Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blue screen after windows update


  • Please log in to reply
17 replies to this topic

#1 langdon auger

langdon auger

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 11 November 2009 - 05:11 AM

Hi.

I just downloaded the latest windows update KB969947 and the malicious software removal tool. After the download I clicked on the "restart system now" button. Not long after this the screen went blue with this message.

STOP: c000021a {fatal system error}
The windows system process terminated unexpectedally with a status of 0xc0000005 (0x7c911766 0x006af8ec)
The system has been shut down.

I restarted manually and everything seemed to run OK. I went back to MS updates and it seemed as though the updates had beeen successful. I have never had a problem with windows updates before and I was wondering if this might be a sign of a bigger problem.

XP sp3.

Thanks.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 11 November 2009 - 09:23 AM

http://www.aumha.org/a/stop.htm

Scroll down to 21A in right column.

Louis

#3 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 12 November 2009 - 03:38 AM

Hi.

Thanks. As this happened during a windows update rather than out of the blue do you think it was most likley caused by one of the technical reasons given rather than malware?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 12 November 2009 - 10:48 AM

Hmmm...I cannot speculate, nothing to base a wild guess on.

I just downloaded/installed those same two items on this system...with no problems.

Microsoft on such errors: http://support.microsoft.com/kb/156669

Louis

#5 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 13 November 2009 - 02:48 AM

OK, thanks for helping. For now everything seems OK.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 13 November 2009 - 09:45 AM

Sometimes, for reasons I don't claim to understand...a user will get a random (one-time) BSOD message. Usually, the content of the message will indicate that this is not necessarily a problem to be concerned with (if this is the first time such error occurred).

If such errors happen in a repetitive manner, I would be concerned.

Even if they are isolated, I always think it's a good idea to check Event Viewer for possible details regarding the occurrence.

Louis

#7 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 14 November 2009 - 02:59 AM

I'm not sure how to check the event viewer but if you leave instructions I will give it a go. Or if you have any other suggestions just say so.

#8 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 15 November 2009 - 03:02 AM

Hi.

If your still there I did make some progress. Here is what the security log said on the day of the blue screen crash.

Information 11/11/2009 8:33:25 PM eventlog None 6006 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 8:13:28 PM Service Control Manager None 7035 Owner YUJGH-9GWXUC9YA
Information 11/11/2009 8:12:15 PM RemoteAccess None 20159 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:57:57 PM Service Control Manager None 7035 Owner YUJGH-9GWXUC9YA
Information 11/11/2009 5:15:38 PM RemoteAccess None 20158 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:58 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:52 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:51 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:51 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:50 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:42 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:42 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:38 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:38 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:01 PM SbieDrv None 1101 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:12:39 PM Tcpip None 4202 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:12:39 PM avgntflt None 17 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:07 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:07 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:07 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:07 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:06 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:06 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:13:06 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 5:12:39 PM eventlog None 6005 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:12:39 PM eventlog None 6009 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:07:36 PM RemoteAccess None 20159 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:06:49 PM Windows Update Agent Installation 19 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:05:04 PM Windows Update Agent Installation 19 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 5:04:58 PM NtServicePack None 4377 Owner YUJGH-9GWXUC9YA
Information 11/11/2009 4:55:45 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:55:45 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 4:51:19 PM RemoteAccess None 20158 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:58 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:50 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:50 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:50 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:48 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:41 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:41 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:41 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:09 PM SbieDrv None 1101 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:47:48 PM Tcpip None 4202 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:47:47 PM avgntflt None 17 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:15 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:14 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:14 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:14 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:14 PM Service Control Manager None 7036 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:48:14 PM Service Control Manager None 7035 SYSTEM YUJGH-9GWXUC9YA
Information 11/11/2009 4:47:47 PM eventlog None 6005 N/A YUJGH-9GWXUC9YA
Information 11/11/2009 4:47:47 PM eventlog None 6009 N/A YUJGH-9GWXUC9YA

I also noticed about 5 warnings in the last month that said,

Warning 22/10/2009 4:00:51 PM Tcpip None 4226 N/A YUJGH-9GWXUC9YA

and the detail was,

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

I just mentioned it because it seemed strange.

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 15 November 2009 - 09:38 AM

Apologies for the delay in response...I suppose that I focused too intently on tennis and soccer games yesterday and missed your post.

How To Use Event Viewer - http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

I don't even pay attention to information items in Event Viewer or warnings...it's errors posted in EV that merit attention, IMO.

An error message in Windows...is equivalent to many of the posts in a computer forum...it's a cry for help, originating from the system. Any other type of event viewer entry is just notational in nature for most users.

Louis

The TCP/IP message is nothing. Windows, by default, imposes a limit of 10 open connections at a time. If one is using torrent software or something similar, this may result in the above warning. The number of connections can be increased...but the bottom line is this warning is more of a reminder that the default is 10.

http://www.techiecorner.com/34/how-to-adju...download-speed/

Edited by hamluis, 15 November 2009 - 09:45 AM.


#10 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 16 November 2009 - 02:28 AM

OK thanks, don't worry about the response time, I just thought you might have moved on.

Edited by langdon auger, 17 November 2009 - 01:19 AM.


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 16 November 2009 - 10:45 AM

You need to go back to the time period you dowloaded said update (since you have linked that to the start of your problems) and post the detail (obtained by double-clicking on the EV individual line item) for the few errors that seem to coincide with either that time or the occurrence of your first known BSOD.

I would suggest editing your posts and deleting all the log data you posted for periods either prior to or afterwards, as well as the info items you posted. They just take up space in your thread.

The only errors which are useful are those which may help pinpoint the the cause of the BSOD. Info items don't do that, neither do any items before yo

http://www.returnilvirtualsystem.com/

If you have this installed, I think I would remove it and see if the errors continue. There are more reliable, known alternatives.

Louis

#12 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 17 November 2009 - 01:27 AM

Hi.

Thanks hamluis, I made the edits you suggested. As for errors in log log from the time of the BSOD there were none. Just the "infomations" as posted above. Since everything has been running fine since then with no more crashes I think I will leave it for now and start a new topic if the problem comes back.

Yes I do have returnil installed. If you could post the names of the "more reliable, known alternatives", that you spoke of I would like to try them out.

Thanks.

#13 joseibarra

joseibarra

  • Members
  • 1,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:10:32 AM

Posted 17 November 2009 - 06:54 AM

Your original post indicates your download more than one thing and a bunch of Windows updates come out on the second Tuesday of the month (11/10/09) and your problem began the day after.

Why do you think is is that particular update?

You can perhaps eliminate some guessing if you uninstall KB969947, see if the problem goes away.

You can always do a Windows Update later to reinstall KB969947 or update it manually.

Some updates will cause problems if other drivers on your system are out of date - like video drivers. MS does't know or care what version your other drivers are. First you need to be sure what update is the problem.

Go to Add/Remove Programs, click the Show updates box, find KB969947, Remove.

Reboot and you will know if KB969947 is really your problem or not or if things change.

Your are probably not going to find interesting events for this problem in the Security log. Try the System log.

Here is a method to post the specific information about individual events.

To see the Event Viewer logs, click Start, Settings, Control Panel, Administrative Tools, Event Viewer.

A shortcut to Event Viewer is to click Start, Run and in the box enter:

%SystemRoot%\system32\eventvwr.msc /s

Click OK to launch the Event Viewer.

The most interesting logs are usually the Application and System. Some logs may be almost or completely empty.
Not every event it a problem, some are informational messages that things are working okay and some are warnings
No event should defy reasonable explanation.

Each event is sorted by Date and Time. Errors will have red Xs, Warnings will have yellow !s.
Information messages have white is. Not every Error or Warning event means there is a serious issue.
Some are excusable at startup time when Windows is booting. Try to find just the events at the date
and time around your problem.

If you double click an event, it will open a Properties windows with more information. On the right are
black up and down arrow buttons to scroll through the open events. The third button that looks like
two pages on top of each other is used to copy the event details to your Windows clipboard.

When you find an interesting event that occurred around the time of your issue, click the third button
under the up and down arrows to copy the details and then you can paste the details (right click, Paste
or CTRL-V) the detail text back here for analysis.

To get a fresh start on any Event Viewer log, you can choose to clear the log (backing up the log is offered),
then reproduce your issue, then look at just the events around the time of your issue.

Edited by joseibarra, 17 November 2009 - 09:48 AM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#14 hamluis

hamluis

    Moderator


  • Moderator
  • 55,899 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:32 AM

Posted 17 November 2009 - 09:38 AM

Antivirus, Antimalware, And Antispyware Resources - http://www.bleepingcomputer.com/forums/t/405/antivirus-antimalware-and-antispyware-resources/

I have a bias for Avira Free AV...SUPERAntiSpyware...and Malwarebytes as personal choices of programs which help defend my system. Others will vary, the link above lists a number of known programs which are reliable and normally don't cause problems for the system.

My take on installing unknown programs purporting to protect a system...quite often, the pain is not worth the effort such take to download and install.

Louis

#15 langdon auger

langdon auger
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 18 November 2009 - 02:25 AM

Hi.

Just to clear up a couple of things from joseibarra's post. I downloaded the two updates that were available for XP on Nov 11, KB969947 and the malicious software removal tool. The reason the date is out is just a timezone issue. Immediately after the updates I restarted the computer, that is when the crash happened. There were only information entries in the event log from that time under system and they are posted above. I had a look in the security log using the method you suggested and everything that came back was way above my head. Below are the two events previous to the BSOD and the first after, if they help.

Also it was a one off event, there have been no problems of this nature before or since (so far).

BEFORE:

Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 576
Date: 11/11/2009
Time: 5:13:41 PM
User: YUJGH-9GWXUC9YA\Owner
Computer: YUJGH-9GWXUC9YA
Description:
Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x16A6B)
Privileges: SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege


Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 576
Date: 11/11/2009
Time: 5:17:48 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: YUJGH-9GWXUC9YA
Description:
Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

AFTER:

Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 11/11/2009
Time: 8:12:13 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: YUJGH-9GWXUC9YA
Description:
IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

If any of this means anything please let me know. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users