Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent BOSD, MSE failes, Update fails, and browser crash


  • Please log in to reply
7 replies to this topic

#1 chris_in_cal

chris_in_cal

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 05:14 PM

I have Windows XP Home Edition, w/ SP3

I do not have any install discs, but I just burned the rescue disc as mentioned in the malware forum.

I can't identify "what happened" the machine ran flawless for a few months, and ten days
ago it got borked.

Over the last ten days: A defrag failed, There have been a bunch of different BSOD with various
error codes, MS Updates gave a "there is a file missing to do updates" message, MSE
repeatedly crashed and failed to update with "connection failed" message, there were "app error"
messages with MSE, Firefox began crashing regularly, I ran speccy an app that reports system
configuration and it began reporting back something like "class not available" mmm that's about it.

These have all been intermittent, I'm currently logged on typing this....waiting for the next occurrence.

I tried sfc /scannow, but it asked for a install disc, which I don't have. Now that I've
burned the rescue I'm think I might be able to run it now.

I ran chkdsk /r and it reported finding and fixing two errors.

I guess, I'll wait until the next specific symptom occurs and write the specific information
here. Other than that please advise me what steps I can take, or what info I should
report back here, to make a diagnosis happen.

Thanks

Edited by hamluis, 24 September 2010 - 07:51 PM.
Moved from XP to Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 05:18 PM

speccy just worked and it reported:

Operating System
MS Windows XP Home 32-bit SP3

CPU
Intel Pentium 4 520
Prescott 90nm Technology

RAM
1.0GB Dual-Channel DDR2 @ 199MHz 3-3-3-8

Motherboard
Dell Inc. 0M3918 (Microprocessor)

Graphics
HP w19b/w19e @ 1440x900
Intel® 82915G/GV/910GL Express Chipset Family
Intel® 82915G/GV/910GL Express Chipset Family

Hard Drives
244.20GB Seagate ST3250310AS (SATA) 123 °F

Optical Drives
TSSTcorp CDRW/DVD TSH492B

Audio
SoundMAX Integrated Digital Audio

#3 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 06:15 PM

The tool : sfc /scannow

Did not work with the bootable rescue disc I burned. I didn't think it would, but
I gave it a try.

I don't believe I have my complete i386 folder anywhere on this machine.

There are several i386 folders, most of them are empty except for
one or two files. One i386 folder, under a service pack directory is
populated a bit more, but I believe it is still not the full i386

#4 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 08:30 PM

Hmm, after about ten days of struggle I think I may have tweaked it the right way.
Since I posted the only thing I've done is download the recovery disc and burn
a copy.

I rebooted to the recovery disc and ran chkscn \r, it took an hour or so but
ran and said it fixed two errors.

Since then Nothing has crashed and I've been able to bring MSE current
and run a scan, and afterward re-boot. It worked. I haven't had
it work for several days now. Apparently it is fixed for now.

#5 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 09:10 PM

Okay, symptoms are back.

Upon reboot, MSE starts in my toolbar as red "not up to date" then switches to a "downloading" icon.
Then it goes back to read. Opening MSE there is the message

"Virus & spyware definition status - connection failed"

I have net connectivity, and MSE was green and uploading and I ran a scan
just prior to reboot.

What makes "connection failed?"

#6 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 09:17 PM

Great timing,

I hit "add reply" from my last post and I crashed and got a BSOD.

My BSOD had:

PAGE_FAULT_IN_NONPAGED_AREA

later

*** STOP: 0x00000050 (0xA29BB590, 0x000000000, 0x804F4B2A, 0x00000000)

#7 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 September 2010 - 09:41 PM

MSE kicked up two error boxes.

The top one says:
-------------------------
MsMpEng.exe application error
The instruction at "0x5a25ef6f" referenced memory at "0xffffffff". The memory cound not be "read"
-------------------------


The second one underneath it says:
---------------------------------------
AntiMalware Service Executable
AntiMalware Service Executable has encounterd a
problem and needs to close. We are sorry....

For more info about this error click here.
--------------------



After clicking for error information it has:
---------------------------------
Error signature
szAppName:MsMpEng.exe szAppVer 2.1.6805.0 szModName:mpengine.dll
szModVer 1.1.6201.0 offset 0015ef6f

To view technical information......click here
------------------------------------------


After clicking for "technical information"
---------------------------------------
The following files will be included in this error report
C:\DOCUME~1\Dell\LOCALS~1\Temp\WER8aa8.dir00\MsMpEng.exe.mdmp
C:\DOCUME~1\Dell\LOCALS~1\Temp\WER8aa8.dir00\appcompat.txt
---------------------------------------


After all that failing and errors, the MSE icon on my toolbar is green ie.working

#8 chris_in_cal

chris_in_cal
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 25 September 2010 - 01:07 AM

Next error message upon reboot:

------------------------------------------
Generic Host Process for Win32 Services

Generic Host Process for Win32 Services has encountered a
Problem and needs to close. We are sorry for the ....

For more information about this error click here
------------------------------------------------

After "click here"
------------------------------
Error signature
szAppName svchost.exe szAppVer 5.1.2600.5512 szModName:msi.dll
szModVer 4.5.6001.22159 offset:00117177

To view technical information......click here
--------------------------------------------------

After "click here"
------------------------------------
Error Report Content
The follinw titles will be included in this error report
C:\DOCUME~1\Dell\LOCALS~1\Temp\WER7cd9.dir00\svchost.exe.mdmp
C:\DOCUME~1\Dell\LOCALS~1\Temp\WER7cd9.dir00\appcompat.txt
-------------------------------------------------------------------------

Here are the two files svchost.exe.mdmp, and appcompat.txt
---------------------------------------------------
Oops, apparently svchost.exe.mdmp is a binary, I don't know how to
view it properly
------------------------------

Here is appcompat.txt
---------------------------
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="617472" CHECKSUM="0xA0887D0D" BIN_FILE_VERSION="5.1.2600.5755" BIN_PRODUCT_VERSION="5.1.2600.5755" PRODUCT_VERSION="5.1.2600.5755" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA5BB8" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5755" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5755" LINK_DATE="02/09/2009 12:10:48" UPTO_LINK_DATE="02/09/2009 12:10:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="286720" CHECKSUM="0x98314A3F" BIN_FILE_VERSION="5.1.2600.5698" BIN_PRODUCT_VERSION="5.1.2600.5698" PRODUCT_VERSION="5.1.2600.5698" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4CE95" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5698" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5698" LINK_DATE="10/23/2008 12:36:14" UPTO_LINK_DATE="10/23/2008 12:36:14" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="714752" CHECKSUM="0xC695BA95" BIN_FILE_VERSION="5.1.2600.5755" BIN_PRODUCT_VERSION="5.1.2600.5755" PRODUCT_VERSION="5.1.2600.5755" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xBC674" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5755" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5755" LINK_DATE="02/09/2009 12:10:48" UPTO_LINK_DATE="02/09/2009 12:10:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1287168" CHECKSUM="0xB764FEEA" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2108)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x14744B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:10:57" UPTO_LINK_DATE="04/14/2008 00:10:57" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="551936" CHECKSUM="0xE8E0E87" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.5512" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8D4E3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:10:58" UPTO_LINK_DATE="04/14/2008 00:10:58" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8462336" CHECKSUM="0xFF3C2DF9" BIN_FILE_VERSION="6.0.2900.6018" BIN_PRODUCT_VERSION="6.0.2900.6018" PRODUCT_VERSION="6.00.2900.6018" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.6018 (xpsp_sp3_gdr.100726-1746)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x813ADA" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.6018" UPTO_BIN_PRODUCT_VERSION="6.0.2900.6018" LINK_DATE="07/27/2010 06:30:34" UPTO_LINK_DATE="07/27/2010 06:30:34" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="578560" CHECKSUM="0x6280E825" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8FC76" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:07" UPTO_LINK_DATE="04/14/2008 00:11:07" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="916480" CHECKSUM="0x4EE7F213" BIN_FILE_VERSION="8.0.6001.18939" BIN_PRODUCT_VERSION="8.0.6001.18939" PRODUCT_VERSION="8.00.6001.18939" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xEF2E9" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="8.0.6001.18939" UPTO_BIN_PRODUCT_VERSION="8.0.6001.18939" LINK_DATE="06/24/2010 12:22:02" UPTO_LINK_DATE="06/24/2010 12:22:02" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
---------------------------------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users