COM SURROGATE keeps shutting down!

[Woomera]

ok as for the second value theres nothin in registry but as for the first value theres one in: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

here is exported reg: download

and theres another entry in: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID

here is the exported reg: download

[cluberti]

Deleted because of abuse - perhaps you could post the AppID value from the CLSID entry? Or even look it up in the registry (search the AppID value) - that should come back to an .exe or .dll file in the registry.

[Woomera]

Deleted because of abuse - perhaps you could post the AppID value from the CLSID entry? Or even look it up in the registry (search the AppID value) - that should come back to an .exe or .dll file in the registry.

Abuse? what do you mean? andthose were the only entries in my registry and none of them points to a dll or exe file.

[cluberti]

When I went to the links you posted on FileHo, that's the message I got.

[Mr Snrub]

It'll be the DivX codec I think, it has always had a problem with XP when thumbnails are enabled in Explorer as it doesn't seem to generate them (or handle the requests for their generation) well.

The proposed "workaround" in XP I believe is to disable thumbnail generation or take out the DLL which refers to DivX.

I do not think it a coincidence that:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

has a default value "Thumbnail Cache Out of Proc Server"

Funnily enough the only time I've seen the COM Surrogate crash was after a reboot immediately after installing DivX Player on Vista RTM...

[Woomera]

First value entries:

1.HKEY_CLASSES_ROOT\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

"DllSurrogate REG_SZ empty"

2.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

"AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}"

3.HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

"DllSurrogate REG_SZ empty"

Second value entries:

1.HKEY_CLASSES_ROOT\AppID

"{cd84562b-b3e6-4d39-9e4f-9c1a1fce4da7} REG_SZ empty"

2.HKEY_CLASSES_ROOT\AppID\{847ae63a-d988-43ec-b1de-467079194d7e}

"AppID REG_SZ {cd84562b-b3e6-4d39-9e4f-9c1a1fce4da7}"

"InprocServer32 REG_SZ %MODULE%"

"ThreadingModel REG_SZ Apartment"

3.HKEY_CLASSES_ROOT\AppID\{CD84562B-B3E6-4D39-9E4F-9C1A1FCE4DA7}

"DllSurrogate REG_SZ empty"

"PreferredServerBitness REG_DWORD 2"

4.HKEY_CLASSES_ROOT\CLSID\{847AE63A-D988-43EC-B1DE-467079194D7E}

"AppID REG_SZ {cd84562b-b3e6-4d39-9e4f-9c1a1fce4da7}"

"ThreadingModel REG_SZ Apartment"

and there are same entries as 2,3,4 in local_machine.that was it.

[cluberti]

That appid belongs to Urge - something is loading in Urge in WMP 11. Perhaps a reinstall of Urge for WMP 11?

[Woomera]

i installed urge few days ago to see what exactly it is but never used it so,i uninstalled it anyway cause i had some random crashes too like my IDM and Kaspersky.

thanks cluberti for your time.

[mehargags]

On my machine, it was nero showtime that made the error popup again n again. Unintalled it & its gone.

[cluberti]

OK, after looking at the data you uploaded yesterday, it looks like something called "badgesmenu.dll" is doing an unregisterserver event for a driver, and causing the application to crash. I don't know what this app does, or even what it's doing after the DllUnregisterServer event, but it's definitely something the system does NOT like . Also, since this does appear to modify system icon resources, and I'm guessing on the fly, it could very well be misbehaving.

Here's the data - if the timestamp on that .dll is really correct, I'm not surprised it's not working without crashing:

ChildEBP RetAddr  Args to Child			  
WARNING: Stack unwind information not available. Following frames may be wrong.
0933dfa4 063398b1 0933e02c 06339b29 0933e014 badgesmenu+0x1769
0933e014 0633a3ed 0633a760 00000000 7fffffff badgesmenu!DllUnregisterServer+0xeec9
0933e094 7ca0fafd 090844e0 004b04a6 00000000 badgesmenu!DllUnregisterServer+0xfa05
0933e230 7ca103b2 02b14118 02be6af0 00000005 shell32!HDXA_AppendMenuItems2+0x2d0
0933e2b4 7caa7e26 00000000 004b04a6 02182860 shell32!CDefFolderMenu::QueryContextMenu+0x2e8
0933e5cc 7caaadde 02a50120 00000010 0000011c shell32!CDefView::_DoContextMenuPopup+0xfb
0933e618 7c9fa58c 01a2011c 00000000 02adc008 shell32!CDefView::ContextMenu+0x1e4
0933e78c 7c9f1da1 003b0414 0000007b 004e0844 shell32!CDefView::WndProc+0x840
0933e7d0 77d48734 003b0414 0000007b 004e0844 shell32!CDefView::s_WndProc+0x72
0933e7fc 77d48816 7c9f1d4b 003b0414 0000007b user32!InternalCallWinProc+0x28
0933e864 77d4b4c0 000a5b48 7c9f1d4b 003b0414 user32!UserCallWinProcCheckWow+0x150
0933e8b8 77d4b50c 00650eb0 0000007b 004e0844 user32!DispatchClientMessage+0xa3
0933e8e0 7c90eae3 0933e8f0 00000018 00650eb0 user32!__fnDWORD+0x24
0933e904 77d494be 77d4b42d 004e0844 0000007b ntdll!KiUserCallbackDispatcher+0x13
0933e958 77d4b3f9 004e0844 0000007b 00430868 user32!NtUserMessageCall+0xc
0933e974 5ad71af6 004e0844 0000007b 00430868 user32!RealDefWindowProcW+0x47
0933e9cc 5ad71b3d 00000000 00000000 00430868 uxtheme!_ThemeDefWindowProc+0x16e
0933e9e8 77d4bb15 004e0844 0000007b 00430868 uxtheme!ThemeDefWindowProcW+0x18
0933ea30 7cb218b9 004e0844 0000007b 00430868 user32!DefWindowProcW+0x6b
0933ea68 77d48734 004e0844 0000007b 00430868 shell32!CDUIView::_DUIHostWndProc+0xf7


start	end		module name
06310000 06352000   badgesmenu C (export symbols)	   badgesmenu.dll
	Loaded symbol image file: badgesmenu.dll
	Image path: d:\Program Files\Badges 1.0.1.0\badgesmenu.dll
	Image name: badgesmenu.dll
	Timestamp:		Fri Jun 19 18:22:17 1992 (2A425E19)
	CheckSum:		 00000000
	ImageSize:		00042000
	File version:	 1.0.0.0
	Product version:  1.0.0.0
	File flags:	   0 (Mask 3F)
	File OS:		  4 Unknown Win32
	File type:		1.0 App
	File date:		00000000.00000000
	Translations:	 0419.04e3
	CompanyName:	  Shedko D. aka LeVeL
	ProductName:	  Badges : Context menu
	InternalName:	 badgesmenu.dll
	OriginalFilename: badgesmenu.dll
	ProductVersion:   1.0
	FileVersion:	  1.0.0.0
	FileDescription:  Badges : Context menu
	LegalCopyright:   (c) Shedko D. aka LeVeL, 2006
	LegalTrademarks:  none

[Spooky]

I agree with cluberti. Heres a little info i found about it. Do your have a C:\Program Files\badges 1.0.1.0 directory? Did you install something? Looks like it could be some type of shell extension spyware stuff possibly?

badgesmenu.dll

88.5 KB / 2006-10-301 / 0 Startup Monitor / Shell / Shell Extension

%program_files%\badges 1.0.1.0\

3a8a9def37cf04dfb06542e20137a7caBadges : Context menu. Shedko Badges Shell Menu

Shedko D. aka LeVeL

Look at the registry key:

[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Shedko Badges : CD \ tools \badges\badgesmenu.dll 

and...for an OverlayIcon entry at: 

[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Shedko Badges : CD \ tools \badges\badges_icons.dll

What have you installed? This does not come with Vista, something was installed to install those .dll files. I'm suprised that it even tried to work in the first place. Do you have A/V and anti-spyware scanners in place? From what I can tell this is sometimes involved with a trojan called RAVDM which is a malware exploit.

Edited January 16, 2007 by Spooky

[Woomera]

ok thanks CLUBERTI so much for your time man.

and spooky this is not on vista.its my problem with explorer crashing on xp.and yes i have kaspersky up-to-date installed.

badges is a software i installed sometimes ago.it adds an extension to explorer so you can changes the icon of folders just by right-clicking on them and choose from the list.well i never used it so i just uninstalled it

[katinka]

Spooky stated above:

I forgot to post this earlier, so to be complete, this problem can be caused by nero or divx. Look at this link for a fix:

http://forums.microsoft.com/MSDN/ShowPost....80&SiteID=1

I click on this link, and it is no longer in that location. I do NOT have nero, but I do have divx on my Vista computer, getting the error (DllHost.exe ntdll.dll APPCRASH c0000005)

How do I fix divx?