3 different errors: ntdll.dll (explorer.exe), drwtsn32.exe, STOP: 0x0000007F

Posted on 2005-07-31
Medium Priority
Last Modified: 2011-08-18

since yesterday, I get a lot of errors and I don't know why... Here's my config:

Intel 3.00Ghz
Windows XP Pro SP2
Radeon 9550 256mB
2x512mb 400mhz kingston RAM
Dvd-RW DL BenQ

And here are my problems:
1st problem: Appname: Explorer.EXE  has an error when I try to open more than one explorer window at a time (or sometimes only when its the first..)AppVer: 6.0.2900.2180 modname: ntdll.dll Modver: 5.1.2600.2800 offset: 00018fea

2nd problem: This one usually happens after Explorer.exe problem...
                    Event type: BEX
                   P1:drwtsn32.exe     P2: 5.1.2600.0      P3: 3b7d84a2      P4: dbghelp.dll  
         P5: 5.1.2600.2180     P6:412532dc     P7: 0001295d       P8: c0000409     P9: 00000000

3rd problem: When I use P2P programs such as Warez P2P and Kazaa Lite, after a little time onliune (like 5 minutes), my computer restarts automatically. I turned off the automatic restart function and get a blue error screen showing this:

If it is the first time you see this error... etc
Change graphics card blablabla etc

STOP: 0x0000007F (0x00000000, 0x00000000, 0x00000000, 0x00000000)

and I have to restart my computer.

I would really appreciate your help, I've been searching for a solution for like 10 hours!!
Question by:flopizzz
  • 11
  • 8
  • 2
LVL 20

Expert Comment

ID: 14566320
Do you install Zone Alarm at your windows?

Author Comment

ID: 14566325
no, i'm using norton internet security and norton antivirus
LVL 20

Expert Comment

ID: 14566334
If you do not install the most current version of Zone Alarm, attach Doctor Watson log and minidumps at any webspace.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

When Windows crashes with blue screen, it writes a system event 1001 and a minidump to the folder \windows\minidump. Check system event 1001 and it has the content of the blue screen

Event ID: 1001
Source: Save Dump
The computer has rebooted from a bugcheck.The bugcheck was : 0xc000000a (0xe1270188, 0x00000002, 0x00000000, 0x804032100).
Microsoft Windows..... A dump was saved in: .......

Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001. Copy the content and paste it back here

Zip 5 to 6 minidumps and attach the zip files at any webspace. I will study the dump and find out the culprit.
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!


Author Comment

ID: 14566427
The computer has rebooted from a bugcheck.The bugcheck was : 0x0000007f (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

I cant find a webspace to attach the minidump file.

And yes there is only one minidump file because I reinstalled windows and it only happened once since I tried this.

Author Comment

ID: 14566436
and the drwatson log file is 44 MB so i dont think I'll find a place to put it :S

Author Comment

ID: 14566459
i took out the important information of the drwatson log file (just took from yesterday 00:02 until now) so its now only 801Kb... but i still dont know a place to attach it in a webspace.
LVL 88

Expert Comment

ID: 14566492
Look at www.geocities.com, you can create a free mail account (for yahoo messenger etc.), you also get 5MB webspace.
LVL 20

Expert Comment

ID: 14585379
It crashes at IPVNMon.sys. Refer the following url

This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
kb will then show the corrected stack.
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

Unable to load image IPVNMon.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for IPVNMon.sys
*** ERROR: Module load completed but symbols could not be loaded for IPVNMon.sys

LAST_CONTROL_TRANSFER:  from 851ac9e0 to f763adc4

TRAP_FRAME:  80555f74 -- (.trap ffffffff80555f74)
ErrCode = 00000000
eax=0000000f ebx=00000000 ecx=00000000 edx=00000000 esi=851ac9e0 edi=00000000
eip=f763adc4 esp=80555fe8 ebp=80556010 iopl=0         nv up ei pl zr na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
f763adc4 ??               ???
Resetting default scope

WARNING: Stack unwind information not available. Following frames may be wrong.
80555fe4 851ac9e0 00000000 f7639913 7639aa00 IPVNMon+0x13dc4
80556010 f762d350 36721b33 00002c99 00fa0927 0x851ac9e0
80556080 f76284cd 84fe6ae0 8607fa88 851aa650 IPVNMon+0x6350
805561e8 a2eeb5f8 a2f28698 00000000 85b23bd0 IPVNMon+0x14cd
80556234 a2eef247 02021c00 a2ee73dd 00000000 tcpip!SendACK+0x2d8
80556254 a2eef560 00000002 00000002 00000000 tcpip!ProcessPerCpuTCBDelayQ+0xc6
805562d0 a2ee73ec a2f2fae0 00000000 805563fc tcpip!TCBTimeout+0xba7
805562e0 804e2b4e a2f2faf0 a2f2fae0 02b78aea tcpip!TCBTimeoutdpc+0xf
805563fc 804e207d 80560f00 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b
80556428 804dcd22 80561300 00000000 00100095 nt!KiTimerExpiration+0xb1
80556440 80560ca0 ffdffc50 00000000 80560ca0 nt!KiRetireDpcList+0x61
80556450 804dcc07 00000000 0000000e 00000000 nt!KiIdleThread0

f763adc4 ??               ???

FOLLOWUP_NAME:  MachineOwner
STACK_COMMAND:  .trap ffffffff80555f74 ; kb
FAILURE_BUCKET_ID:  0x7f_0_IPVNMon+13dc4
BUCKET_ID:  0x7f_0_IPVNMon+13dc4

Author Comment

ID: 14594270
thank you so much! i hope this will solve my problem! I feel so lame... these codes are like chinese to me !!! anyways, do you think you know something about what's causing the 2 other bugs  (explorer.exe and drwatson) or do they all come from the same source?

LVL 20

Expert Comment

ID: 14595725
From your DrWatson log, I find several access violation and the culprit is iMesh.exe


*** WARNING: Unable to verify checksum for C:\Program Files\iMesh\iMesh5\iMesh.exe
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\iMesh\iMesh5\iMesh.exe -
fonction : iMesh
        30007861 30c7             xor     bh,al
        30007863 40               inc     eax
        30007864 0494             add     al,0x94
        30007866 2f               das
        30007867 26308bf0eb0233   xor     es:[ebx+0x3302ebf0],cl
        3000786e f63b             idiv    byte ptr [ebx]
        30007870 f37425           rep     jz iMesh+0x7898 (30007898)
        30007873 895e10           mov     [esi+0x10],ebx
        30007876 895e0c           mov     [esi+0xc],ebx
        30007879 e8f79dffff       call    iMesh+0x1675 (30001675)
FAUTE ->3000787e 8b10             mov     edx,[eax]         ds:0023:00000000=????????
        30007880 8bc8             mov     ecx,eax
        30007882 ff5204           call    dword ptr [edx+0x4]
        30007885 8b10             mov     edx,[eax]
        30007887 56               push    esi
        30007888 6a02             push    0x2
        3000788a 6a07             push    0x7
        3000788c 8bc8             mov     ecx,eax
        3000788e ff520c           call    dword ptr [edx+0xc]
        30007891 8b06             mov     eax,[esi]
        30007893 8bce             mov     ecx,esi

ChildEBP RetAddr  Args to Child              
0012fa48 73d21eb6 00367870 00367870 001536b0 iMesh+0x787e
0012fac0 73d21b9b 00000002 00000000 302628c0 MFC42!Ordinal5163+0x2f4
0012fae0 73d21b05 00000002 00000000 00000000 MFC42!Ordinal6374+0x24
0012fb40 73d21a58 00367870 00000000 00000002 MFC42!Ordinal1109+0x91
0012fb60 73db847d 00060c72 00000002 00000000 MFC42!Ordinal1578+0x36
0012fb8c 77d18709 00060c72 00000002 00000000 MFC42!Ordinal1579+0x39
0012fbb8 77d187eb 73db8444 00060c72 00000002 USER32!GetDC+0x72
0012fc20 77d1b368 00000000 73db8444 00060c72 USER32!GetDC+0x154
0012fc74 77d1b3b4 0068c758 00000002 00000000 USER32!DefWindowProcW+0x183
0012fc9c 7c91eae3 0012fcac 00000018 0068c758 USER32!DefWindowProcW+0x1cf
0012fd1c 73d2f33e 00153638 00367870 31000000 ntdll!KiUserCallbackDispatcher+0x13
0012fd90 30004ca3 302df828 302df828 ffffffff MFC42!Ordinal2168+0x27
0012ff00 73d2cf74 00320035 0015233a 00000000 iMesh+0x4ca3
0012ffc0 7c816d4f 00320035 00320032 7ffd7000 MFC42!Ordinal1576+0x49
0012fff0 00000000 30187b3c 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49
LVL 20

Expert Comment

ID: 14595731
One of your minidump is inaccessible and it is the symptom of hardware error. Can you attach more minidump here? I want to confirm whether it is really hardware error at your PC.

Author Comment

ID: 14602479
Mmmmh... I would like to but as I said before, I tried to repair these errors by backing up all system files of windows from the cd (well... autorun, then press repair :S) and all other miidump files were deleted. For this problem if the cause is iMesh, well no problem I'll uninstall it, I don't care. For the hardware, I'm a bit skeptic cuz I just  bought this computer last september so it's not old! For the moment I would just like to fix the bug in Explorer cuz it's really annoying when I can't get in my folders.  Is there an error log report on anything I could send you that could help in solving this problem?
LVL 20

Expert Comment

ID: 14612888
DrWatson log and hijackthis log are the most useful debugging information of your explorer problem
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Author Comment

ID: 14628732
Ok so i tried to upload both of the files, but it was impossible for the log :S cuz it is 48MB big
You can use this one I sent before, but it is not complete.

And the other file:

and as I read other threads and tried to find out by myself, I found out that this is something that could maybe be useful to you:

Logfile of HijackThis v1.99.1
Scan saved at 19:25:23, on 2005-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mathieu Charbonneau\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC24370B-A8FD-DAA5-0B44-1147F24FFDB3} - C:\DOCUME~1\MATHIE~1\APPLIC~1\CashFast\Openproxy.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [iMeshBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [surffork] C:\DOCUME~1\MATHIE~1\APPLIC~1\DEBUGM~1\Idle Itch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03653d77204b16498103/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122830962234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - Unknown owner - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks again

Author Comment

ID: 14628759
oh and I just uninstalled iMesh and still get explorer.exe  bugs from ntdll.dll
LVL 20

Expert Comment

ID: 14651268
The analyze report of your hijackthis report url
You have to get rid of the following unknown process
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200

BTW do you delete  IPVNMon?

C:\Program Files\Folder Guard Pro XP\FGuard32.dll

Author Comment

ID: 14687896
Ok so I deleted all those and I still get the error. For IPVNMON, I really don't know what you are talking about so I'd say I didn't delete it. It seems to me that nothing will solve my problem and that I'll have to format my HD... :(. I'll explain once more what errors I get and in what circumstances and if you can do nothing, well you already helped me a lot so you'll have the points and I'll format.

Here's the problem:

EXACTLY 1 time on 2, when I open a folder, I get the Explorer.exe bug. Even if there's no other explorer window open, I get it. It gets really annoying cuz I can't move files from a folder to another, nor can I use my computer like I used to.

Appname: Explorer.exe
AppVer: 6.0.2900.2180
modname: ntdll.dll
Modver: 5.1.2600.2800
offset: 00018fea

After about 5 time I get the Explorer problem (this one varies... sometimes 6, 10, 3, 7, etc) I get the Dr Watson error. This bug makes all clicking impossible and I can't use my keyboard anymore (so there's nothing I can do). I have to turn off my computer, then open it back.

Event type: BEX
P1:drwtsn32.exe       P2: 5.1.2600.0   P3: 3b7d84a2       P4: dbghelp.dll  
P5: 5.1.2600.2180     P6:412532dc     P7: 0001295d       P8: c0000409     P9: 00000000

I would really appreciate if anyone could help because I really don't want to format my HD.
Thank you.
LVL 88

Expert Comment

ID: 14688375
Run a new hijackthis and post the URL to the analyzed log here.
LVL 20

Accepted Solution

cpc2004 earned 1200 total points
ID: 14688410
Refer to comment on 3rd Aug, one of the minidump is inaccessible. and this is symptom of hardware error. Probably it is the faulty RAM.  Reseat the memory to another memory slot. If it does not work, downclock the RAM. Take out a memory stick if you have two memory sticks. If it does not crash, the removed memory stick is faulty.

Author Comment

ID: 14688599
Ok I did so, took off one of my 2 memory sticks, it worked well. Then I closed the CPU, put the other one instead and restarted my cpu. Nothin but the fan that started and then stopped really quickly. So I put back the other one (only the one that worked well) and restarted the computer to see if I still got the errors. I thought it would be ok because I took out the one that didn't work. What surprise then when I see again this explorer bug, followed by drwatson when I opened the second explorer window. That makes me angry! I bought this computer 11 months ago and have a warantee of 1 year so i'll send it back and let them see if there's something they can do about it (and they'll probably replace the memory stick.... well I hope).

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
In a question here at Experts Exchange, a member was looking for "a little app that would allow sound to be turned OFF and ON by simply clicking on an icon in the system tray". This article shows how to achieve that, as well as providing the same OF…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question