Link to home
Start Free TrialLog in
Avatar of flopizzz
flopizzz

asked on

3 different errors: ntdll.dll (explorer.exe), drwtsn32.exe, STOP: 0x0000007F

Hi,

since yesterday, I get a lot of errors and I don't know why... Here's my config:

Intel 3.00Ghz
Windows XP Pro SP2
Radeon 9550 256mB
2x512mb 400mhz kingston RAM
Dvd-RW DL BenQ

And here are my problems:
1st problem: Appname: Explorer.EXE  has an error when I try to open more than one explorer window at a time (or sometimes only when its the first..)AppVer: 6.0.2900.2180 modname: ntdll.dll Modver: 5.1.2600.2800 offset: 00018fea

2nd problem: This one usually happens after Explorer.exe problem...
                    drwtsn32.exe
                    Event type: BEX
                   P1:drwtsn32.exe     P2: 5.1.2600.0      P3: 3b7d84a2      P4: dbghelp.dll  
         P5: 5.1.2600.2180     P6:412532dc     P7: 0001295d       P8: c0000409     P9: 00000000

3rd problem: When I use P2P programs such as Warez P2P and Kazaa Lite, after a little time onliune (like 5 minutes), my computer restarts automatically. I turned off the automatic restart function and get a blue error screen showing this:

If it is the first time you see this error... etc
Change graphics card blablabla etc

STOP: 0x0000007F (0x00000000, 0x00000000, 0x00000000, 0x00000000)

and I have to restart my computer.

I would really appreciate your help, I've been searching for a solution for like 10 hours!!
Thanks
Avatar of cpc2004
cpc2004
Flag of Hong Kong image

Do you install Zone Alarm at your windows?
Avatar of flopizzz
flopizzz

ASKER

no, i'm using norton internet security and norton antivirus
If you do not install the most current version of Zone Alarm, attach Doctor Watson log and minidumps at any webspace.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

When Windows crashes with blue screen, it writes a system event 1001 and a minidump to the folder \windows\minidump. Check system event 1001 and it has the content of the blue screen

Event ID: 1001
Source: Save Dump
Description:
The computer has rebooted from a bugcheck.The bugcheck was : 0xc000000a (0xe1270188, 0x00000002, 0x00000000, 0x804032100).
Microsoft Windows..... A dump was saved in: .......

Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001. Copy the content and paste it back here

Zip 5 to 6 minidumps and attach the zip files at any webspace. I will study the dump and find out the culprit.
The computer has rebooted from a bugcheck.The bugcheck was : 0x0000007f (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

I cant find a webspace to attach the minidump file.

And yes there is only one minidump file because I reinstalled windows and it only happened once since I tried this.
and the drwatson log file is 44 MB so i dont think I'll find a place to put it :S
i took out the important information of the drwatson log file (just took from yesterday 00:02 until now) so its now only 801Kb... but i still dont know a place to attach it in a webspace.
Avatar of rindi
Look at www.geocities.com, you can create a free mail account (for yahoo messenger etc.), you also get 5MB webspace.
It crashes at IPVNMon.sys. Refer the following url
http://oca.microsoft.com/en/Response.aspx?SID=896

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000000, EXCEPTION_DIVIDED_BY_ZERO
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

Unable to load image IPVNMon.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for IPVNMon.sys
*** ERROR: Module load completed but symbols could not be loaded for IPVNMon.sys

BUGCHECK_STR:  0x7f_0
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO
LAST_CONTROL_TRANSFER:  from 851ac9e0 to f763adc4

TRAP_FRAME:  80555f74 -- (.trap ffffffff80555f74)
ErrCode = 00000000
eax=0000000f ebx=00000000 ecx=00000000 edx=00000000 esi=851ac9e0 edi=00000000
eip=f763adc4 esp=80555fe8 ebp=80556010 iopl=0         nv up ei pl zr na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
IPVNMon+0x13dc4:
f763adc4 ??               ???
Resetting default scope

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
80555fe4 851ac9e0 00000000 f7639913 7639aa00 IPVNMon+0x13dc4
80556010 f762d350 36721b33 00002c99 00fa0927 0x851ac9e0
80556080 f76284cd 84fe6ae0 8607fa88 851aa650 IPVNMon+0x6350
805561e8 a2eeb5f8 a2f28698 00000000 85b23bd0 IPVNMon+0x14cd
80556234 a2eef247 02021c00 a2ee73dd 00000000 tcpip!SendACK+0x2d8
80556254 a2eef560 00000002 00000002 00000000 tcpip!ProcessPerCpuTCBDelayQ+0xc6
805562d0 a2ee73ec a2f2fae0 00000000 805563fc tcpip!TCBTimeout+0xba7
805562e0 804e2b4e a2f2faf0 a2f2fae0 02b78aea tcpip!TCBTimeoutdpc+0xf
805563fc 804e207d 80560f00 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b
80556428 804dcd22 80561300 00000000 00100095 nt!KiTimerExpiration+0xb1
80556440 80560ca0 ffdffc50 00000000 80560ca0 nt!KiRetireDpcList+0x61
80556450 804dcc07 00000000 0000000e 00000000 nt!KiIdleThread0

FOLLOWUP_IP:
IPVNMon+13dc4
f763adc4 ??               ???

SYMBOL_STACK_INDEX:  0
FOLLOWUP_NAME:  MachineOwner
SYMBOL_NAME:  IPVNMon+13dc4
MODULE_NAME:  IPVNMon
IMAGE_NAME:  IPVNMon.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  3cc182ab
STACK_COMMAND:  .trap ffffffff80555f74 ; kb
FAILURE_BUCKET_ID:  0x7f_0_IPVNMon+13dc4
BUCKET_ID:  0x7f_0_IPVNMon+13dc4
thank you so much! i hope this will solve my problem! I feel so lame... these codes are like chinese to me !!! anyways, do you think you know something about what's causing the 2 other bugs  (explorer.exe and drwatson) or do they all come from the same source?

Thanks
From your DrWatson log, I find several access violation and the culprit is iMesh.exe

http://www.kayodeok.btinternet.co.uk/favorites/kbwinxpthirdparty.htm

*** WARNING: Unable to verify checksum for C:\Program Files\iMesh\iMesh5\iMesh.exe
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\iMesh\iMesh5\iMesh.exe -
fonction : iMesh
        30007861 30c7             xor     bh,al
        30007863 40               inc     eax
        30007864 0494             add     al,0x94
        30007866 2f               das
        30007867 26308bf0eb0233   xor     es:[ebx+0x3302ebf0],cl
        3000786e f63b             idiv    byte ptr [ebx]
        30007870 f37425           rep     jz iMesh+0x7898 (30007898)
        30007873 895e10           mov     [esi+0x10],ebx
        30007876 895e0c           mov     [esi+0xc],ebx
        30007879 e8f79dffff       call    iMesh+0x1675 (30001675)
FAUTE ->3000787e 8b10             mov     edx,[eax]         ds:0023:00000000=????????
        30007880 8bc8             mov     ecx,eax
        30007882 ff5204           call    dword ptr [edx+0x4]
        30007885 8b10             mov     edx,[eax]
        30007887 56               push    esi
        30007888 6a02             push    0x2
        3000788a 6a07             push    0x7
        3000788c 8bc8             mov     ecx,eax
        3000788e ff520c           call    dword ptr [edx+0xc]
        30007891 8b06             mov     eax,[esi]
        30007893 8bce             mov     ecx,esi

ChildEBP RetAddr  Args to Child              
0012fa48 73d21eb6 00367870 00367870 001536b0 iMesh+0x787e
0012fac0 73d21b9b 00000002 00000000 302628c0 MFC42!Ordinal5163+0x2f4
0012fae0 73d21b05 00000002 00000000 00000000 MFC42!Ordinal6374+0x24
0012fb40 73d21a58 00367870 00000000 00000002 MFC42!Ordinal1109+0x91
0012fb60 73db847d 00060c72 00000002 00000000 MFC42!Ordinal1578+0x36
0012fb8c 77d18709 00060c72 00000002 00000000 MFC42!Ordinal1579+0x39
0012fbb8 77d187eb 73db8444 00060c72 00000002 USER32!GetDC+0x72
0012fc20 77d1b368 00000000 73db8444 00060c72 USER32!GetDC+0x154
0012fc74 77d1b3b4 0068c758 00000002 00000000 USER32!DefWindowProcW+0x183
0012fc9c 7c91eae3 0012fcac 00000018 0068c758 USER32!DefWindowProcW+0x1cf
0012fd1c 73d2f33e 00153638 00367870 31000000 ntdll!KiUserCallbackDispatcher+0x13
0012fd90 30004ca3 302df828 302df828 ffffffff MFC42!Ordinal2168+0x27
0012ff00 73d2cf74 00320035 0015233a 00000000 iMesh+0x4ca3
0012ffc0 7c816d4f 00320035 00320032 7ffd7000 MFC42!Ordinal1576+0x49
0012fff0 00000000 30187b3c 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49
One of your minidump is inaccessible and it is the symptom of hardware error. Can you attach more minidump here? I want to confirm whether it is really hardware error at your PC.
Mmmmh... I would like to but as I said before, I tried to repair these errors by backing up all system files of windows from the cd (well... autorun, then press repair :S) and all other miidump files were deleted. For this problem if the cause is iMesh, well no problem I'll uninstall it, I don't care. For the hardware, I'm a bit skeptic cuz I just  bought this computer last september so it's not old! For the moment I would just like to fix the bug in Explorer cuz it's really annoying when I can't get in my folders.  Is there an error log report on anything I could send you that could help in solving this problem?
DrWatson log and hijackthis log are the most useful debugging information of your explorer problem
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
Ok so i tried to upload both of the files, but it was impossible for the log :S cuz it is 48MB big
You can use this one I sent before, but it is not complete.
http://test497.741.com/moki/drwatsonedited.txt

And the other file:
http://test497.741.com/user.dmp

and as I read other threads and tried to find out by myself, I found out that this is something that could maybe be useful to you:

Logfile of HijackThis v1.99.1
Scan saved at 19:25:23, on 2005-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Mathieu Charbonneau\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC24370B-A8FD-DAA5-0B44-1147F24FFDB3} - C:\DOCUME~1\MATHIE~1\APPLIC~1\CashFast\Openproxy.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [iMeshBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [surffork] C:\DOCUME~1\MATHIE~1\APPLIC~1\DEBUGM~1\Idle Itch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03653d77204b16498103/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122830962234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - Unknown owner - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe


thanks again
oh and I just uninstalled iMesh and still get explorer.exe  bugs from ntdll.dll
The analyze report of your hijackthis report url
http://www.hijackthis.de/logfiles/4c417bd90e8cb6ba1e57c99ae935a234.html
You have to get rid of the following unknown process
c:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\srxTitan.exe  
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\WINDOWS\pxwma.dll
C:\DOCUME~1\MATHIE~1\APPLIC~1\CashFast\Openproxy.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
C:\DOCUME~1\MATHIE~1\APPLIC~1\DEBUGM~1\Idle Itch.exe
C:\PROGRA~1\COPERN~1\COPERN~1.EXE

BTW do you delete  IPVNMon?

C:\Program Files\Folder Guard Pro XP\FGuard32.dll
C:\WINDOWS\system32\srxTitan.exe
Ok so I deleted all those and I still get the error. For IPVNMON, I really don't know what you are talking about so I'd say I didn't delete it. It seems to me that nothing will solve my problem and that I'll have to format my HD... :(. I'll explain once more what errors I get and in what circumstances and if you can do nothing, well you already helped me a lot so you'll have the points and I'll format.

Here's the problem:

EXACTLY 1 time on 2, when I open a folder, I get the Explorer.exe bug. Even if there's no other explorer window open, I get it. It gets really annoying cuz I can't move files from a folder to another, nor can I use my computer like I used to.

Appname: Explorer.exe
AppVer: 6.0.2900.2180
modname: ntdll.dll
Modver: 5.1.2600.2800
offset: 00018fea


After about 5 time I get the Explorer problem (this one varies... sometimes 6, 10, 3, 7, etc) I get the Dr Watson error. This bug makes all clicking impossible and I can't use my keyboard anymore (so there's nothing I can do). I have to turn off my computer, then open it back.

drwtsn32.exe
Event type: BEX
P1:drwtsn32.exe       P2: 5.1.2600.0   P3: 3b7d84a2       P4: dbghelp.dll  
P5: 5.1.2600.2180     P6:412532dc     P7: 0001295d       P8: c0000409     P9: 00000000



I would really appreciate if anyone could help because I really don't want to format my HD.
Thank you.
Run a new hijackthis and post the URL to the analyzed log here.
ASKER CERTIFIED SOLUTION
Avatar of cpc2004
cpc2004
Flag of Hong Kong image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok I did so, took off one of my 2 memory sticks, it worked well. Then I closed the CPU, put the other one instead and restarted my cpu. Nothin but the fan that started and then stopped really quickly. So I put back the other one (only the one that worked well) and restarted the computer to see if I still got the errors. I thought it would be ok because I took out the one that didn't work. What surprise then when I see again this explorer bug, followed by drwatson when I opened the second explorer window. That makes me angry! I bought this computer 11 months ago and have a warantee of 1 year so i'll send it back and let them see if there's something they can do about it (and they'll probably replace the memory stick.... well I hope).