New
#31
Both also have code injected into Magnetite's Explorer process, so that might be the reasoning behind the "test what happens when you remove 'em" advice he was offered, which is incidentally sound as the crash is another heap corruption issue (hard to tell what component corrupted the heap):
00000000`04320000 00000000`0436b000 oodshrs Mon Nov 03 21:15:55 2008 (490ECF5B)
00000000`64f00000 00000000`64f16000 ashShA64 Tue Sep 15 21:01:02 2009 (4AAF73EE)
00000001`80000000 00000001`800e1000 oodsh Mon Nov 03 21:17:27 2008 (490ECFB7)
The ntdll.dll reference is unimportant. Virtually every app crash shows up as "faulting module ntdll.dll" because that's the interface between the app and the OS (sorta), and it's the component which "catches" the underlying problem and reports it (sorta!).