Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Outlook Express crashes randomly - probably because of malware?

Posted on 2005-05-07
Medium Priority
Last Modified: 2008-02-01
Hi, all.  My Outlook Express is randomly crashing with an error code of 0xC0000008, at address 0x000000007C964ED1.  Modules mentioned are msimn.exe (Outlook Express) and ntdll.dll.  I have run virus scans from three different AV programs: my Computer Associates eTrust EZ Armor program, as well as two onlines scans at Housecall and PcPitStop.  No viruses found.  Then ran the three spyware programs I regularly use, scanning the entire system: Lavasoft AdAware 6, SpyBot Search & Destroy, and Microsoft AntiSpyware.  Only found a few villains, which were removed.  But the errors continue to happen.  Also ran HijackThis to see if I could find anything nasty, but I wasn't successful.

I noticed one of cpc2004's posts on some similar questions that said to make available the Dr. Watson dump files at any website, so I have uploaded the following file:


at my "r u XPerienced?" website.  This zip file contains the files user.dmp and drwtson32.log generated by one of the recent errors.  I don't know how to use these dumps and logs to debug the problem, but hoping one of the experts who sees this question does...
Question by:LeeTutor
  • 3
  • 2
LVL 20

Accepted Solution

cpc2004 earned 2000 total points
ID: 13952763
I've examined the drwtson32.log and 90% of the failing is within mswsock.dll. I've searched google and no known hit for this problem.

FOLLOWUP_NAME:  MachineOwner
SYMBOL_NAME:  mswsock!WSPRecv+357
MODULE_NAME:  mswsock
IMAGE_NAME:  mswsock.dll
STACK_COMMAND:  .ecxr ; kb
FAILURE_BUCKET_ID:  c0000008_mswsock!WSPRecv+357
BUCKET_ID:  c0000008_mswsock!WSPRecv+357

I find two crashes caused by eTrust EZ Antivirus. Maybe  ISafe.exe is the culprit. For problem isolation, it is worthwhile to un-install eTrust EZ Antivirus and install other antivirus software (ie NOD32 and etc). If the program does not occurs, EZ Antivirus is the culprit. If it still crashes, the root cause may be antivirus and firewall programs install a Winsock Layered Service Provider (LSP) and when they are uninstalled they "break the chain" and this causes problems. You have to reinstall windows to fix the problem.

Application exception occurred:
        App: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe (pid=1352)
        When: 4/26/2005 @ 00:43:07.001
        Exception number: c0000005 (access violation)

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr  Args to Child              
01effccc 00432fb4 01695fa0 00000000 00000000 ISafe+0x2df40
01800658 00002f4a 00366ff8 00002000 00002000 ISafe+0x32fb4

eax=00001fff ebx=00000000 ecx=01682000 edx=00000031 esi=01effc9c edi=01682000
eip=0042df40 esp=01effc48 ebp=01effccc iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

function: ISafe
        0042df29 4f               dec     edi
        0042df2a ffff             ???
        0042df2c 83c430           add     esp,0x30
        0042df2f c3               ret
        0042df30 8b4c2404         mov     ecx,[esp+0x4]
        0042df34 8a11             mov     dl,[ecx]
        0042df36 33c0             xor     eax,eax
        0042df38 84d2             test    dl,dl
        0042df3a 740d             jz      ISafe+0x2df49 (0042df49)
        0042df3c 8d642400         lea     esp,[esp]
FAULT ->0042df40 8a540801         mov     dl,[eax+ecx+0x1]        ds:0023:01684000=??
        0042df44 40               inc     eax
        0042df45 84d2             test    dl,dl
        0042df47 75f7             jnz     ISafe+0x2df40 (0042df40)
LVL 59

Author Comment

ID: 13954616
Thanks, cpc2004.  I will look into uninstalling eTrust EZ AntiVirus and using something else to see if that solves the error.  Or perhaps I will try emailing the support site and furnishing my DrWatson dump for them to analyze.  Can you tell me a bit about how you can use a DrWatson dump and log to debug the problem?  Perhaps also furnish some good websites for information?  I haven't looked into it much yet, but certainly this MS article I found is of no help:

Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool
LVL 20

Expert Comment

ID: 13954856
Dr Watson log is a format dump and you can use notepad to view it.  My debugging background is mainly at OS/390 main frame and AIX. For windows I am still at learning.  No matter whether it is main-frame, unix or windows. The fundamental techique is basically  the same.  

1) The dump is only a snap shoot when the problem occurs. If the probem is a storage overlaid, it is very hard to find out the culprit
2) We do not have the source code. It is very hard to debug to program without source code.
3) Basic knowledge of Windows Internal.  
4) At mainframe and AIX, all the hardware error are well look after by CE. I have never to debug hardware problem.
At Windows a lot of system crashes and application crash are related to faulty hardware. You have to learn by experience how to identify a hardware problem and software problem.
Basic Technique
1) find out failing module name and datestamp of the module
2) nt status code  (ie the abend code). For example c000001d (illegal instruction) is usually caused by faulty hardware
3) examine the stack trace to understand what happen when it crashes
4) examine the load module to find out any module which has known problem
5) search google using the failing module name.

As it is accumulative and you have to archive the doctor watson log manually.
LVL 20

Expert Comment

ID: 14006666
Lee Tutor,

Is eTrust EZ Antivirus the culprit of your problem?
LVL 59

Author Comment

ID: 14007246
Apparently.  I have sent my DrWatson info to Computer Associates to see if they can fix the problem.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question