 750a0000 MPR MPR.DLL Tue Nov 30 04:31:09 1999 (3843995D)
75150000 7515f000 SAMLIB SAMLIB.DLL Tue Nov 30 04:31:08 1999 (3843995C)
75160000 7516c000 ntlanman ntlanman.dll Tue Nov 30 04:31:08 1999 (3843995C)
75170000 751bf000 netapi32 netapi32.dll Sat Dec 04 21:28:08 1999 (3849CDB8)
751c0000 751c6000 NETRAP NETRAP.DLL Tue Nov 30 04:31:07 1999 (3843995B)
751d0000 75208000 NETUI1 NETUI1.DLL Tue Nov 30 04:31:07 1999 (3843995B)
75210000 75225000 NETUI0 NETUI0.DLL Tue Nov 30 04:31:07 1999 (3843995B)
75230000 75245000 actxprxy actxprxy.dll Tue Nov 30 04:31:06 1999 (3843995A)
759b0000 759b6000 LZ32 LZ32.DLL Tue Nov 30 04:30:58 1999 (38439952)
75a30000 75a9b000 vbscript vbscript.dll Tue Nov 30 04:30:57 1999 (38439951)
75aa0000 75aa8000 SHFOLDER SHFOLDER.DLL Tue Nov 30 04:30:57 1999 (38439951)
75ab0000 75ab5000 sensapi sensapi.dll Tue Nov 30 04:30:57 1999 (38439951)
75ac0000 75ae8000 MSLS31 MSLS31.DLL Tue Nov 30 04:30:57 1999 (38439951)
75af0000 75d33000 mshtml mshtml.dll Tue Nov 30 04:30:55 1999 (3843994F)
75d40000 75d46000 msadp32 msadp32.acm Tue Nov 30 04:30:55 1999 (3843994F)
75d50000 75dd2000 mlang mlang.dll Tue Nov 30 04:30:54 1999 (3843994E)
75de0000 75e57000 jscript jscript.dll Tue Nov 30 04:30:54 1999 (3843994E)
75e60000 75e7a000 IMM32 IMM32.DLL Tue Nov 30 04:30:54 1999 (3843994E)
76710000 76719000 LINKINFO LINKINFO.DLL Wed Dec 01 02:37:36 1999 (3844D040)
76b30000 76b6e000 comdlg32 comdlg32.dll Wed Dec 01 02:37:33 1999 (3844D03D)
76b70000 76b84000 HLINK HLINK.DLL Wed Dec 01 02:37:33 1999 (3844D03D)
76b90000 76bfe000 URLMON URLMON.DLL Wed Dec 01 02:37:33 1999 (3844D03D)
76c00000 76c74000 WININET WININET.dll Wed Dec 01 02:37:32 1999 (3844D03C)
76c80000 76d90000 shdocvw shdocvw.dll Wed Dec 01 02:37:32 1999 (3844D03C)
76d90000 76de3000 shdoclc shdoclc.dll Wed Dec 01 02:37:32 1999 (3844D03C)
76df0000 76e01000 mydocs mydocs.dll Wed Dec 01 02:37:32 1999 (3844D03C)
76e10000 76ed8000 BROWSEUI BROWSEUI.dll Wed Dec 01 02:37:31 1999 (3844D03B)
76ee0000 76eeb000 browselc browselc.dll Wed Dec 01 02:37:31 1999 (3844D03B)
76fa0000 76faf000 ntshrui ntshrui.dll Wed Dec 01 02:37:31 1999 (3844D03B)
773e0000 773f2000 ATL ATL.DLL Wed Dec 01 02:37:29 1999 (3844D039)
77400000 77408000 msacm32 msacm32.drv Wed Dec 01 02:37:29 1999 (3844D039)
77410000 77423000 MSACM32_77410000 MSACM32.dll Wed Dec 01 02:37:29 1999 (3844D039)
774c0000 774d1000 RASMAN RASMAN.DLL Wed Dec 01 02:37:29 1999 (3844D039)
774e0000 77512000 RASAPI32 RASAPI32.DLL Wed Dec 01 02:37:29 1999 (3844D039)
77530000 77552000 TAPI32 TAPI32.DLL Wed Dec 01 02:37:28 1999 (3844D038)
77560000 77569000 wdmaud wdmaud.drv Wed Dec 01 02:37:28 1999 (3844D038)
77570000 775a0000 WINMM WINMM.DLL Wed Dec 01 02:37:28 1999 (3844D038)
775a0000 777e0000 SHELL32 SHELL32.DLL Wed Dec 01 02:37:27 1999 (3844D037)
777e0000 777e8000 winrnr winrnr.dll Wed Dec 01 02:37:27 1999 (3844D037)
777f0000 777f5000 rasadhlp rasadhlp.dll Wed Dec 01 02:37:27 1999 (3844D037)
77820000 77827000 VERSION VERSION.DLL Wed Dec 01 02:37:27 1999 (3844D037)
77830000 7783e000 RTUTILS RTUTILS.DLL Wed Dec 01 02:37:27 1999 (3844D037)
77840000 7784c000 rnr20 rnr20.dll Wed Dec 01 02:37:27 1999 (3844D037)
77950000 77979000 WLDAP32 WLDAP32.DLL Wed Dec 01 02:37:27 1999 (3844D037)
77980000 779a4000 DNSAPI DNSAPI.DLL Wed Dec 01 02:37:27 1999 (3844D037)
779b0000 77a45000 OLEAUT32 OLEAUT32.DLL Wed Dec 01 02:37:26 1999 (3844D036)
77a50000 77b45000 ole32 ole32.dll Wed Dec 01 02:37:25 1999 (3844D035)
77b50000 77bda000 COMCTL32 COMCTL32.DLL Wed Dec 01 02:37:25 1999 (3844D035)
77be0000 77bef000 SECUR32 SECUR32.DLL Wed Dec 01 02:37:25 1999 (3844D035)
77c10000 77c6d000 USERENV USERENV.DLL Wed Dec 01 02:37:25 1999 (3844D035)
77c70000 77cba000 SHLWAPI SHLWAPI.dll Wed Dec 01 02:37:25 1999 (3844D035)
77cc0000 77d40000 CLBCATQ CLBCATQ.DLL Wed Dec 01 02:37:24 1999 (3844D034)
77d40000 77daf000 RPCRT4 RPCRT4.DLL Thu Dec 02 18:29:06 1999 (384700C2)
77db0000 77e0a000 ADVAPI32 ADVAPI32.DLL Wed Dec 01 02:37:24 1999 (3844D034)
77e10000 77e75000 USER32 USER32.dll Wed Dec 01 02:37:24 1999 (3844D034)
77e80000 77f36000 KERNEL32 KERNEL32.dll Wed Dec 01 02:37:24 1999 (3844D034)
77f40000 77f7c000 GDI32 GDI32.DLL Fri Nov 12 03:44:52 1999 (382BD384)
77f80000 77ff9000 ntdll ntdll.dll Wed Oct 27 16:06:08 1999 (38175B30)
78000000 78046000 MSVCRT MSVCRT.DLL Wed Sep 29 21:51:35 1999 (37F2C227)
Closing open log file c:\debuglog.txt

 

dude, you are running RTM code?!?!?!!! You are literally 5 years out of date on this software!

First thing is to go to windows update and keep running and installing updates until it quits offering you things. Specifically you need to get SP4 and IE6SP1 installed. THIS MUST HAPPEN SOON. YOU ARE NAKEDLY EXPOSED TO SECURITY HOLES THAT ARE EXTREMELY PREVELANT THAT CAN INFECT YOU WITHOUT ANY ACTION BESIDES BEING TURNED ON. DANGER DANGER DANGER.

If this machine is connected to the internet in any way, which i know it is from this dump you are probably infected up to your eyeballs with viruses. I see people hitting my firewall every night on my cable modem trying to infect me with this stuff. After you get current you need to scan with online virus scanners and spyware scanners.

Once you are current, collect a new dump and we can start troubleshooting.

I have copied this post to an email to you

 

Having problems cleaning out my machine, as suggested- and now Dr. Watson seems to be having its own errors.

Should I just upgrade to XP Professional, or is there a possibility these problems could carry over, with a full reformat?

 

IF all the issues Joe found were malware related then a format & install of either 2K again or XP should fix you up assuming you get protected properly and in time.

These days you pretty well have to be protected to some extent before you ever connect to the internet to do the updates though. Otherwise you will get blaster, sasser, or both within a minute or so of being exposed and unprotected.

If there are any hardware problems causing your crashing then the format & reinstall won't stop the crashing but it will certainly give you a cleaner platform to try and debug the cause.

XP with SP2 will protect you for a little while - at least long enough to get updates and some AV software loaded.

2K with SP4 AND the available blaster/sasser hotfixes will do the same.

In both cases, you need all the software on local media so you can put it on before heading out into the world though.

 

That is the dillemma... Do you know if it's possible to download all this prior to installation and tuck it away on disk? The Windows Updater just scans for the current system, and seems to install everything right away.

 

Should I just upgrade to XP Professional, or is there a possibility these problems could carry over, with a full reformat?

With XP, you could enable the firewall before connecting to the internet, which will protect you while you download updates. If you have a hardware NAT/Firewall, make sure your machine isnt in the DMZ, and that would work equally well

 

Thanks to everyone for their help- I've decided to install XP Pro and see if the bugs carry over (indicating a hardware problem). I didn't dally and installed all updates ASAP, so I hope I'm clean.

The new thread is
http://windowsbbs.com/showthread.php?p=231478#post231478

 

OS no longer exists so closing this thread.