System crashing [DUMP Data]

For the last 3-4 weeks my pc shows several problems.

1. Ocassionally the monitor will turn off forcing that I shut down and restart. When this happens I've noticed that the hard drive light stays on. This problem normally happens when I boot up in the morning but it can occur at any time without a clear reason.

2. When I log into Internet Explorer I get an error message indicating that windows explorer has encountered a problem and will be closed. I've tried checking the error report but it returns a message stating that the information in the report is corrupted. The bottom taskbar disappears, then reappears and everything seems to work ok.

3. In general, the machine is functioning slower than usual.

I ran Lavasoft Ad-aware, Spybot, WIndow washer and McAffee Antivirus but the problems continues. I also cleaned the pre-fetch folder and all the cookies in ie and netscape but that did not help.

I read in another post that the problem could be several recent patches from Microsoft (KB908531). Can anyone help me determine if deleting them is the way to go?

 

Hello git,

http://www.windowsbbs.com/showthread.php?t=53475&highlight=KB908531 I don't know if that is the post you're referring to. Are you running HP software?

I think its worth the shot to uninstall this MS Update.

Regards - Charles

 

i had a problem with kb908531 also i ran an IEfix which re installs explorer


http://windowsxp.mvps.org/IEFIX.htm

i now run i:e7(beta) and my problem went away.

http://www.microsoft.com/windows/ie/default.mspx

 

Dump

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Mon Nov 29 16:55:35.000 2004 (GMT-4)
System Uptime: not available
Process Uptime: 0 days 0:05:16.000
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
..........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(8ac.a2c): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=7ffdf000 ecx=77e7a39c edx=7ffe0304 esi=0012ff68 edi=0012ffc0
eip=00000000 esp=0012ff4c ebp=0012ffc0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
00000000 ?? ???
0:000> !analyze -v;r;kv;lmtn;.logclose;q

 

Revised Dump File

I think I may have closed the DOS window before the procedure was completed. Below is the complete dump file.

Since my last post I delete three windows updates (KB908531, KB912812 & KB911567) but the problem remains.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Windows XP Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Mon Nov 29 16:55:35.000 2004 (GMT-4)
System Uptime: not available
Process Uptime: 0 days 0:05:16.000
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
..........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(8ac.a2c): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=7ffdf000 ecx=77e7a39c edx=7ffe0304 esi=0012ff68 edi=0012ffc0
eip=00000000 esp=0012ff4c ebp=0012ffc0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
00000000 ?? ???
0:000> !analyze -v;r;kv;lmtn;.logclose;q
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
Unable to load image c:\cat.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for cat.exe
*** ERROR: Module load completed but symbols could not be loaded for cat.exe
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

***** OS symbols are WRONG. Please fix symbols to do analysis.


FAULTING_IP:
+0
00000000 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
.exr ffffffffffffffff
ExceptionAddress: 00000000
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

PROCESS_NAME: cat.exe

MODULE_NAME: cat

FAULTING_MODULE: 77f50000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP: 41a45fa1

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

READ_ADDRESS: 00000000

BUGCHECK_STR: ACCESS_VIOLATION

LAST_CONTROL_TRANSFER: from 0040247f to 00000000

FAILED_INSTRUCTION_ADDRESS:
+0
00000000 ?? ???

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012ff48 0040247f 00000000 0040222c 00402234 0x0
0012ffc0 77e814c7 70a71a29 80000002 7ffdf000 cat+0x247f
0012fff0 00000000 00404000 00000000 00000000 kernel32!BaseProcessStart+0x23


STACK_COMMAND: ~0s; .ecxr ; kb

FOLLOWUP_IP:
cat+247f
0040247f ?? ???

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: cat+247f

IMAGE_NAME: cat.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

eax=00000000 ebx=7ffdf000 ecx=77e7a39c edx=7ffe0304 esi=0012ff68 edi=0012ffc0
eip=00000000 esp=0012ff4c ebp=0012ffc0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
00000000 ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012ff48 0040247f 00000000 0040222c 00402234 0x0
0012ffc0 77e814c7 70a71a29 80000002 7ffdf000 cat+0x247f
0012fff0 00000000 00404000 00000000 00000000 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])
start end module name
00400000 00405000 cat cat.exe Wed Nov 24 06:17:05 2004 (41A45FA1)
5ad70000 5ada4000 uxtheme uxtheme.dll Thu Aug 29 06:39:22 2002 (3D6DF9DA)
75f40000 75f5f000 apphelp apphelp.dll Thu Aug 29 06:40:27 2002 (3D6DFA1B)
77c10000 77c63000 msvcrt msvcrt.dll Thu Aug 29 06:40:39 2002 (3D6DFA27)
77c70000 77cb0000 gdi32 gdi32.dll Thu Aug 29 06:40:39 2002 (3D6DFA27)
77d40000 77dcc000 user32 user32.dll Thu Aug 29 06:40:40 2002 (3D6DFA28)
77dd0000 77e5d000 advapi32 advapi32.dll Thu Aug 29 06:40:40 2002 (3D6DFA28)
77e60000 77f46000 kernel32 kernel32.dll Thu Aug 29 06:40:40 2002 (3D6DFA28)
77f50000 77ff7000 ntdll ntdll.dll Thu Aug 29 06:40:40 2002 (3D6DFA28)
78000000 78086000 rpcrt4 rpcrt4.dll Thu Aug 29 06:40:41 2002 (3D6DFA29)
Closing open log file c:\debuglog.txt

 

Follow-up

PeteC

I ran Housecall as you suggested and while it found several problems it did not find the apriful worm. I tried detecting it with Mcafee but it did not find one single problem with my machine. I also ran Spybot and Hijack this both found other problems which were fixed. Now Windows explorer is not closing down as before but the machine's monitor still shuts down randomly.

Do you know other ways to determine whether the source of the problem is the worm you mention or another evil creature?

Below is the Hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 4:18:21 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\DOCUME~1\GREENC~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windupdates.com/remove.php?soft=Windows+ServeAd
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=off /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe "
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE



PS I also noticed that my keyboard is not working properly. As I type the cursor sometimes does not mveo (move). HELP, HELP, HEL,PHELP,HLPE!!

 

Follow-up Dump File

Arie

Can you see anything relevant in the dump file I enclosed in my post?

Thanks

 

Hi,

One Dr Watson is insufficient to determine the culprit. It maybe caused by faulty ram or software error. Check the DrWatson log. If you find it always crashes at cat.exe, it is software error of cat.exe. If the crashes have various symptoms, it is the sign of hardware problem such as ram


C:\Documents and Settings\All Users\Documents\DrWatson\drwtsn32.log (XP)