Outlook Express crashes randomly - probably because of malware?

Posted on 2005-05-07
Last Modified: 2008-02-01
Hi, all.  My Outlook Express is randomly crashing with an error code of 0xC0000008, at address 0x000000007C964ED1.  Modules mentioned are msimn.exe (Outlook Express) and ntdll.dll.  I have run virus scans from three different AV programs: my Computer Associates eTrust EZ Armor program, as well as two onlines scans at Housecall and PcPitStop.  No viruses found.  Then ran the three spyware programs I regularly use, scanning the entire system: Lavasoft AdAware 6, SpyBot Search & Destroy, and Microsoft AntiSpyware.  Only found a few villains, which were removed.  But the errors continue to happen.  Also ran HijackThis to see if I could find anything nasty, but I wasn't successful.

I noticed one of cpc2004's posts on some similar questions that said to make available the Dr. Watson dump files at any website, so I have uploaded the following file:

at my "r u XPerienced?" website.  This zip file contains the files user.dmp and drwtson32.log generated by one of the recent errors.  I don't know how to use these dumps and logs to debug the problem, but hoping one of the experts who sees this question does...
Question by:LeeTutor
    LVL 20

    Accepted Solution

    I've examined the drwtson32.log and 90% of the failing is within mswsock.dll. I've searched google and no known hit for this problem.

    FOLLOWUP_NAME:  MachineOwner
    SYMBOL_NAME:  mswsock!WSPRecv+357
    MODULE_NAME:  mswsock
    IMAGE_NAME:  mswsock.dll
    STACK_COMMAND:  .ecxr ; kb
    FAILURE_BUCKET_ID:  c0000008_mswsock!WSPRecv+357
    BUCKET_ID:  c0000008_mswsock!WSPRecv+357

    I find two crashes caused by eTrust EZ Antivirus. Maybe  ISafe.exe is the culprit. For problem isolation, it is worthwhile to un-install eTrust EZ Antivirus and install other antivirus software (ie NOD32 and etc). If the program does not occurs, EZ Antivirus is the culprit. If it still crashes, the root cause may be antivirus and firewall programs install a Winsock Layered Service Provider (LSP) and when they are uninstalled they "break the chain" and this causes problems. You have to reinstall windows to fix the problem.

    Application exception occurred:
            App: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe (pid=1352)
            When: 4/26/2005 @ 00:43:07.001
            Exception number: c0000005 (access violation)

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    ChildEBP RetAddr  Args to Child              
    01effccc 00432fb4 01695fa0 00000000 00000000 ISafe+0x2df40
    01800658 00002f4a 00366ff8 00002000 00002000 ISafe+0x32fb4

    eax=00001fff ebx=00000000 ecx=01682000 edx=00000031 esi=01effc9c edi=01682000
    eip=0042df40 esp=01effc48 ebp=01effccc iopl=0         nv up ei pl nz na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

    function: ISafe
            0042df29 4f               dec     edi
            0042df2a ffff             ???
            0042df2c 83c430           add     esp,0x30
            0042df2f c3               ret
            0042df30 8b4c2404         mov     ecx,[esp+0x4]
            0042df34 8a11             mov     dl,[ecx]
            0042df36 33c0             xor     eax,eax
            0042df38 84d2             test    dl,dl
            0042df3a 740d             jz      ISafe+0x2df49 (0042df49)
            0042df3c 8d642400         lea     esp,[esp]
    FAULT ->0042df40 8a540801         mov     dl,[eax+ecx+0x1]        ds:0023:01684000=??
            0042df44 40               inc     eax
            0042df45 84d2             test    dl,dl
            0042df47 75f7             jnz     ISafe+0x2df40 (0042df40)
    LVL 59

    Author Comment

    Thanks, cpc2004.  I will look into uninstalling eTrust EZ AntiVirus and using something else to see if that solves the error.  Or perhaps I will try emailing the support site and furnishing my DrWatson dump for them to analyze.  Can you tell me a bit about how you can use a DrWatson dump and log to debug the problem?  Perhaps also furnish some good websites for information?  I haven't looked into it much yet, but certainly this MS article I found is of no help:;en-us;308538
    Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool
    LVL 20

    Expert Comment

    Dr Watson log is a format dump and you can use notepad to view it.  My debugging background is mainly at OS/390 main frame and AIX. For windows I am still at learning.  No matter whether it is main-frame, unix or windows. The fundamental techique is basically  the same.  

    1) The dump is only a snap shoot when the problem occurs. If the probem is a storage overlaid, it is very hard to find out the culprit
    2) We do not have the source code. It is very hard to debug to program without source code.
    3) Basic knowledge of Windows Internal.  
    4) At mainframe and AIX, all the hardware error are well look after by CE. I have never to debug hardware problem.
    At Windows a lot of system crashes and application crash are related to faulty hardware. You have to learn by experience how to identify a hardware problem and software problem.
    Basic Technique
    1) find out failing module name and datestamp of the module
    2) nt status code  (ie the abend code). For example c000001d (illegal instruction) is usually caused by faulty hardware
    3) examine the stack trace to understand what happen when it crashes
    4) examine the load module to find out any module which has known problem
    5) search google using the failing module name.

    As it is accumulative and you have to archive the doctor watson log manually.
    LVL 20

    Expert Comment

    Lee Tutor,

    Is eTrust EZ Antivirus the culprit of your problem?
    LVL 59

    Author Comment

    Apparently.  I have sent my DrWatson info to Computer Associates to see if they can fix the problem.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now