Question

  • Creator
    Topic
  • #2255192

    Dr. Watson log analysis needed

    Locked

    by tom_in_nj ·

    I need to have the Dr. Watson log below analyzed. This log is from a Windows XP computer that is BSOD on boot up due to winlogon.exe. But I don’t know what the specific error is or how to fix it. The computer will boot in Safe Mode (obviously), so I can work with it once someone can give me this information. Thanks.

    Application exception occurred:
    App: \??\C:\WINDOWS\system32\winlogon.exe (pid=720)
    When: 3/27/2007 @ 22:04:42.343
    Exception number: c0000005 (access violation)

    *—-> System Information <----* Computer Name: GARAGE User Name: SYSTEM Terminal Session Id: 0 Number of Processors: 1 Processor Type: x86 Family 15 Model 2 Stepping 7 Windows Version: 5.1 Current Build: 2600 Service Pack: 2 Current Type: Uniprocessor Free Registered Organization: Registered Owner: James Lott *----> Task List <----* 0 System Process 4 System 632 smss.exe 692 csrss.exe 720 winlogon.exe 764 services.exe 776 lsass.exe 936 svchost.exe 1016 svchost.exe 1112 svchost.exe 1184 svchost.exe 1284 logonui.exe 1352 svchost.exe 1400 drwtsn32.exe 1488 ccSvcHst.exe *----> Module List <----* (0000000001000000 - 0000000001080000: \??\C:\WINDOWS\system32\winlogon.exe (0000000001350000 - 00000000013fe000: C:\WINDOWS\system32\WgaLogon.dll (000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll (0000000020000000 - 0000000020017000: C:\WINDOWS\system32\odbcint.dll (000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll (000000005b0a0000 - 000000005b0a7000: C:\WINDOWS\system32\umdmxfrm.dll (000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll (000000005cd70000 - 000000005cd77000: C:\WINDOWS\system32\serwvdrv.dll (000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\COMCTL32.dll (00000000629c0000 - 00000000629c9000: C:\WINDOWS\system32\LPK.DLL (0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll (0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll (0000000071b20000 - 0000000071b32000: C:\WINDOWS\system32\MPR.dll (0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll (00000000723d0000 - 00000000723ec000: C:\WINDOWS\system32\WINSCARD.DLL (0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV (0000000074320000 - 000000007435d000: C:\WINDOWS\system32\ODBC32.dll (0000000074980000 - 0000000074a8e000: C:\WINDOWS\SYSTEM32\msxml3.dll (0000000074d90000 - 0000000074dfb000: C:\WINDOWS\system32\USP10.dll (00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime (0000000075930000 - 000000007593a000: C:\WINDOWS\system32\PROFMAP.dll (0000000075940000 - 0000000075948000: C:\WINDOWS\system32\NDdeApi.dll (0000000075950000 - 000000007596a000: C:\WINDOWS\system32\WlNotify.dll (0000000075970000 - 0000000075a67000: C:\WINDOWS\system32\MSGINA.dll (0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\sxs.dll (0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll (0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL (00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll (0000000076600000 - 000000007661d000: C:\WINDOWS\system32\cscdll.dll (00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll (0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll (0000000076bb0000 - 0000000076bb5000: C:\WINDOWS\system32\sfc.dll (0000000076bc0000 - 0000000076bcf000: C:\WINDOWS\system32\REGAPI.dll (0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\PSAPI.DLL (0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll (0000000076c60000 - 0000000076c8a000: C:\WINDOWS\system32\sfc_os.dll (0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll (0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll (0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll (0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll (0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL (0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll (0000000077120000 - 00000000771ac000: C:\WINDOWS\system32\OLEAUT32.dll (00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll (0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL (00000000776c0000 - 00000000776d1000: C:\WINDOWS\system32\AUTHZ.dll (00000000776e0000 - 0000000077703000: C:\WINDOWS\system32\SHSVCS.dll (0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll (0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll (0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll (0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll (0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll (0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll (0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll (0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll (0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll (0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll (0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll (0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll (0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll (000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll (000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll (000000007c9c0000 - 000000007d1d5000: C:\WINDOWS\system32\SHELL32.dll *----> State Dump for Thread Id 0x554 <----* eax=74985730 ebx=00000000 ecx=01485110 edx=01484fd4 esi=01485110 edi=01103a98 eip=0098bfd8 esp=0117ec88 ebp=0117ec90 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 function:
    No prior disassembly possible
    0098bfd8 ?? ???
    0098bfda ?? ???
    0098bfdc ?? ???
    0098bfde ?? ???
    0098bfe0 ?? ???
    0098bfe2 ?? ???
    0098bfe4 ?? ???
    0098bfe6 ?? ???
    0098bfe8 ?? ???
    FAULT ->*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\SYSTEM32\msxml3.dll –
    0098bfd8 ?? ???
    Error 0x00000001
    0098bfda ?? ???
    0098bfdc ?? ???
    0098bfde ?? ???
    0098bfe0 ?? ???
    0098bfe2 ?? ???
    0098bfe4 ?? ???
    0098bfe6 ?? ???
    0098bfe8 ?? ???
    0098bfea ?? ???
    0098bfec ?? ???

    *—-> Stack Back Trace <----* WARNING: Stack unwind information not available. Following frames may be wrong. *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WgaLogon.dll - *** ERROR: Module load completed but symbols could not be loaded for \??\C:\WINDOWS\system32\winlogon.exe *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - ChildEBP RetAddr Args to Child 0117ec84 7498c04e 00000010 0117eca4 7498c061 0x98bfd8 0117ec90 7498c061 00000010 00000000 01484fd0 msxml3+0xc04e 0117eca4 7498c07b 00000010 00000000 01484fd0 msxml3+0xc061 0117ecc0 7498c131 00000001 00e27710 01103a38 msxml3+0xc07b 0117ed00 7498cb0c 00e27710 00e27710 00000000 msxml3+0xc131 0117ed34 749ca4a0 0117f740 0117edb0 00000003 msxml3+0xcb0c 0117ed5c 7498cdb9 0117f740 0117edb0 00000000 msxml3+0x4a4a0 0117ed74 7752d110 749a1fa0 00000000 0117f740 msxml3+0xcdb9 0117edfc 7752cddf 77607150 00000000 0117f3b8 ole32!CreateGenericComposite+0x2c05 0117ee3c 7752d02e 0117f3b8 00000000 0117f904 ole32!CreateGenericComposite+0x28d4 0117ee90 7752cfa5 77607154 00000000 0117f3b8 ole32!CreateGenericComposite+0x2b23 0117eeb0 7752ddf4 77607154 00000001 00000000 ole32!CreateGenericComposite+0x2a9a 0117eed0 7752ddab 7760714c 0117f214 00000000 ole32!CoGetTreatAsClass+0xbe7 0117ef08 7752d08f 7760714c 0117f214 00000000 ole32!CoGetTreatAsClass+0xb9e 0117ef30 7752cddf 7760714c 00000000 0117f3b8 ole32!CreateGenericComposite+0x2b84 0117ef70 7752cd7a 0117f3b8 00000000 0117f904 ole32!CreateGenericComposite+0x28d4 0117f1c0 7752cddf 77607114 00000000 0117f3b8 ole32!CreateGenericComposite+0x286f 0117f200 7752cc24 0117f3b8 00000000 0117f904 ole32!CreateGenericComposite+0x28d4 0117f9b0 774ffaba 0117fa54 00000000 00000001 ole32!CreateGenericComposite+0x2719 0117f9d8 774ffa89 0117fa54 00000000 00000001 ole32!CoCreateInstanceEx+0x4f 0117f9fc 774ffaf7 0117fa54 00000000 00000001 ole32!CoCreateInstanceEx+0x1e 0117fa2c 01369e25 0117fa54 00000000 00000001 ole32!CoCreateInstance+0x34 0117fa68 013689c9 0117fccc 0117fcc4 0117fcd4 WgaLogon+0x19e25 0117fa80 01369abf 013591b8 00000000 00bf3728 WgaLogon+0x189c9 0117fa98 0135b77b 80000002 01359118 013591b8 WgaLogon+0x19abf 0117fef0 0135c68d 00e0cfd0 0007ca48 00000000 WgaLogon+0xb77b 0117ff30 0135aa41 00000002 0117ff74 00e0cfd0 WgaLogon+0xc68d 0117ff5c 01039216 0117ff74 00010246 0006fb78 WgaLogon!WLEventStartup+0x29 0117ffb4 7c80b683 00e0cfd0 00010246 0006fb78 winlogon+0x39216 0117ffec 00000000 01039156 00e0cfd0 00000000 kernel32!GetModuleFileNameA+0x1b4 *----> Raw Stack Dump <----* 000000000117ec88 4e c0 98 74 10 00 00 00 - a4 ec 17 01 61 c0 98 74 N..t........a..t 000000000117ec98 10 00 00 00 00 00 00 00 - d0 4f 48 01 c0 ec 17 01 .........OH..... 000000000117eca8 7b c0 98 74 10 00 00 00 - 00 00 00 00 d0 4f 48 01 {..t.........OH. 000000000117ecb8 03 b4 98 74 38 3a 10 01 - 00 ed 17 01 31 c1 98 74 ...t8:......1..t 000000000117ecc8 01 00 00 00 10 77 e2 00 - 38 3a 10 01 22 cd 98 74 .....w..8:.."..t 000000000117ecd8 10 77 e2 00 10 77 e2 00 - 00 00 00 00 38 3a 10 01 .w...w......8:.. 000000000117ece8 d8 ec 17 01 ac e8 17 01 - 24 ed 17 01 77 90 9a 74 ........$...w..t 000000000117ecf8 30 cd 98 74 ff ff ff ff - 34 ed 17 01 0c cb 98 74 0..t....4......t 000000000117ed08 10 77 e2 00 10 77 e2 00 - 00 00 00 00 00 00 00 00 .w...w.......... 000000000117ed18 00 00 00 00 08 ed 17 01 - ac e8 17 01 e4 fe 17 01 ................ 000000000117ed28 77 90 9a 74 60 cb 98 74 - ff ff ff ff 5c ed 17 01 w..t`..t....\... 000000000117ed38 a0 a4 9c 74 40 f7 17 01 - b0 ed 17 01 03 00 00 00 ...t@........... 000000000117ed48 10 77 e2 00 00 00 00 00 - 10 77 e2 00 01 00 00 00 .w.......w...... 000000000117ed58 00 00 00 00 74 ed 17 01 - b9 cd 98 74 40 f7 17 01 ....t......t@... 000000000117ed68 b0 ed 17 01 00 00 00 00 - 00 00 00 00 fc ed 17 01 ................ 000000000117ed78 10 d1 52 77 a0 1f 9a 74 - 00 00 00 00 40 f7 17 01 ..Rw...t....@... 000000000117ed88 b0 ed 17 01 00 00 00 00 - b8 f3 17 01 04 f9 17 01 ................ 000000000117ed98 00 00 00 00 04 f9 17 01 - 40 f7 17 01 00 00 00 00 ........@....... 000000000117eda8 6c 84 e0 00 00 00 00 00 - 00 00 00 00 01 00 00 00 l............... 000000000117edb8 01 00 00 00 14 f2 17 01 - a0 1f 9a 74 6c 84 e0 00 ...........tl...

All Answers

Viewing 2 reply threads