# [SOLVED] ntdll.dll Issues



## DT Roberts

Everyone needs help at some point :laugh:

I have been experiencing random crashes from Firefox and WMP, but mostly Firefox blaming *ntdll.dll[/d] as the cause. It can't possibly be my antivirus getting in the way; I'm using Microsoft Security Essentials and I've been getting the crashes long before even having any antivirus installed. The exception thrown is 0xc0000005, full event here:


Code:


Faulting application name: wmplayer.exe, version: 12.0.7600.16415, time stamp: 0x4a98b600
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b802
Exception code: 0xc0000005
Fault offset: 0x000000000004cf54
Faulting process id: 0x2cc
Faulting application start time: 0x01cb433f9638f960
Faulting application path: C:\Program Files\Windows Media Player\wmplayer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d6d36500-af32-11df-9797-005056c00008

Does anyone else have an idea? I've been stumped for months.

Thanks.

Devin*


----------



## usasma

*Re: ntdll.dll Issues*

Try to capture a dump: http://www.sevenforums.com/crash-lockup-debug-how/34940-generating-memory-dump-crashing-process.html

Maybe uninstall all codecs and then reinstall?


----------



## DT Roberts

*Re: ntdll.dll Issues*

Thanks John.

Where exactly does the dump file go? I can't seem to find it, even with a search. I did however find many other dumps that I didn't even know were getting created. I've attached them below. They seem to point to *xul.dll*, so I'm working on that now.

I've also noticed that the crashes occur much more when *JavaScript* is enabled, but it does still happen occasionally when it's not.


----------



## usasma

*Re: ntdll.dll Issues*

I haven't tried this myself, but it should be:
- in the folder that the process runs from (wmplayer.exe)
- in the folder that the adplus.vbs runs from

I'm willing to bet that the dumps that you posted are from the process that creates dump files from crashing processes (?DrWatson?) It sure shows the crash in ntdll.dll!

To fix xul.dll errors (and a host of other issues), completely remove Firefox (to include removing the user profile data) - and ensure that xul.dll isn't loading/trying to load at startup (use Autoruns)
http://kb.mozillazine.org/Uninstalling_firefox

Do you have Chrome installed also? If so, there's issues with nspr4.dll that may be a concern/conflict. Try removing Chrome also.

Also, if Firefox is your default browser, try switching the default back to Internet Explorer temporarily. If this stops the issues in wmplayer.exe, then you'll be able to attribute the errors entirely to Firefox.

Did you try SFC.EXE /SCANNOW ? That'll rule out issues with the ntdll.dll file.

The top part of this report was cutoff when running it through the debugging scripts, so I've included my results here. It hints at 3 components of the browser (nspr4.dll, xul.dll, and mozcrt19.dll):


Code:


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\0a275656-3080-4203-aca1-2c241dd02b3d.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Sun Sep 12 16:01:20.000 2010 (UTC - 4:00)
System Uptime: not available
Process Uptime: 0 days 0:00:05.000
................................................................
..........................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(644.8b0): Unknown exception - code c000070a (first/second chance not available)
ntdll!ZwWaitForSingleObject+0x15:
7790f861 83c404          add     esp,4
0:012> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck;.logclose;q
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify timestamp for nspr4.dll
*** ERROR: Module load completed but symbols could not be loaded for nspr4.dll
*** WARNING: Unable to verify timestamp for xul.dll
*** ERROR: Module load completed but symbols could not be loaded for xul.dll
*** WARNING: Unable to verify timestamp for mozcrt19.dll
*** ERROR: Module load completed but symbols could not be loaded for mozcrt19.dll

FAULTING_IP: 
+556cfe0
02899938 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 7798c405 (ntdll!TppWaiterpThread+0x00000632)
   ExceptionCode: c000070a
  ExceptionFlags: 00000000
NumberParameters: 5
   Parameter[0]: c0000008
   Parameter[1]: 0ba1ccdc
   Parameter[2]: 02899938
   Parameter[3]: 02838228
   Parameter[4]: 6b13729c

DEFAULT_BUCKET_ID:  APPLICATION_FAULT

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc000070a - Status 0x%08x was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p.

EXCEPTION_CODE: (NTSTATUS) 0xc000070a - Status 0x%08x was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p.

EXCEPTION_PARAMETER1:  c0000008

EXCEPTION_PARAMETER2:  0ba1ccdc

EXCEPTION_PARAMETER3:  02899938

EXCEPTION_PARAMETER4: 2838228

HANDLE: 0ba1ccdc (!handle 0ba1ccdc)

THREADPOOL_WAITER: !tp wait 2899938
!tp wait 2899938

Unable to read ${$ntdllsym}!_TPP_CLEANUP_GROUP_MEMBER at 0x02899938: 3

MOD_LIST: <ANALYSIS/>

FAULTING_THREAD:  000008b0

PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT

BUGCHECK_STR:  APPLICATION_FAULT_APPLICATION_FAULT

LAST_CONTROL_TRANSFER:  from 770a3677 to 7798c405

STACK_TEXT:  
0563fe98 770a3677 7796826b 0563fee4 77929d42 ntdll!TppWaiterpThread+0x632
0563fea4 77929d42 02838228 72b5d779 00000000 kernel32!BaseThreadInitThunk+0xe
0563fee4 77929d15 77951c66 02838228 00000000 ntdll!__RtlUserThreadStart+0x70
0563fefc 00000000 77951c66 02838228 00000000 ntdll!_RtlUserThreadStart+0x1b


FOLLOWUP_IP: 
ntdll!TppWaiterpThread+632
7798c405 ff75e4          push    dword ptr [ebp-1Ch]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntdll!TppWaiterpThread+632

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntdll

IMAGE_NAME:  ntdll.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4ba9b29c

STACK_COMMAND:  ~12s; .ecxr ; kb

FAILURE_BUCKET_ID:  APPLICATION_FAULT_c000070a_ntdll.dll!TppWaiterpThread

BUCKET_ID:  APPLICATION_FAULT_APPLICATION_FAULT_ntdll!TppWaiterpThread+632

WATSON_IBUCKET:  2006572847

WATSON_IBUCKETTABLE:  1

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/firefox_exe/2_0_0_3882/4c6c52e3/ntdll_dll/6_1_7600_16559/4ba9b29c/c000070a/0009c405.htm?Retriage=1

Followup: MachineOwner
---------

eax=00000000 ebx=00000000 ecx=7796826b edx=00000000 esi=000000ec edi=00000000
eip=7790f861 esp=0563f730 ebp=0563f79c iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!ZwWaitForSingleObject+0x15:
7790f861 83c404          add     esp,4
ChildEBP RetAddr  Args to Child              
0563f730 76ce0816 000000ec 00000000 00000000 ntdll!ZwWaitForSingleObject+0x15 (FPO: [3,0,0])
0563f79c 770a1184 000000ec ffffffff 00000000 KERNELBASE!WaitForSingleObjectEx+0x98 (FPO: [Non-Fpo])
0563f7b4 770a1138 000000ec ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75 (FPO: [Non-Fpo])
0563f7c8 6aee07ec 000000ec ffffffff 0563f8e8 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
0563f804 770c9d57 0563f8e8 06fa2157 77962280 xul+0x5207ec
0563f88c 77962261 0563f8e8 00000000 0563f8e8 kernel32!UnhandledExceptionFilter+0x127 (FPO: [Non-Fpo])
0563f8a4 779cfad4 0563f8e8 00000000 00000000 ntdll!TppExceptionFilter+0x60 (FPO: [Non-Fpo])
0563f8b8 7798c4e8 0563f8e8 779605c4 00000000 ntdll!TppWaiterpOuterExceptionFilter+0x11 (FPO: [Non-Fpo])
0563f8c0 779605c4 00000000 0563fe98 7791d978 ntdll!TppWaiterpThread+0x717 (FPO: [SEH])
0563f8d4 77960469 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12 (FPO: [Uses EBP] [0,0,4])
0563f8fc 77948799 fffffffe 0563fe88 0563fa38 ntdll!_except_handler4+0x8e (FPO: [Non-Fpo])
0563f920 7794876b 0563f9e8 0563fe88 0563fa38 ntdll!ExecuteHandler2+0x26
0563f9d0 7790010f 0063f9e8 0563fa38 0563f9e8 ntdll!ExecuteHandler+0x24
0563f9d0 7798c405 0063f9e8 0563fa38 0563f9e8 ntdll!KiUserExceptionDispatcher+0xf (FPO: [2,0,0]) (CONTEXT @ 0563fa38)
0563fe98 770a3677 7796826b 0563fee4 77929d42 ntdll!TppWaiterpThread+0x632 (FPO: [Non-Fpo])
0563fea4 77929d42 02838228 72b5d779 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
0563fee4 77929d15 77951c66 02838228 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
0563fefc 00000000 77951c66 02838228 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])
start    end        module name
00190000 00270000   firefox  firefox.exe  Wed Aug 18 17:38:43 2010 (4C6C52E3)
6a390000 6a962000   NPSWF32  NPSWF32.dll  Wed Jul 28 03:12:39 2010 (4C4FD867)
6a970000 6a9b1000   freebl3  freebl3.dll  Wed Aug 18 16:04:00 2010 (4C6C3CB0)
6a9c0000 6b7c4000   xul      xul.dll      Wed Aug 18 17:35:12 2010 (4C6C5210)
6cb30000 6cb42000   pnrpnsp  pnrpnsp.dll  Mon Jul 13 21:10:14 2009 (4A5BDAF6)
6cb50000 6cb60000   NapiNSP  NapiNSP.dll  Mon Jul 13 21:07:57 2009 (4A5BDA6D)
6cb60000 6cbb0000   nssckbi  nssckbi.dll  Wed Aug 18 16:05:09 2010 (4C6C3CF5)
6cbb0000 6cbc8000   nssdbm3  nssdbm3.dll  Wed Aug 18 16:04:07 2010 (4C6C3CB7)
6cbd0000 6cc82000   dui70    dui70.dll    Mon Jul 13 21:06:13 2009 (4A5BDA05)
6cc90000 6cdff000   explorerframe explorerframe.dll Mon Jul 13 21:07:33 2009 (4A5BDA55)
6ce00000 6d664000   GrooveIntlResource GrooveIntlResource.dll Wed Mar 24 23:53:07 2010 (4BAADE23)
6d670000 6da7b000   GROOVEEX GROOVEEX.DLL Thu Mar 25 13:20:38 2010 (4BAB9B66)
6da80000 6de8f000   OFFICE   OFFICE.ODF   Sat Jan 30 04:36:47 2010 (4B63FDAF)
6fc80000 6fc88000   winrnr   winrnr.dll   Mon Jul 13 21:11:32 2009 (4A5BDB44)
6fc90000 6fca0000   nlaapi   nlaapi.dll   Mon Jul 13 21:08:12 2009 (4A5BDA7C)
6fca0000 6fcc5000   mdnsNSP  mdnsNSP.dll  Tue May 18 19:30:55 2010 (4BF3232F)
6fcd0000 6fcf6000   softokn3 softokn3.dll Wed Aug 18 16:04:04 2010 (4C6C3CB4)
6fd00000 6fd2f000   duser    duser.dll    Mon Jul 13 21:06:14 2009 (4A5BDA06)
6fd30000 6fda9000   mscms    mscms.dll    Mon Jul 13 21:07:51 2009 (4A5BDA67)
6fdb0000 6fe1f000   ntshrui  ntshrui.dll  Mon Jul 13 21:10:03 2009 (4A5BDAEB)
6fe20000 6fe26000   rasadhlp rasadhlp.dll Mon Jul 13 21:09:42 2009 (4A5BDAD6)
6fe30000 6fe3c000   feclient feclient.dll Mon Jul 13 21:05:46 2009 (4A5BD9EA)
6fe40000 6fe49000   linkinfo linkinfo.dll Mon Jul 13 21:06:20 2009 (4A5BDA0C)
6fe50000 6fe88000   icm32    icm32.dll    Mon Jul 13 21:06:02 2009 (4A5BD9FA)
6fe90000 6fec1000   EhStorShell EhStorShell.dll Mon Jul 13 21:05:39 2009 (4A5BD9E3)
6fed0000 6feda000   slc      slc.dll      Mon Jul 13 21:10:37 2009 (4A5BDB0D)
6fee0000 6ff0b000   ATL90    ATL90.dll    Sat Jul 11 22:38:06 2009 (4A594C8E)
6ff10000 7000b000   WindowsCodecs WindowsCodecs.dll Mon Jul 13 21:11:22 2009 (4A5BDB3A)
70010000 7002d000   t2embed  t2embed.dll  Mon Oct 19 10:07:41 2009 (4ADC72AD)
70030000 70051000   browsercomps browsercomps.dll Wed Aug 18 17:38:37 2010 (4C6C52DD)
70060000 70155000   propsys  propsys.dll  Mon Jul 13 21:09:31 2009 (4A5BDACB)
70160000 7024b000   dbghelp  dbghelp.dll  Mon Jul 13 21:04:50 2009 (4A5BD9B2)
70250000 702ff000   mozcpp19 mozcpp19.dll Wed Aug 18 15:27:51 2010 (4C6C3437)
70300000 70321000   ssl3     ssl3.dll     Wed Aug 18 16:04:55 2010 (4C6C3CE7)
70330000 703cd000   nss3     nss3.dll     Wed Aug 18 16:04:46 2010 (4C6C3CDE)
703d0000 70480000   mozcrt19 mozcrt19.dll Wed Aug 18 15:27:42 2010 (4C6C342E)
708b0000 708bb000   cscapi   cscapi.dll   Mon Jul 13 19:14:25 2009 (4A5BBFD1)
708c0000 708c7000   xpcom    xpcom.dll    Wed Aug 18 17:36:24 2010 (4C6C5258)
708d0000 708d5000   msimg32  msimg32.dll  Mon Jul 13 21:08:48 2009 (4A5BDAA0)
708e0000 708e6000   mozalloc mozalloc.dll Wed Aug 18 16:26:46 2010 (4C6C4206)
71bb0000 71be1000   nspr4    nspr4.dll    Wed Aug 18 15:29:33 2010 (4C6C349D)
71bf0000 71c04000   nssutil3 nssutil3.dll Wed Aug 18 16:03:52 2010 (4C6C3CA8)
71c10000 71cc5000   mozsqlite3 mozsqlite3.dll Wed Aug 18 16:32:06 2010 (4C6C4346)
71d80000 71e0e000   msvcp90  msvcp90.dll  Fri May 22 20:31:01 2009 (4A1743C5)
71e10000 71eb3000   msvcr90  msvcr90.dll  Fri May 22 20:30:57 2009 (4A1743C1)
71ff0000 72041000   winspool winspool.drv Mon Jul 13 21:11:39 2009 (4A5BDB4B)
72050000 72082000   winmm    winmm.dll    Mon Jul 13 21:11:30 2009 (4A5BDB42)
72820000 72827000   plc4     plc4.dll     Wed Aug 18 15:29:37 2010 (4C6C34A1)
72860000 72898000   FWPUCLNT FWPUCLNT.DLL Mon Jul 13 21:06:15 2009 (4A5BDA07)
72a20000 72a6b000   apphelp  apphelp.dll  Mon Jul 13 21:04:54 2009 (4A5BD9B6)
72a70000 72a77000   plds4    plds4.dll    Wed Aug 18 15:29:34 2010 (4C6C349E)
72a80000 72a98000   smime3   smime3.dll   Wed Aug 18 16:05:01 2010 (4C6C3CED)
72cb0000 72d30000   uxtheme  uxtheme.dll  Mon Jul 13 21:11:24 2009 (4A5BDB3C)
72d30000 72ece000   comctl32 comctl32.dll Mon Jul 13 21:03:50 2009 (4A5BD976)
73250000 73294000   dnsapi   dnsapi.dll   Mon Jul 13 21:05:29 2009 (4A5BD9D9)
732a0000 732a6000   wship6   wship6.dll   Mon Jul 13 21:11:50 2009 (4A5BDB56)
732c0000 732fb000   rsaenh   rsaenh.dll   Mon Jul 13 21:09:52 2009 (4A5BDAE0)
73300000 73316000   cryptsp  cryptsp.dll  Mon Jul 13 21:07:09 2009 (4A5BDA3D)
73700000 73713000   dwmapi   dwmapi.dll   Mon Jul 13 21:06:15 2009 (4A5BDA07)
73a90000 73ab5000   powrprof powrprof.dll Mon Jul 13 21:10:36 2009 (4A5BDB0C)
73ac0000 73ac5000   WSHTCPIP WSHTCPIP.DLL Mon Jul 13 21:11:54 2009 (4A5BDB5A)
73ad0000 73b0c000   mswsock  mswsock.dll  Mon Jul 13 21:08:07 2009 (4A5BDA77)
73b10000 73b29000   srvcli   srvcli.dll   Mon Jul 13 21:11:19 2009 (4A5BDB37)
73b70000 73b77000   winnsi   winnsi.dll   Mon Jul 13 21:11:31 2009 (4A5BDB43)
73b80000 73b9c000   IPHLPAPI IPHLPAPI.DLL Mon Jul 13 21:06:35 2009 (4A5BDA1B)
73ba0000 73bc1000   ntmarta  ntmarta.dll  Mon Jul 13 21:10:01 2009 (4A5BDAE9)
73be0000 73be7000   wsock32  wsock32.dll  Mon Jul 13 21:12:03 2009 (4A5BDB63)
73bf0000 73bfe000   RpcRtRemote RpcRtRemote.dll Mon Jul 13 19:43:47 2009 (4A5BC6B3)
73c00000 73c0b000   profapi  profapi.dll  Mon Jul 13 19:12:01 2009 (4A5BBF41)
73c10000 73c27000   userenv  userenv.dll  Mon Jul 13 21:11:13 2009 (4A5BDB31)
73d70000 73d79000   version  version.dll  Mon Jul 13 21:11:07 2009 (4A5BDB2B)
743b0000 74422000   dsound   dsound.dll   Mon Jul 13 21:06:05 2009 (4A5BD9FD)
75450000 7545c000   CRYPTBASE CRYPTBASE.dll Mon Jul 13 19:12:01 2009 (4A5BBF41)
75460000 754c0000   sspicli  sspicli.dll  Fri Dec 11 02:36:33 2009 (4B21F681)
754c0000 7565d000   setupapi setupapi.dll Mon Jul 13 21:10:22 2009 (4A5BDAFE)
75660000 75687000   cfgmgr32 cfgmgr32.dll Mon Jul 13 21:04:38 2009 (4A5BD9A6)
75690000 757ac000   crypt32  crypt32.dll  Mon Jul 13 21:07:05 2009 (4A5BDA39)
757b0000 7582b000   comdlg32 comdlg32.dll Mon Jul 13 21:06:45 2009 (4A5BDA25)
75830000 75865000   ws2_32   ws2_32.dll   Mon Jul 13 21:11:38 2009 (4A5BDB4A)
75870000 7587a000   lpk      lpk.dll      Mon Jul 13 21:11:23 2009 (4A5BDB3B)
75880000 758d7000   shlwapi  shlwapi.dll  Mon Jul 13 21:10:29 2009 (4A5BDB05)
758e0000 75ad9000   iertutil iertutil.dll Mon Jul 13 21:06:20 2009 (4A5BDA0C)
75ae0000 75bd0000   rpcrt4   rpcrt4.dll   Mon Jul 13 21:11:23 2009 (4A5BDB3B)
75bd0000 75bd6000   nsi      nsi.dll      Mon Jul 13 21:09:45 2009 (4A5BDAD9)
75be0000 75c40000   imm32    imm32.dll    Mon Jul 13 21:11:21 2009 (4A5BDB39)
75cd0000 76919000   shell32  shell32.dll  Tue Jul 27 09:57:01 2010 (4C4EE5AD)
76920000 7692c000   msasn1   msasn1.dll   Sat Aug 29 02:52:40 2009 (4A98D038)
76930000 769b3000   clbcatq  clbcatq.dll  Mon Jul 13 21:04:49 2009 (4A5BD9B1)
769c0000 769c3000   normaliz normaliz.dll Mon Jul 13 21:09:40 2009 (4A5BDAD4)
76a30000 76b8c000   ole32    ole32.dll    Mon Jul 13 21:09:27 2009 (4A5BDAC7)
76b90000 76c3c000   msvcrt   msvcrt.dll   Mon Jul 13 21:07:59 2009 (4A5BDA6F)
76c40000 76ccf000   oleaut32 oleaut32.dll Wed Apr 07 03:07:41 2010 (4BBC2F3D)
76cd0000 76d16000   KERNELBASE KERNELBASE.dll Mon Jul 13 21:14:07 2009 (4A5BDBDF)
76d20000 76e14000   wininet  wininet.dll  Wed Jun 30 02:17:57 2010 (4C2AE195)
76e20000 76e65000   Wldap32  Wldap32.dll  Mon Jul 13 21:12:02 2009 (4A5BDB62)
76e70000 76e82000   devobj   devobj.dll   Mon Jul 13 21:05:09 2009 (4A5BD9C5)
76e90000 76ea9000   sechost  sechost.dll  Mon Jul 13 21:10:28 2009 (4A5BDB04)
76eb0000 76fe5000   urlmon   urlmon.dll   Wed Jun 30 02:17:37 2010 (4C2AE181)
76ff0000 77090000   advapi32 advapi32.dll Mon Jul 13 21:03:58 2009 (4A5BD97E)
77090000 77190000   kernel32 kernel32.dll Mon Jul 13 21:14:06 2009 (4A5BDBDE)
77190000 77220000   gdi32    gdi32.dll    Mon Jul 13 21:11:20 2009 (4A5BDB38)
77280000 7734c000   msctf    msctf.dll    Mon Jul 13 21:07:53 2009 (4A5BDA69)
77350000 773ed000   usp10    usp10.dll    Mon Jul 13 21:11:14 2009 (4A5BDB32)
773f0000 774f0000   user32   user32.dll   Mon Jul 13 21:11:24 2009 (4A5BDB3C)
778c0000 778c5000   psapi    psapi.dll    Mon Jul 13 21:09:34 2009 (4A5BDACE)
778f0000 77a70000   ntdll    ntdll.dll    Wed Mar 24 02:35:08 2010 (4BA9B29C)
start    end        module name
76ff0000 77090000   advapi32 advapi32.dll Mon Jul 13 21:03:58 2009 (4A5BD97E)
72a20000 72a6b000   apphelp  apphelp.dll  Mon Jul 13 21:04:54 2009 (4A5BD9B6)
6fee0000 6ff0b000   ATL90    ATL90.dll    Sat Jul 11 22:38:06 2009 (4A594C8E)
70030000 70051000   browsercomps browsercomps.dll Wed Aug 18 17:38:37 2010 (4C6C52DD)
75660000 75687000   cfgmgr32 cfgmgr32.dll Mon Jul 13 21:04:38 2009 (4A5BD9A6)
76930000 769b3000   clbcatq  clbcatq.dll  Mon Jul 13 21:04:49 2009 (4A5BD9B1)
72d30000 72ece000   comctl32 comctl32.dll Mon Jul 13 21:03:50 2009 (4A5BD976)
757b0000 7582b000   comdlg32 comdlg32.dll Mon Jul 13 21:06:45 2009 (4A5BDA25)
75690000 757ac000   crypt32  crypt32.dll  Mon Jul 13 21:07:05 2009 (4A5BDA39)
75450000 7545c000   CRYPTBASE CRYPTBASE.dll Mon Jul 13 19:12:01 2009 (4A5BBF41)
73300000 73316000   cryptsp  cryptsp.dll  Mon Jul 13 21:07:09 2009 (4A5BDA3D)
708b0000 708bb000   cscapi   cscapi.dll   Mon Jul 13 19:14:25 2009 (4A5BBFD1)
70160000 7024b000   dbghelp  dbghelp.dll  Mon Jul 13 21:04:50 2009 (4A5BD9B2)
76e70000 76e82000   devobj   devobj.dll   Mon Jul 13 21:05:09 2009 (4A5BD9C5)
73250000 73294000   dnsapi   dnsapi.dll   Mon Jul 13 21:05:29 2009 (4A5BD9D9)
743b0000 74422000   dsound   dsound.dll   Mon Jul 13 21:06:05 2009 (4A5BD9FD)
6cbd0000 6cc82000   dui70    dui70.dll    Mon Jul 13 21:06:13 2009 (4A5BDA05)
6fd00000 6fd2f000   duser    duser.dll    Mon Jul 13 21:06:14 2009 (4A5BDA06)
73700000 73713000   dwmapi   dwmapi.dll   Mon Jul 13 21:06:15 2009 (4A5BDA07)
6fe90000 6fec1000   EhStorShell EhStorShell.dll Mon Jul 13 21:05:39 2009 (4A5BD9E3)
6cc90000 6cdff000   explorerframe explorerframe.dll Mon Jul 13 21:07:33 2009 (4A5BDA55)
6fe30000 6fe3c000   feclient feclient.dll Mon Jul 13 21:05:46 2009 (4A5BD9EA)
00190000 00270000   firefox  firefox.exe  Wed Aug 18 17:38:43 2010 (4C6C52E3)
6a970000 6a9b1000   freebl3  freebl3.dll  Wed Aug 18 16:04:00 2010 (4C6C3CB0)
72860000 72898000   FWPUCLNT FWPUCLNT.DLL Mon Jul 13 21:06:15 2009 (4A5BDA07)
77190000 77220000   gdi32    gdi32.dll    Mon Jul 13 21:11:20 2009 (4A5BDB38)
6d670000 6da7b000   GROOVEEX GROOVEEX.DLL Thu Mar 25 13:20:38 2010 (4BAB9B66)
6ce00000 6d664000   GrooveIntlResource GrooveIntlResource.dll Wed Mar 24 23:53:07 2010 (4BAADE23)
6fe50000 6fe88000   icm32    icm32.dll    Mon Jul 13 21:06:02 2009 (4A5BD9FA)
758e0000 75ad9000   iertutil iertutil.dll Mon Jul 13 21:06:20 2009 (4A5BDA0C)
75be0000 75c40000   imm32    imm32.dll    Mon Jul 13 21:11:21 2009 (4A5BDB39)
73b80000 73b9c000   IPHLPAPI IPHLPAPI.DLL Mon Jul 13 21:06:35 2009 (4A5BDA1B)
77090000 77190000   kernel32 kernel32.dll Mon Jul 13 21:14:06 2009 (4A5BDBDE)
76cd0000 76d16000   KERNELBASE KERNELBASE.dll Mon Jul 13 21:14:07 2009 (4A5BDBDF)
6fe40000 6fe49000   linkinfo linkinfo.dll Mon Jul 13 21:06:20 2009 (4A5BDA0C)
75870000 7587a000   lpk      lpk.dll      Mon Jul 13 21:11:23 2009 (4A5BDB3B)
6fca0000 6fcc5000   mdnsNSP  mdnsNSP.dll  Tue May 18 19:30:55 2010 (4BF3232F)
708e0000 708e6000   mozalloc mozalloc.dll Wed Aug 18 16:26:46 2010 (4C6C4206)
70250000 702ff000   mozcpp19 mozcpp19.dll Wed Aug 18 15:27:51 2010 (4C6C3437)
703d0000 70480000   mozcrt19 mozcrt19.dll Wed Aug 18 15:27:42 2010 (4C6C342E)
71c10000 71cc5000   mozsqlite3 mozsqlite3.dll Wed Aug 18 16:32:06 2010 (4C6C4346)
76920000 7692c000   msasn1   msasn1.dll   Sat Aug 29 02:52:40 2009 (4A98D038)
6fd30000 6fda9000   mscms    mscms.dll    Mon Jul 13 21:07:51 2009 (4A5BDA67)
77280000 7734c000   msctf    msctf.dll    Mon Jul 13 21:07:53 2009 (4A5BDA69)
708d0000 708d5000   msimg32  msimg32.dll  Mon Jul 13 21:08:48 2009 (4A5BDAA0)
71d80000 71e0e000   msvcp90  msvcp90.dll  Fri May 22 20:31:01 2009 (4A1743C5)
71e10000 71eb3000   msvcr90  msvcr90.dll  Fri May 22 20:30:57 2009 (4A1743C1)
76b90000 76c3c000   msvcrt   msvcrt.dll   Mon Jul 13 21:07:59 2009 (4A5BDA6F)
73ad0000 73b0c000   mswsock  mswsock.dll  Mon Jul 13 21:08:07 2009 (4A5BDA77)
6cb50000 6cb60000   NapiNSP  NapiNSP.dll  Mon Jul 13 21:07:57 2009 (4A5BDA6D)
6fc90000 6fca0000   nlaapi   nlaapi.dll   Mon Jul 13 21:08:12 2009 (4A5BDA7C)
769c0000 769c3000   normaliz normaliz.dll Mon Jul 13 21:09:40 2009 (4A5BDAD4)
6a390000 6a962000   NPSWF32  NPSWF32.dll  Wed Jul 28 03:12:39 2010 (4C4FD867)
75bd0000 75bd6000   nsi      nsi.dll      Mon Jul 13 21:09:45 2009 (4A5BDAD9)
71bb0000 71be1000   nspr4    nspr4.dll    Wed Aug 18 15:29:33 2010 (4C6C349D)
70330000 703cd000   nss3     nss3.dll     Wed Aug 18 16:04:46 2010 (4C6C3CDE)
6cb60000 6cbb0000   nssckbi  nssckbi.dll  Wed Aug 18 16:05:09 2010 (4C6C3CF5)
6cbb0000 6cbc8000   nssdbm3  nssdbm3.dll  Wed Aug 18 16:04:07 2010 (4C6C3CB7)
71bf0000 71c04000   nssutil3 nssutil3.dll Wed Aug 18 16:03:52 2010 (4C6C3CA8)
778f0000 77a70000   ntdll    ntdll.dll    Wed Mar 24 02:35:08 2010 (4BA9B29C)
73ba0000 73bc1000   ntmarta  ntmarta.dll  Mon Jul 13 21:10:01 2009 (4A5BDAE9)
6fdb0000 6fe1f000   ntshrui  ntshrui.dll  Mon Jul 13 21:10:03 2009 (4A5BDAEB)
6da80000 6de8f000   OFFICE   OFFICE.ODF   Sat Jan 30 04:36:47 2010 (4B63FDAF)
76a30000 76b8c000   ole32    ole32.dll    Mon Jul 13 21:09:27 2009 (4A5BDAC7)
76c40000 76ccf000   oleaut32 oleaut32.dll Wed Apr 07 03:07:41 2010 (4BBC2F3D)
72820000 72827000   plc4     plc4.dll     Wed Aug 18 15:29:37 2010 (4C6C34A1)
72a70000 72a77000   plds4    plds4.dll    Wed Aug 18 15:29:34 2010 (4C6C349E)
6cb30000 6cb42000   pnrpnsp  pnrpnsp.dll  Mon Jul 13 21:10:14 2009 (4A5BDAF6)
73a90000 73ab5000   powrprof powrprof.dll Mon Jul 13 21:10:36 2009 (4A5BDB0C)
73c00000 73c0b000   profapi  profapi.dll  Mon Jul 13 19:12:01 2009 (4A5BBF41)
70060000 70155000   propsys  propsys.dll  Mon Jul 13 21:09:31 2009 (4A5BDACB)
778c0000 778c5000   psapi    psapi.dll    Mon Jul 13 21:09:34 2009 (4A5BDACE)
6fe20000 6fe26000   rasadhlp rasadhlp.dll Mon Jul 13 21:09:42 2009 (4A5BDAD6)
75ae0000 75bd0000   rpcrt4   rpcrt4.dll   Mon Jul 13 21:11:23 2009 (4A5BDB3B)
73bf0000 73bfe000   RpcRtRemote RpcRtRemote.dll Mon Jul 13 19:43:47 2009 (4A5BC6B3)
732c0000 732fb000   rsaenh   rsaenh.dll   Mon Jul 13 21:09:52 2009 (4A5BDAE0)
76e90000 76ea9000   sechost  sechost.dll  Mon Jul 13 21:10:28 2009 (4A5BDB04)
754c0000 7565d000   setupapi setupapi.dll Mon Jul 13 21:10:22 2009 (4A5BDAFE)
75cd0000 76919000   shell32  shell32.dll  Tue Jul 27 09:57:01 2010 (4C4EE5AD)
75880000 758d7000   shlwapi  shlwapi.dll  Mon Jul 13 21:10:29 2009 (4A5BDB05)
6fed0000 6feda000   slc      slc.dll      Mon Jul 13 21:10:37 2009 (4A5BDB0D)
72a80000 72a98000   smime3   smime3.dll   Wed Aug 18 16:05:01 2010 (4C6C3CED)
6fcd0000 6fcf6000   softokn3 softokn3.dll Wed Aug 18 16:04:04 2010 (4C6C3CB4)
73b10000 73b29000   srvcli   srvcli.dll   Mon Jul 13 21:11:19 2009 (4A5BDB37)
70300000 70321000   ssl3     ssl3.dll     Wed Aug 18 16:04:55 2010 (4C6C3CE7)
75460000 754c0000   sspicli  sspicli.dll  Fri Dec 11 02:36:33 2009 (4B21F681)
70010000 7002d000   t2embed  t2embed.dll  Mon Oct 19 10:07:41 2009 (4ADC72AD)
76eb0000 76fe5000   urlmon   urlmon.dll   Wed Jun 30 02:17:37 2010 (4C2AE181)
773f0000 774f0000   user32   user32.dll   Mon Jul 13 21:11:24 2009 (4A5BDB3C)
73c10000 73c27000   userenv  userenv.dll  Mon Jul 13 21:11:13 2009 (4A5BDB31)
77350000 773ed000   usp10    usp10.dll    Mon Jul 13 21:11:14 2009 (4A5BDB32)
72cb0000 72d30000   uxtheme  uxtheme.dll  Mon Jul 13 21:11:24 2009 (4A5BDB3C)
73d70000 73d79000   version  version.dll  Mon Jul 13 21:11:07 2009 (4A5BDB2B)
6ff10000 7000b000   WindowsCodecs WindowsCodecs.dll Mon Jul 13 21:11:22 2009 (4A5BDB3A)
76d20000 76e14000   wininet  wininet.dll  Wed Jun 30 02:17:57 2010 (4C2AE195)
72050000 72082000   winmm    winmm.dll    Mon Jul 13 21:11:30 2009 (4A5BDB42)
73b70000 73b77000   winnsi   winnsi.dll   Mon Jul 13 21:11:31 2009 (4A5BDB43)
6fc80000 6fc88000   winrnr   winrnr.dll   Mon Jul 13 21:11:32 2009 (4A5BDB44)
71ff0000 72041000   winspool winspool.drv Mon Jul 13 21:11:39 2009 (4A5BDB4B)
76e20000 76e65000   Wldap32  Wldap32.dll  Mon Jul 13 21:12:02 2009 (4A5BDB62)
75830000 75865000   ws2_32   ws2_32.dll   Mon Jul 13 21:11:38 2009 (4A5BDB4A)
732a0000 732a6000   wship6   wship6.dll   Mon Jul 13 21:11:50 2009 (4A5BDB56)
73ac0000 73ac5000   WSHTCPIP WSHTCPIP.DLL Mon Jul 13 21:11:54 2009 (4A5BDB5A)
73be0000 73be7000   wsock32  wsock32.dll  Mon Jul 13 21:12:03 2009 (4A5BDB63)
708c0000 708c7000   xpcom    xpcom.dll    Wed Aug 18 17:36:24 2010 (4C6C5258)
6a9c0000 6b7c4000   xul      xul.dll      Wed Aug 18 17:35:12 2010 (4C6C5210)
                                            ^ Syntax error in '!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck;.logclose;q'
0:012> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP: 
+556f000
02899938 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 7798c405 (ntdll!TppWaiterpThread+0x00000632)
   ExceptionCode: c000070a
  ExceptionFlags: 00000000
NumberParameters: 5
   Parameter[0]: c0000008
   Parameter[1]: 0ba1ccdc
   Parameter[2]: 02899938
   Parameter[3]: 02838228
   Parameter[4]: 6b13729c

DEFAULT_BUCKET_ID:  APPLICATION_FAULT

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc000070a - Status 0x%08x was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p.

EXCEPTION_CODE: (NTSTATUS) 0xc000070a - Status 0x%08x was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p.

EXCEPTION_PARAMETER1:  c0000008

EXCEPTION_PARAMETER2:  0ba1ccdc

EXCEPTION_PARAMETER3:  02899938

EXCEPTION_PARAMETER4: 2838228

HANDLE: 0ba1ccdc (!handle 0ba1ccdc)

THREADPOOL_WAITER: !tp wait 2899938
!tp wait 2899938

Unable to read ${$ntdllsym}!_TPP_CLEANUP_GROUP_MEMBER at 0x02899938: 3

MOD_LIST: <ANALYSIS/>

FAULTING_THREAD:  000008b0

PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT

BUGCHECK_STR:  APPLICATION_FAULT_APPLICATION_FAULT

LAST_CONTROL_TRANSFER:  from 770a3677 to 7798c405

STACK_TEXT:  
0563fe98 770a3677 7796826b 0563fee4 77929d42 ntdll!TppWaiterpThread+0x632
0563fea4 77929d42 02838228 72b5d779 00000000 kernel32!BaseThreadInitThunk+0xe
0563fee4 77929d15 77951c66 02838228 00000000 ntdll!__RtlUserThreadStart+0x70
0563fefc 00000000 77951c66 02838228 00000000 ntdll!_RtlUserThreadStart+0x1b


FOLLOWUP_IP: 
ntdll!TppWaiterpThread+632
7798c405 ff75e4          push    dword ptr [ebp-1Ch]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  ntdll!TppWaiterpThread+632

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ntdll

IMAGE_NAME:  ntdll.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4ba9b29c

STACK_COMMAND:  ~12s; .ecxr ; kb

FAILURE_BUCKET_ID:  APPLICATION_FAULT_c000070a_ntdll.dll!TppWaiterpThread

BUCKET_ID:  APPLICATION_FAULT_APPLICATION_FAULT_ntdll!TppWaiterpThread+632

WATSON_IBUCKET:  2006572847

WATSON_IBUCKETTABLE:  1

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/firefox_exe/2_0_0_3882/4c6c52e3/ntdll_dll/6_1_7600_16559/4ba9b29c/c000070a/0009c405.htm?Retriage=1

Followup: MachineOwner
---------


----------



## DT Roberts

*Re: ntdll.dll Issues*

I do have both browsers installed. I'll try uninstalling them both. Thanks for helping, John.

Devin


----------



## usasma

*Re: ntdll.dll Issues*

Glad to help!


----------



## DT Roberts

*Re: ntdll.dll Issues*

Removing Chrome and Firefox has seemed to improved overall system stability. I'd really like to get Firefox working if possible though, I prefer it quite a bit over Internet Explorer. Any suggestions?

Thanks again.

Devin


----------



## jcgriff2

*Re: ntdll.dll Issues*

Have you tried just FFox - no Chrome?

I see a lock occuring in the dumps.

If WMP network sharing service running - turn off; disable.

Regards. . .

John

`


----------



## usasma

*Re: ntdll.dll Issues*

Does WMP still have issues? If not, then it's likely a problem with the FF/Chrome.

Install the latest version of Firefox and don't add any extensions/add-ons yet. See if it remains stable.


----------



## DT Roberts

*Re: ntdll.dll Issues*

I haven't seen any issues with *Windows Media Player *since I uninstalled them. I tried reinstalling *Firefox *and crashed on the second or third page I went to. :sigh:


----------



## jcgriff2

*Re: ntdll.dll Issues*

What does Problem Reports say?
Event Viewer?

If all 0xc0000005, rogue driver or RAM involved.

Driver Verifier..?

John

`


----------



## DT Roberts

*Re: ntdll.dll Issues*

It's somewhat depressing that I didn't think about that before... Turning the Verifier on. I'll upload the first dump I get (if any).


----------



## jcgriff2

*Re: ntdll.dll Issues*

You should have seen me when my Windows 7 x64 system BSOD'd to death here ~ 2 months ago. I reached out for help.


----------



## usasma

*Re: ntdll.dll Issues*

It happens to all of us at one time or another. I did it most recently with my bad motherboard and hard drive failures about a month ago.


----------



## DT Roberts

*Re: ntdll.dll Issues*

Sure enough, the Verifier 0xC2 pointing to *nvcwfcpo.sys* - my school's VPN client. It wouldn't surprise me at all, but I just set up the VPN around two weeks ago but I've had this problem for months, and when I got the BSOD itself flagged *ndis.sys*.

Also, *Internet Explorer* has started to crash with the same error. It must be related one way or another to *ndis.sys*. I've created a dump from the process.

I've attached the old *Firefox* minidump, *Internet Explorer*'s dump and the Verifier-enabled BSOD dump.

Much appreciated.

Devin


----------



## usasma

*Re: ntdll.dll Issues*

It's possible that these are a stack of problems. And that fixing the nvcwfpco.sys issue can reveal another problem.

Although the Driver Verifier dump points to nvcwfpco.sys, it's really just saying that the error occurred in nvcwfpco.sys - not that nvcwfpco.sys is at fault (although it's most likely to blame).

For example (from the stack text), it's possible (but not as likely) that the ndis.sys driver is corrupted and when nvcwfpco.sys accesses it, it spits out an error. And it's possible (but even less likely) that ntkrnlmp.exe is corrupted and an access by ndis.sys causes the error to spit out.

In short, we fix the nvcwfpco.sys error - and then work on the next thing that comes up.

Also, the 2 user level dumps are spitting errors in wow64.dll
Have you tried testing with the 64 bit version of IE?
Have you run SFC.EXE /SCANNOW from an elevated (Run as administrator) Command Prompt?

The errors can be in ndis.sys and how it interfaces with the VPN driver


----------



## DT Roberts

*Re: ntdll.dll Issues*

I agree completely that it could be a bunch of nested problems. I have tried *sfc /scannow* and it didn't come up with any issues. I haven't tried 64-bit IE, I'll test it later on as well as uninstall the VPN software once I'm done using it.


----------



## DT Roberts

*Re: ntdll.dll Issues*

IE x64 did in fact just crash.


----------



## usasma

*Re: ntdll.dll Issues*

Do you have the dump from the x64 crash?
If not, try this to generate a dump for a crashing process: http://www.sevenforums.com/crash-lockup-debug-how/34940-generating-memory-dump-crashing-process.html


----------



## DT Roberts

*Re: ntdll.dll Issues*

I've created and attach an IE x64 dump.


----------



## jcgriff2

*Re: ntdll.dll Issues*



Code:


[font=lucida console]
Debug session time: Mon Sep 20 23:55:33.000 2010 (GMT-4)
System Uptime: not available
Unable to load image [COLOR=Red]C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll[/COLOR], Win32 error 0n2

*** WARNING: Unable to verify timestamp for[COLOR=Red] nvLsp64.dll[/COLOR]
*** ERROR: Module load completed but symbols could not be loaded for nvLsp64.dll
*** WARNING: Unable to verify timestamp for ieframe.dll
*** WARNING: Unable to verify timestamp for iertutil.dll
*** WARNING: Unable to verify timestamp for iexplore.exe
*** WARNING: Unable to verify timestamp for ieui.dll
*** WARNING: Unable to verify timestamp for wininet.dll
PROCESS_NAME:  iexplore.exe
BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE
*** WARNING: Unable to verify timestamp for mdnsNSP.dll
*** ERROR: Module load completed but symbols could not be loaded for mdnsNSP.dll
*** WARNING: Unable to verify timestamp for urlmon.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for MSOXMLMF.DLL - 
*** WARNING: Unable to verify timestamp for ieproxy.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for IPHLPAPI.DLL - 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``[/font]

Hi Devin - 

*IE9 x64 Beta* appcrash + *0xc0000005* exception (memory access violation) + *ntdll.dll* = 3rd party firewall/ interference with Internet

I would remove NVIDIA ForceWare Network Access Manager (NAM) - 


Code:


[FONT=Lucida Console]
nvLsp64.dll  Mon Aug 10 18:58:28 2009 (4A80A614)
[/FONT]

NVIDIA NAM is a firewall.

http://forums.nvidia.com/lofiversion/index.php?t3455.html

http://www.nvidia.com/object/feature_network.html

Use Revo to uninstall it.

Kind Regards. . .

John

`

IE9 Beta x64 - User Mode Dump - 0xc0000005 exception


Code:


[font=lucida console]
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\PID-4636__IEXPLORE.EXE__2nd_chance_AccessViolation__mini_119c_2010-09-20_23-55-32-910_121c.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: '2nd_chance_AccessViolation_exception_in_IEXPLORE.EXE_running_on_HOME'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Mon Sep 20 23:55:33.000 2010 (GMT-4)
System Uptime: not available
Process Uptime: 0 days 0:02:09.000
................................................................
.......................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(121c.12e0): Access violation - code [COLOR=Red]c0000005[/COLOR] (first/second chance not available)
[COLOR=red]ntdll![/COLOR]RtlpWaitOnCriticalSection+0xb4:
00000000`77c3cf54 ff4024          inc     dword ptr [rax+24h] ds:00000000`00000024=????????
0:018> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

Unable to load image C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvLsp64.dll
*** ERROR: Module load completed but symbols could not be loaded for nvLsp64.dll
Unable to load image C:\Windows\System32\ieframe.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieframe.dll
Unable to load image C:\Windows\System32\iertutil.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iertutil.dll
*** WARNING: Unable to verify timestamp for iexplore.exe
Unable to load image C:\Windows\System32\ieui.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ieui.dll
Unable to load image C:\Windows\System32\wininet.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for wininet.dll
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
ntdll!RtlpWaitOnCriticalSection+b4
00000000`77c3cf54 ff4024          inc     dword ptr [rax+24h]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000077c3cf54 (ntdll!RtlpWaitOnCriticalSection+0x00000000000000b4)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  iexplore.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

WRITE_ADDRESS:  0000000000000024 

FOLLOWUP_IP: 
nvLsp64+91ac
00000001`800091ac ??              ???

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

FAULTING_THREAD:  00000000000012e0

BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE

PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 0000000077c3ce82 to 0000000077c3cf54

STACK_TEXT:  
00000000`076ff450 00000000`77c3ce82 : 00000000`00000000 00000000`00000017 00000000`00000000 00000000`034e9890 : ntdll!RtlpWaitOnCriticalSection+0xb4
00000000`076ff500 00000001`800091ac : 000007fe`fee81ac0 00000000`000006d8 00000000`076ff5c8 00000001`80055210 : ntdll!RtlEnterCriticalSection+0xab
00000000`076ff530 000007fe`fee81abf : 00000000`000006d8 00000000`076ff5c8 00000001`80055210 00000000`076ff560 : nvLsp64+0x91ac
00000000`076ff538 00000000`01201120 : 00000000`00000000 00000000`000006d8 00000000`011b12f0 00000000`00000000 : ws2_32!WahInsertHandleContext+0x83
00000000`076ff578 00000000`00000000 : 00000000`000006d8 00000000`011b12f0 00000000`00000000 00000000`000006d8 : 0x1201120


SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nvLsp64+91ac

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nvLsp64

IMAGE_NAME:  nvLsp64.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4a80a614

STACK_COMMAND:  ~18s; .ecxr ; kb

FAILURE_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE_c0000005_nvLsp64.dll!Unknown

BUCKET_ID:  X64_APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_nvLsp64+91ac

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/iexplore_exe/9_0_7930_16406/4c7e03c8/ntdll_dll/6_1_7600_16559/4ba9b802/c0000005/0004cf54.htm?Retriage=1

Followup: MachineOwner
---------

0:018> !nvLsp64.help
The call to LoadLibrary(nvLsp64) failed, Win32 error 0n2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
0:018> lmvm nvLsp64
start             end                 module name
00000001`80000000 00000001`8006f000   nvLsp64  T (no symbols)           
    Loaded symbol image file: nvLsp64.dll
    Image path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll
    Image name: nvLsp64.dll
    Timestamp:        Mon Aug 10 18:58:28 2009 (4A80A614)
    CheckSum:         0006B265
    ImageSize:        0006F000
    File version:     2.2.0.7316
    Product version:  2.2.0.7316
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
0:018> k
Child-SP          RetAddr           Call Site
00000000`076ff450 00000000`77c3ce82 ntdll!RtlpWaitOnCriticalSection+0xb4
00000000`076ff500 00000001`800091ac ntdll!RtlEnterCriticalSection+0xab
00000000`076ff530 000007fe`fee81abf nvLsp64+0x91ac
00000000`076ff538 00000000`01201120 ws2_32!WahInsertHandleContext+0x83
00000000`076ff578 00000000`00000000 0x1201120
0:018> lmnt
start             end                 module name
00000000`013a0000 00000000`0145c000   iexplore iexplore.exe Wed Sep 01 03:42:00 2010 (4C7E03C8)
00000000`72f10000 00000000`72fad000   msvcr90  msvcr90.dll  Fri May 22 21:26:08 2009 (4A1750B0)
00000000`73e10000 00000000`73e45000   mdnsNSP  mdnsNSP.dll  Tue May 18 19:22:53 2010 (4BF3214D)
00000000`774d0000 00000000`77623000   wininet  wininet.dll  Wed Sep 01 03:42:49 2010 (4C7E03F9)
00000000`77630000 00000000`7774f000   kernel32 kernel32.dll Mon Jul 13 21:31:11 2009 (4A5BDFDF)
00000000`77750000 00000000`7784a000   user32   user32.dll   Mon Jul 13 21:34:00 2009 (4A5BE088)
00000000`77850000 00000000`7798d000   urlmon   urlmon.dll   Wed Sep 01 03:42:57 2010 (4C7E0401)
00000000`77990000 00000000`77be5000   iertutil iertutil.dll Wed Sep 01 03:41:38 2010 (4C7E03B2)
00000000`77bf0000 00000000`77d9b000   ntdll    ntdll.dll    Wed Mar 24 02:58:10 2010 (4BA9B802)
00000000`77db0000 00000000`77db7000   psapi    psapi.dll    Mon Jul 13 19:26:21 2009 (4A5BC29D)
00000000`77dc0000 00000000`77dc3000   normaliz normaliz.dll Mon Jul 13 21:32:18 2009 (4A5BE022)
00000001`80000000 00000001`8006f000   nvLsp64  nvLsp64.dll  Mon Aug 10 18:58:28 2009 (4A80A614)
000007fe`f0090000 000007fe`f01d8000   NaturalLanguage6 NaturalLanguage6.dll Mon Jul 13 21:30:52 2009 (4A5BDFCC)
000007fe`f0f40000 000007fe`f0f49000   SensApi  SensApi.dll  Mon Jul 13 21:33:31 2009 (4A5BE06B)
000007fe`f1e50000 000007fe`f1ecb000   StructuredQuery StructuredQuery.dll Mon Jul 13 21:33:30 2009 (4A5BE06A)
000007fe`f32a0000 000007fe`f32b1000   MSOXMLMF MSOXMLMF.DLL Sun Feb 28 04:24:17 2010 (4B8A3641)
000007fe`f3c30000 000007fe`f3e02000   msxml3   msxml3.dll   Tue Jun 08 01:26:20 2010 (4C0DD47C)
000007fe`f4130000 000007fe`f4184000   oleacc   oleacc.dll   Mon Jul 13 21:32:11 2009 (4A5BE01B)
000007fe`f4190000 000007fe`f4e96000   ieframe  ieframe.dll  Wed Sep 01 03:44:11 2010 (4C7E044B)
000007fe`f5240000 000007fe`f52c4000   ieproxy  ieproxy.dll  Wed Sep 01 03:41:56 2010 (4C7E03C4)
000007fe`f5300000 000007fe`f533e000   ieui     ieui.dll     Wed Sep 01 03:40:43 2010 (4C7E037B)
000007fe`f53f0000 000007fe`f542b000   mlang    mlang.dll    Mon Jul 13 21:29:05 2009 (4A5BDF61)
000007fe`f5820000 000007fe`f583c000   rasman   rasman.dll   Mon Jul 13 21:32:38 2009 (4A5BE036)
000007fe`f5840000 000007fe`f58a2000   rasapi32 rasapi32.dll Mon Jul 13 21:32:30 2009 (4A5BE02E)
000007fe`f5b50000 000007fe`f5b6d000   mssprxy  mssprxy.dll  Mon Jul 13 21:30:18 2009 (4A5BDFAA)
000007fe`f5b80000 000007fe`f5b8c000   npmproxy npmproxy.dll Mon Jul 13 21:32:19 2009 (4A5BE023)
000007fe`f5b90000 000007fe`f5c04000   netprofm netprofm.dll Mon Jul 13 21:30:56 2009 (4A5BDFD0)
000007fe`f6180000 000007fe`f63bc000   tquery   tquery.dll   Mon Jul 13 21:33:50 2009 (4A5BE07E)
000007fe`f98d0000 000007fe`f9a9a000   explorerframe explorerframe.dll Sat Jun 26 01:23:59 2010 (4C258EEF)
000007fe`fa410000 000007fe`fa4b7000   dxgi     dxgi.dll     Mon Jul 13 21:28:12 2009 (4A5BDF2C)
000007fe`fadd0000 000007fe`fadd8000   rasadhlp rasadhlp.dll Mon Jul 13 21:32:29 2009 (4A5BE02D)
000007fe`fb3d0000 000007fe`fb423000   FWPUCLNT FWPUCLNT.DLL Mon Jul 13 21:27:54 2009 (4A5BDF1A)
000007fe`fb510000 000007fe`fb51b000   winnsi   winnsi.dll   Mon Jul 13 21:34:41 2009 (4A5BE0B1)
000007fe`fb520000 000007fe`fb547000   IPHLPAPI IPHLPAPI.DLL Mon Jul 13 21:28:55 2009 (4A5BDF57)
000007fe`fb870000 000007fe`fb877000   msimg32  msimg32.dll  Mon Jul 13 21:31:18 2009 (4A5BDFE6)
000007fe`fb900000 000007fe`fb911000   rtutils  rtutils.dll  Sat Jun 19 02:46:38 2010 (4C1C67CE)
000007fe`fbff0000 000007fe`fc020000   PeerDist PeerDist.dll Mon Jul 13 21:32:20 2009 (4A5BE024)
000007fe`fc330000 000007fe`fc348000   dwmapi   dwmapi.dll   Mon Jul 13 21:28:07 2009 (4A5BDF27)
000007fe`fc380000 000007fe`fc395000   nlaapi   nlaapi.dll   Mon Jul 13 21:30:49 2009 (4A5BDFC9)
000007fe`fc560000 000007fe`fc5a3000   duser    duser.dll    Mon Jul 13 21:28:06 2009 (4A5BDF26)
000007fe`fc5b0000 000007fe`fc6a2000   dui70    dui70.dll    Mon Jul 13 21:28:05 2009 (4A5BDF25)
000007fe`fc8d0000 000007fe`fc926000   uxtheme  uxtheme.dll  Mon Jul 13 21:34:11 2009 (4A5BE093)
000007fe`fc930000 000007fe`fca5c000   propsys  propsys.dll  Mon Jul 13 21:32:18 2009 (4A5BE022)
000007fe`fcc50000 000007fe`fce44000   comctl32 comctl32.dll Mon Jul 13 21:24:55 2009 (4A5BDE67)
000007fe`fd140000 000007fe`fd16d000   ntmarta  ntmarta.dll  Mon Jul 13 21:32:45 2009 (4A5BE03D)
000007fe`fd230000 000007fe`fd237000   WSHTCPIP WSHTCPIP.DLL Mon Jul 13 21:34:47 2009 (4A5BE0B7)
000007fe`fd240000 000007fe`fd24c000   version  version.dll  Mon Jul 13 21:33:54 2009 (4A5BE082)
000007fe`fd370000 000007fe`fd38e000   userenv  userenv.dll  Mon Jul 13 21:34:03 2009 (4A5BE08B)
000007fe`fd5b0000 000007fe`fd5f7000   rsaenh   rsaenh.dll   Mon Jul 13 21:32:41 2009 (4A5BE039)
000007fe`fd6d0000 000007fe`fd72b000   dnsapi   dnsapi.dll   Mon Jul 13 21:27:09 2009 (4A5BDEED)
000007fe`fd840000 000007fe`fd847000   wship6   wship6.dll   Mon Jul 13 21:34:41 2009 (4A5BE0B1)
000007fe`fd850000 000007fe`fd8a4000   mswsock  mswsock.dll  Mon Jul 13 21:30:44 2009 (4A5BDFC4)
000007fe`fd8b0000 000007fe`fd8c7000   cryptsp  cryptsp.dll  Mon Jul 13 21:29:58 2009 (4A5BDF96)
000007fe`fdac0000 000007fe`fdaef000   authz    authz.dll    Mon Jul 13 21:25:28 2009 (4A5BDE88)
000007fe`fde80000 000007fe`fde8b000   secur32  secur32.dll  Mon Jul 13 21:33:26 2009 (4A5BE066)
000007fe`fdec0000 000007fe`fdee5000   sspicli  sspicli.dll  Mon Jul 13 21:34:13 2009 (4A5BE095)
000007fe`fdef0000 000007fe`fdeff000   CRYPTBASE CRYPTBASE.dll Mon Jul 13 21:29:53 2009 (4A5BDF91)
000007fe`fdf00000 000007fe`fdf92000   sxs      sxs.dll      Mon Jul 13 21:33:35 2009 (4A5BE06F)
000007fe`fdfa0000 000007fe`fdff7000   apphelp  apphelp.dll  Mon Jul 13 21:26:04 2009 (4A5BDEAC)
000007fe`fe000000 000007fe`fe014000   RpcRtRemote RpcRtRemote.dll Mon Jul 13 21:32:38 2009 (4A5BE036)
000007fe`fe020000 000007fe`fe02f000   profapi  profapi.dll  Mon Jul 13 21:32:15 2009 (4A5BE01F)
000007fe`fe0c0000 000007fe`fe0cf000   msasn1   msasn1.dll   Sat Aug 29 03:40:40 2009 (4A98DB78)
000007fe`fe170000 000007fe`fe1db000   KERNELBASE KERNELBASE.dll Mon Jul 13 21:31:12 2009 (4A5BDFE0)
000007fe`fe1e0000 000007fe`fe21a000   wintrust wintrust.dll Tue Dec 29 02:54:50 2009 (4B39B5CA)
000007fe`fe220000 000007fe`fe23a000   devobj   devobj.dll   Mon Jul 13 21:26:57 2009 (4A5BDEE1)
000007fe`fe240000 000007fe`fe3a6000   crypt32  crypt32.dll  Mon Jul 13 21:29:52 2009 (4A5BDF90)
000007fe`fe3b0000 000007fe`fe3e5000   xmllite  xmllite.dll  Mon Jul 13 21:34:16 2009 (4A5BE098)
000007fe`fe3f0000 000007fe`fe426000   cfgmgr32 cfgmgr32.dll Mon Jul 13 21:26:02 2009 (4A5BDEAA)
000007fe`fe430000 000007fe`fe507000   oleaut32 oleaut32.dll Wed Apr 07 03:31:53 2010 (4BBC34E9)
000007fe`fe510000 000007fe`fe53e000   imm32    imm32.dll    Mon Jul 13 21:28:32 2009 (4A5BDF40)
000007fe`fe540000 000007fe`fe649000   msctf    msctf.dll    Mon Jul 13 21:30:18 2009 (4A5BDFAA)
000007fe`fe6d0000 000007fe`fe6ef000   sechost  sechost.dll  Mon Jul 13 21:33:18 2009 (4A5BE05E)
000007fe`fe6f0000 000007fe`fe8f1000   ole32    ole32.dll    Mon Jul 13 21:32:10 2009 (4A5BE01A)
000007fe`fe900000 000007fe`fe90e000   lpk      lpk.dll      Mon Jul 13 21:29:03 2009 (4A5BDF5F)
000007fe`fe910000 000007fe`fe918000   nsi      nsi.dll      Mon Jul 13 21:32:25 2009 (4A5BE029)
000007fe`fe920000 000007fe`fe9b9000   clbcatq  clbcatq.dll  Mon Jul 13 21:26:18 2009 (4A5BDEBA)
000007fe`fe9c0000 000007fe`feb97000   setupapi setupapi.dll Mon Jul 13 21:33:06 2009 (4A5BE052)
000007fe`feba0000 000007fe`fec3f000   msvcrt   msvcrt.dll   Mon Jul 13 21:30:38 2009 (4A5BDFBE)
000007fe`fec40000 000007fe`fecd8000   comdlg32 comdlg32.dll Mon Jul 13 21:29:26 2009 (4A5BDF76)
000007fe`fece0000 000007fe`fed51000   shlwapi  shlwapi.dll  Mon Jul 13 21:33:13 2009 (4A5BE059)
000007fe`fed60000 000007fe`fedb0000   Wldap32  Wldap32.dll  Mon Jul 13 21:35:25 2009 (4A5BE0DD)
000007fe`fedb0000 000007fe`fee7a000   usp10    usp10.dll    Mon Jul 13 21:34:04 2009 (4A5BE08C)
000007fe`fee80000 000007fe`feecd000   ws2_32   ws2_32.dll   Mon Jul 13 21:34:13 2009 (4A5BE095)
000007fe`feed0000 000007fe`ffc56000   shell32  shell32.dll  Tue Jul 27 10:51:09 2010 (4C4EF25D)
000007fe`ffc60000 000007fe`ffcc7000   gdi32    gdi32.dll    Mon Jul 13 21:27:29 2009 (4A5BDF01)
000007fe`ffcd0000 000007fe`ffdfe000   rpcrt4   rpcrt4.dll   Mon Jul 13 21:32:37 2009 (4A5BE035)
000007fe`ffe20000 000007fe`ffefb000   advapi32 advapi32.dll Mon Jul 13 21:24:59 2009 (4A5BDE6B)
0:018> lmntsm
start             end                 module name
000007fe`ffe20000 000007fe`ffefb000   advapi32 advapi32.dll Mon Jul 13 21:24:59 2009 (4A5BDE6B)
000007fe`fdfa0000 000007fe`fdff7000   apphelp  apphelp.dll  Mon Jul 13 21:26:04 2009 (4A5BDEAC)
000007fe`fdac0000 000007fe`fdaef000   authz    authz.dll    Mon Jul 13 21:25:28 2009 (4A5BDE88)
000007fe`fe3f0000 000007fe`fe426000   cfgmgr32 cfgmgr32.dll Mon Jul 13 21:26:02 2009 (4A5BDEAA)
000007fe`fe920000 000007fe`fe9b9000   clbcatq  clbcatq.dll  Mon Jul 13 21:26:18 2009 (4A5BDEBA)
000007fe`fcc50000 000007fe`fce44000   comctl32 comctl32.dll Mon Jul 13 21:24:55 2009 (4A5BDE67)
000007fe`fec40000 000007fe`fecd8000   comdlg32 comdlg32.dll Mon Jul 13 21:29:26 2009 (4A5BDF76)
000007fe`fe240000 000007fe`fe3a6000   crypt32  crypt32.dll  Mon Jul 13 21:29:52 2009 (4A5BDF90)
000007fe`fdef0000 000007fe`fdeff000   CRYPTBASE CRYPTBASE.dll Mon Jul 13 21:29:53 2009 (4A5BDF91)
000007fe`fd8b0000 000007fe`fd8c7000   cryptsp  cryptsp.dll  Mon Jul 13 21:29:58 2009 (4A5BDF96)
000007fe`fe220000 000007fe`fe23a000   devobj   devobj.dll   Mon Jul 13 21:26:57 2009 (4A5BDEE1)
000007fe`fd6d0000 000007fe`fd72b000   dnsapi   dnsapi.dll   Mon Jul 13 21:27:09 2009 (4A5BDEED)
000007fe`fc5b0000 000007fe`fc6a2000   dui70    dui70.dll    Mon Jul 13 21:28:05 2009 (4A5BDF25)
000007fe`fc560000 000007fe`fc5a3000   duser    duser.dll    Mon Jul 13 21:28:06 2009 (4A5BDF26)
000007fe`fc330000 000007fe`fc348000   dwmapi   dwmapi.dll   Mon Jul 13 21:28:07 2009 (4A5BDF27)
000007fe`fa410000 000007fe`fa4b7000   dxgi     dxgi.dll     Mon Jul 13 21:28:12 2009 (4A5BDF2C)
000007fe`f98d0000 000007fe`f9a9a000   explorerframe explorerframe.dll Sat Jun 26 01:23:59 2010 (4C258EEF)
000007fe`fb3d0000 000007fe`fb423000   FWPUCLNT FWPUCLNT.DLL Mon Jul 13 21:27:54 2009 (4A5BDF1A)
000007fe`ffc60000 000007fe`ffcc7000   gdi32    gdi32.dll    Mon Jul 13 21:27:29 2009 (4A5BDF01)
000007fe`f4190000 000007fe`f4e96000   ieframe  ieframe.dll  Wed Sep 01 03:44:11 2010 (4C7E044B)
000007fe`f5240000 000007fe`f52c4000   ieproxy  ieproxy.dll  Wed Sep 01 03:41:56 2010 (4C7E03C4)
00000000`77990000 00000000`77be5000   iertutil iertutil.dll Wed Sep 01 03:41:38 2010 (4C7E03B2)
000007fe`f5300000 000007fe`f533e000   ieui     ieui.dll     Wed Sep 01 03:40:43 2010 (4C7E037B)
00000000`013a0000 00000000`0145c000   iexplore iexplore.exe Wed Sep 01 03:42:00 2010 (4C7E03C8)
000007fe`fe510000 000007fe`fe53e000   imm32    imm32.dll    Mon Jul 13 21:28:32 2009 (4A5BDF40)
000007fe`fb520000 000007fe`fb547000   IPHLPAPI IPHLPAPI.DLL Mon Jul 13 21:28:55 2009 (4A5BDF57)
00000000`77630000 00000000`7774f000   kernel32 kernel32.dll Mon Jul 13 21:31:11 2009 (4A5BDFDF)
000007fe`fe170000 000007fe`fe1db000   KERNELBASE KERNELBASE.dll Mon Jul 13 21:31:12 2009 (4A5BDFE0)
000007fe`fe900000 000007fe`fe90e000   lpk      lpk.dll      Mon Jul 13 21:29:03 2009 (4A5BDF5F)
00000000`73e10000 00000000`73e45000   mdnsNSP  mdnsNSP.dll  Tue May 18 19:22:53 2010 (4BF3214D)
000007fe`f53f0000 000007fe`f542b000   mlang    mlang.dll    Mon Jul 13 21:29:05 2009 (4A5BDF61)
000007fe`fe0c0000 000007fe`fe0cf000   msasn1   msasn1.dll   Sat Aug 29 03:40:40 2009 (4A98DB78)
000007fe`fe540000 000007fe`fe649000   msctf    msctf.dll    Mon Jul 13 21:30:18 2009 (4A5BDFAA)
000007fe`fb870000 000007fe`fb877000   msimg32  msimg32.dll  Mon Jul 13 21:31:18 2009 (4A5BDFE6)
000007fe`f32a0000 000007fe`f32b1000   MSOXMLMF MSOXMLMF.DLL Sun Feb 28 04:24:17 2010 (4B8A3641)
000007fe`f5b50000 000007fe`f5b6d000   mssprxy  mssprxy.dll  Mon Jul 13 21:30:18 2009 (4A5BDFAA)
00000000`72f10000 00000000`72fad000   msvcr90  msvcr90.dll  Fri May 22 21:26:08 2009 (4A1750B0)
000007fe`feba0000 000007fe`fec3f000   msvcrt   msvcrt.dll   Mon Jul 13 21:30:38 2009 (4A5BDFBE)
000007fe`fd850000 000007fe`fd8a4000   mswsock  mswsock.dll  Mon Jul 13 21:30:44 2009 (4A5BDFC4)
000007fe`f3c30000 000007fe`f3e02000   msxml3   msxml3.dll   Tue Jun 08 01:26:20 2010 (4C0DD47C)
000007fe`f0090000 000007fe`f01d8000   NaturalLanguage6 NaturalLanguage6.dll Mon Jul 13 21:30:52 2009 (4A5BDFCC)
000007fe`f5b90000 000007fe`f5c04000   netprofm netprofm.dll Mon Jul 13 21:30:56 2009 (4A5BDFD0)
000007fe`fc380000 000007fe`fc395000   nlaapi   nlaapi.dll   Mon Jul 13 21:30:49 2009 (4A5BDFC9)
00000000`77dc0000 00000000`77dc3000   normaliz normaliz.dll Mon Jul 13 21:32:18 2009 (4A5BE022)
000007fe`f5b80000 000007fe`f5b8c000   npmproxy npmproxy.dll Mon Jul 13 21:32:19 2009 (4A5BE023)
000007fe`fe910000 000007fe`fe918000   nsi      nsi.dll      Mon Jul 13 21:32:25 2009 (4A5BE029)
00000000`77bf0000 00000000`77d9b000   ntdll    ntdll.dll    Wed Mar 24 02:58:10 2010 (4BA9B802)
000007fe`fd140000 000007fe`fd16d000   ntmarta  ntmarta.dll  Mon Jul 13 21:32:45 2009 (4A5BE03D)
00000001`80000000 00000001`8006f000   nvLsp64  nvLsp64.dll  Mon Aug 10 18:58:28 2009 (4A80A614)
000007fe`fe6f0000 000007fe`fe8f1000   ole32    ole32.dll    Mon Jul 13 21:32:10 2009 (4A5BE01A)
000007fe`f4130000 000007fe`f4184000   oleacc   oleacc.dll   Mon Jul 13 21:32:11 2009 (4A5BE01B)
000007fe`fe430000 000007fe`fe507000   oleaut32 oleaut32.dll Wed Apr 07 03:31:53 2010 (4BBC34E9)
000007fe`fbff0000 000007fe`fc020000   PeerDist PeerDist.dll Mon Jul 13 21:32:20 2009 (4A5BE024)
000007fe`fe020000 000007fe`fe02f000   profapi  profapi.dll  Mon Jul 13 21:32:15 2009 (4A5BE01F)
000007fe`fc930000 000007fe`fca5c000   propsys  propsys.dll  Mon Jul 13 21:32:18 2009 (4A5BE022)
00000000`77db0000 00000000`77db7000   psapi    psapi.dll    Mon Jul 13 19:26:21 2009 (4A5BC29D)
000007fe`fadd0000 000007fe`fadd8000   rasadhlp rasadhlp.dll Mon Jul 13 21:32:29 2009 (4A5BE02D)
000007fe`f5840000 000007fe`f58a2000   rasapi32 rasapi32.dll Mon Jul 13 21:32:30 2009 (4A5BE02E)
000007fe`f5820000 000007fe`f583c000   rasman   rasman.dll   Mon Jul 13 21:32:38 2009 (4A5BE036)
000007fe`ffcd0000 000007fe`ffdfe000   rpcrt4   rpcrt4.dll   Mon Jul 13 21:32:37 2009 (4A5BE035)
000007fe`fe000000 000007fe`fe014000   RpcRtRemote RpcRtRemote.dll Mon Jul 13 21:32:38 2009 (4A5BE036)
000007fe`fd5b0000 000007fe`fd5f7000   rsaenh   rsaenh.dll   Mon Jul 13 21:32:41 2009 (4A5BE039)
000007fe`fb900000 000007fe`fb911000   rtutils  rtutils.dll  Sat Jun 19 02:46:38 2010 (4C1C67CE)
000007fe`fe6d0000 000007fe`fe6ef000   sechost  sechost.dll  Mon Jul 13 21:33:18 2009 (4A5BE05E)
000007fe`fde80000 000007fe`fde8b000   secur32  secur32.dll  Mon Jul 13 21:33:26 2009 (4A5BE066)
000007fe`f0f40000 000007fe`f0f49000   SensApi  SensApi.dll  Mon Jul 13 21:33:31 2009 (4A5BE06B)
000007fe`fe9c0000 000007fe`feb97000   setupapi setupapi.dll Mon Jul 13 21:33:06 2009 (4A5BE052)
000007fe`feed0000 000007fe`ffc56000   shell32  shell32.dll  Tue Jul 27 10:51:09 2010 (4C4EF25D)
000007fe`fece0000 000007fe`fed51000   shlwapi  shlwapi.dll  Mon Jul 13 21:33:13 2009 (4A5BE059)
000007fe`fdec0000 000007fe`fdee5000   sspicli  sspicli.dll  Mon Jul 13 21:34:13 2009 (4A5BE095)
000007fe`f1e50000 000007fe`f1ecb000   StructuredQuery StructuredQuery.dll Mon Jul 13 21:33:30 2009 (4A5BE06A)
000007fe`fdf00000 000007fe`fdf92000   sxs      sxs.dll      Mon Jul 13 21:33:35 2009 (4A5BE06F)
000007fe`f6180000 000007fe`f63bc000   tquery   tquery.dll   Mon Jul 13 21:33:50 2009 (4A5BE07E)
00000000`77850000 00000000`7798d000   urlmon   urlmon.dll   Wed Sep 01 03:42:57 2010 (4C7E0401)
00000000`77750000 00000000`7784a000   user32   user32.dll   Mon Jul 13 21:34:00 2009 (4A5BE088)
000007fe`fd370000 000007fe`fd38e000   userenv  userenv.dll  Mon Jul 13 21:34:03 2009 (4A5BE08B)
000007fe`fedb0000 000007fe`fee7a000   usp10    usp10.dll    Mon Jul 13 21:34:04 2009 (4A5BE08C)
000007fe`fc8d0000 000007fe`fc926000   uxtheme  uxtheme.dll  Mon Jul 13 21:34:11 2009 (4A5BE093)
000007fe`fd240000 000007fe`fd24c000   version  version.dll  Mon Jul 13 21:33:54 2009 (4A5BE082)
00000000`774d0000 00000000`77623000   wininet  wininet.dll  Wed Sep 01 03:42:49 2010 (4C7E03F9)
000007fe`fb510000 000007fe`fb51b000   winnsi   winnsi.dll   Mon Jul 13 21:34:41 2009 (4A5BE0B1)
000007fe`fe1e0000 000007fe`fe21a000   wintrust wintrust.dll Tue Dec 29 02:54:50 2009 (4B39B5CA)
000007fe`fed60000 000007fe`fedb0000   Wldap32  Wldap32.dll  Mon Jul 13 21:35:25 2009 (4A5BE0DD)
000007fe`fee80000 000007fe`feecd000   ws2_32   ws2_32.dll   Mon Jul 13 21:34:13 2009 (4A5BE095)
000007fe`fd840000 000007fe`fd847000   wship6   wship6.dll   Mon Jul 13 21:34:41 2009 (4A5BE0B1)
000007fe`fd230000 000007fe`fd237000   WSHTCPIP WSHTCPIP.DLL Mon Jul 13 21:34:47 2009 (4A5BE0B7)
000007fe`fe3b0000 000007fe`fe3e5000   xmllite  xmllite.dll  Mon Jul 13 21:34:16 2009 (4A5BE098)



¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨

by [color=navy]jcgriff2     
             
         J. C. Griffith, Microsoft MVP[/color]   
             
           [url=https://mvp.support.microsoft.com/profile/Griffith][color=#000055][u]https://mvp.support.microsoft.com/profile/Griffith[/u][/color][/url]   
             
           [url=www.jcgriff2.com][color=#000055][u]www.jcgriff2.com[/u][/color][/url] 


¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨


  [/font]


----------



## DT Roberts

*Re: ntdll.dll Issues*

Great call. It's gone. So far so good, but then again it's only been a few minutes. I'll keep both of you posted.


----------



## usasma

*Re: ntdll.dll Issues*

This suggests that nvLsp64.dll is involved in the crash. I think that it's a part of the nVidia Network Access Manager. 

Most likely this can be gotten from nVidia when replacing your nVidia chipset drivers. Make sure that you uninstall all that you can before installing the new stuff.
http://www.nvidia.com/object/nforce_win7_64bit_15.53.html

ws2_32.dll is in the stack also, but it's a Windows DLL (part of WinSock), so I'd suspect that it's not at fault (and SFC.EXE would've fixed it when run).

Here's the dump with !analyze -v:


Code:


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\PID-4636__IEXPLORE.EXE__2nd_chance_AccessViolation__mini_119c_2010-09-20_23-55-32-910_121c.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: '2nd_chance_AccessViolation_exception_in_IEXPLORE.EXE_running_on_HOME'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Windows 7 Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Mon Sep 20 23:55:33.000 2010 (UTC - 4:00)
System Uptime: not available
Process Uptime: 0 days 0:02:09.000
................................................................
.......................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(121c.12e0): Access violation - code c0000005 (first/second chance not available)
ntdll!RtlpWaitOnCriticalSection+0xb4:
00000000`77c3cf54 ff4024          inc     dword ptr [rax+24h] ds:00000000`00000024=????????
0:018> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

Unable to load image C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvLsp64.dll
*** ERROR: Module load completed but symbols could not be loaded for nvLsp64.dll
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/iexplore_exe/9_0_7930_16406/4c7e03c8/ntdll_dll/6_1_7600_16559/4ba9b802/c0000005/0004cf54.htm?Retriage=1

FAULTING_IP: 
ntdll!RtlpWaitOnCriticalSection+b4
00000000`77c3cf54 ff4024          inc     dword ptr [rax+24h]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000077c3cf54 (ntdll!RtlpWaitOnCriticalSection+0x00000000000000b4)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  iexplore.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

WRITE_ADDRESS:  0000000000000024 

FOLLOWUP_IP: 
nvLsp64+91ac
00000001`800091ac ??              ???

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

FAULTING_THREAD:  00000000000012e0

BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE

PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 0000000077c3ce82 to 0000000077c3cf54

STACK_TEXT:  
00000000`076ff450 00000000`77c3ce82 : 00000000`00000000 00000000`00000017 00000000`00000000 00000000`034e9890 : ntdll!RtlpWaitOnCriticalSection+0xb4
00000000`076ff500 00000001`800091ac : 000007fe`fee81ac0 00000000`000006d8 00000000`076ff5c8 00000001`80055210 : ntdll!RtlEnterCriticalSection+0xab
00000000`076ff530 000007fe`fee81abf : 00000000`000006d8 00000000`076ff5c8 00000001`80055210 00000000`076ff560 : nvLsp64+0x91ac
00000000`076ff538 00000000`01201120 : 00000000`00000000 00000000`000006d8 00000000`011b12f0 00000000`00000000 : ws2_32!WahInsertHandleContext+0x83
00000000`076ff578 00000000`00000000 : 00000000`000006d8 00000000`011b12f0 00000000`00000000 00000000`000006d8 : 0x1201120


SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nvLsp64+91ac

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nvLsp64

IMAGE_NAME:  nvLsp64.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4a80a614

STACK_COMMAND:  ~18s; .ecxr ; kb

FAILURE_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE_c0000005_nvLsp64.dll!Unknown

BUCKET_ID:  X64_APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_nvLsp64+91ac

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/iexplore_exe/9_0_7930_16406/4c7e03c8/ntdll_dll/6_1_7600_16559/4ba9b802/c0000005/0004cf54.htm?Retriage=1

Followup: MachineOwner
---------

0:018> .exr 0xffffffffffffffff
ExceptionAddress: 0000000077c3cf54 (ntdll!RtlpWaitOnCriticalSection+0x00000000000000b4)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024


----------



## DT Roberts

*Re: ntdll.dll Issues*

I can happily say that removing *NAM* has (finally!) solved this issue of mine. I am truly grateful for the assistance from both of you.

Solved.


----------



## jcgriff2

Hi Devin . . .

Glad this is finally solved for you. 

Kind Regards. . .

John

`


----------

