Outlook Express crashes randomly - probably because of malware?

Hi, all.  My Outlook Express is randomly crashing with an error code of 0xC0000008, at address 0x000000007C964ED1.  Modules mentioned are msimn.exe (Outlook Express) and ntdll.dll.  I have run virus scans from three different AV programs: my Computer Associates eTrust EZ Armor program, as well as two onlines scans at Housecall and PcPitStop.  No viruses found.  Then ran the three spyware programs I regularly use, scanning the entire system: Lavasoft AdAware 6, SpyBot Search & Destroy, and Microsoft AntiSpyware.  Only found a few villains, which were removed.  But the errors continue to happen.  Also ran HijackThis to see if I could find anything nasty, but I wasn't successful.

I noticed one of cpc2004's posts on some similar questions that said to make available the Dr. Watson dump files at any website, so I have uploaded the following file:

http://home.earthlink.net/%7Elreynol929/ruXP/errordump/user.zip

at my "r u XPerienced?" website.  This zip file contains the files user.dmp and drwtson32.log generated by one of the recent errors.  I don't know how to use these dumps and logs to debug the problem, but hoping one of the experts who sees this question does...
LVL 59
LeeTutorretiredAsked:
Who is Participating?
 
cpc2004Commented:
I've examined the drwtson32.log and 90% of the failing is within mswsock.dll. I've searched google and no known hit for this problem.

SYMBOL_STACK_INDEX:  3
FOLLOWUP_NAME:  MachineOwner
SYMBOL_NAME:  mswsock!WSPRecv+357
MODULE_NAME:  mswsock
IMAGE_NAME:  mswsock.dll
DEBUG_FLR_IMAGE_TIMESTAMP:  41109758
STACK_COMMAND:  .ecxr ; kb
FAILURE_BUCKET_ID:  c0000008_mswsock!WSPRecv+357
BUCKET_ID:  c0000008_mswsock!WSPRecv+357


I find two crashes caused by eTrust EZ Antivirus. Maybe  ISafe.exe is the culprit. For problem isolation, it is worthwhile to un-install eTrust EZ Antivirus and install other antivirus software (ie NOD32 and etc). If the program does not occurs, EZ Antivirus is the culprit. If it still crashes, the root cause may be antivirus and firewall programs install a Winsock Layered Service Provider (LSP) and when they are uninstalled they "break the chain" and this causes problems. You have to reinstall windows to fix the problem.

Application exception occurred:
        App: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe (pid=1352)
        When: 4/26/2005 @ 00:43:07.001
        Exception number: c0000005 (access violation)

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr  Args to Child              
01effccc 00432fb4 01695fa0 00000000 00000000 ISafe+0x2df40
01800658 00002f4a 00366ff8 00002000 00002000 ISafe+0x32fb4

eax=00001fff ebx=00000000 ecx=01682000 edx=00000031 esi=01effc9c edi=01682000
eip=0042df40 esp=01effc48 ebp=01effccc iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202


function: ISafe
        0042df29 4f               dec     edi
        0042df2a ffff             ???
        0042df2c 83c430           add     esp,0x30
        0042df2f c3               ret
        0042df30 8b4c2404         mov     ecx,[esp+0x4]
        0042df34 8a11             mov     dl,[ecx]
        0042df36 33c0             xor     eax,eax
        0042df38 84d2             test    dl,dl
        0042df3a 740d             jz      ISafe+0x2df49 (0042df49)
        0042df3c 8d642400         lea     esp,[esp]
FAULT ->0042df40 8a540801         mov     dl,[eax+ecx+0x1]        ds:0023:01684000=??
        0042df44 40               inc     eax
        0042df45 84d2             test    dl,dl
        0042df47 75f7             jnz     ISafe+0x2df40 (0042df40)
0
 
LeeTutorretiredAuthor Commented:
Thanks, cpc2004.  I will look into uninstalling eTrust EZ AntiVirus and using something else to see if that solves the error.  Or perhaps I will try emailing the support site and furnishing my DrWatson dump for them to analyze.  Can you tell me a bit about how you can use a DrWatson dump and log to debug the problem?  Perhaps also furnish some good websites for information?  I haven't looked into it much yet, but certainly this MS article I found is of no help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;308538
Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool
0
 
cpc2004Commented:
Dr Watson log is a format dump and you can use notepad to view it.  My debugging background is mainly at OS/390 main frame and AIX. For windows I am still at learning.  No matter whether it is main-frame, unix or windows. The fundamental techique is basically  the same.  

Restriction
1) The dump is only a snap shoot when the problem occurs. If the probem is a storage overlaid, it is very hard to find out the culprit
2) We do not have the source code. It is very hard to debug to program without source code.
3) Basic knowledge of Windows Internal.  
4) At mainframe and AIX, all the hardware error are well look after by CE. I have never to debug hardware problem.
At Windows a lot of system crashes and application crash are related to faulty hardware. You have to learn by experience how to identify a hardware problem and software problem.
.
Basic Technique
1) find out failing module name and datestamp of the module
2) nt status code  (ie the abend code). For example c000001d (illegal instruction) is usually caused by faulty hardware
3) examine the stack trace to understand what happen when it crashes
4) examine the load module to find out any module which has known problem
5) search google using the failing module name.

As it is accumulative and you have to archive the doctor watson log manually.
0
 
cpc2004Commented:
Lee Tutor,

Is eTrust EZ Antivirus the culprit of your problem?
0
 
LeeTutorretiredAuthor Commented:
Apparently.  I have sent my DrWatson info to Computer Associates to see if they can fix the problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.