Windows Crashed Big Time

[Guest]

I don't inow what the problem was initially...perhaps a trojan of something
of the kind, so I took advice from many & reinstalled Windows (Home...from
original OME disc).

After doing that successfully, I installed sp1, then sp1. All went well.
When I had reconnected to the net & went to the MS Update page, there were 27
priority updates. I downloaded all in the normal update fashion (via the
update page) then installation began. As the installation was going, the
pute restarted...showing the following once it initially shut down.

On a blue screen, I saw;

Stop; c0000269 (Illegal system DLL relocation). The system DLL USER32.DLL
was relocated in memory. Tha application will not run properly. The
relocation occurred because the DLL C:\windows\system32\NTDLL.DLL occupied an
address range reserved for windows system DLL's. The vendor supplying the
DLL should %%

And that's all I saw. System wouldn't restart at all. Just constantly
showed that same message. By this time I was so fed up with all the hassles
from the earlier trojan or whatever it was...that I just reformatted the
partition & started again. Reinstalled everything up to sp1 (did not install
sp2 this time) & all seems to be working fine. I have heaps of updates
wanting to come in - but I an concerned about going any further. I dont'want
to have to reformat & do it all again a few times over.

Any ideas?

 

[John]

Just a guess, but you might try going into Safe Mode with Networking
Support and doing the updates from there.

- John

 

[Guest]

Just a guess, but you might try going into Safe Mode with Networking
Support and doing the updates from there.

- John

A reply to this above suggested I go into safe mode & try doing the security
updates from there. Noted - but as I said, I'm now running with only
sp1...not sp2 (whereas the original problem arose with sp2 installed). The
writer said his theory was "just a guess".

I can not take great notice of this suggestion because there was no mention
of why the event occurred in the first place (I mean, is it common for
others?) & there was no mention regarding which sp version to have
installed...which has me feeling the suggested solution is a little vague.
Not enough detail. Why go to safe mode & install updates from there? What's
the result?

 

[Wesley Vogel]

Bad idea. Firewall and antivirus probably do *not* run in Safe Mode
w/networking.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Thanks for that input Wesley Vogel...I never thought about that. Shows how
much I know, ey?

 

[Wesley Vogel]

I actually tried this a while back and made the following notes that I
haven't cleaned up.

XP Pro SP1. Pulled the plug on the cable modem. Rebooted and started in
Safe Mode w/Networking.

ZoneAlarm (ver: 3.7.211.0) didn't start.

I Started zonealarm.exe.

I tried to start TrueVector Internet Monitor (vsmon.exe)...

Error message...
[[Could not start the TrueVector Internet Monitor service on the Local
Computer.
Error 1068: The dependency service or group failed to start.]]

The TrueVector Internet Monitor service depends on:
AFD Networking Support Environment (Afd.sys) *
Remote Procedure Call (RPC)
vsdatant (vsdatant.sys = TrueVector Device Driver)*

*Device Manager | View | Show hidden devices | Non-Plug and Play Drivers |
AFD Networking Support Environment. I also found vsdatant.sys in Non-Plug
and Play Drivers.

Actually Task Manager showed that vsmon.exe was running. ZoneAlarm Control
Center showed, "System Error: Please Reboot."
-----

AVG7 didn't start.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 1/30/2005
Time: 8:46:43 AM
User: N/A
Computer: MYPENTIUM450
Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core (avg7core.sys = AVG Scanning Engine or AVG7 Kernel)**
Avg7RsW (avg7rsw.sys = AVG Resident Shield Unload Helper or AVG7 Wrap
Driver)**
Avg7RsXP (avg7rsxp.sys = AVG Resident Anti-Virus Shield or AVG7 Rezident
Driver)**
BANTExt (BANTExt.sys = ????)***
Fips (fips.sys = FIPS Crypto Driver, Microsoft)**
-----

**While in the Device Manager | Non-Plug and Play Drivers, I happened to
find AVG7 Kernel, AVG7 Rezident Driver, AVG7 Wrap Driver and Fips . I also
found AVG6 Kernel & AVG6 Rezident Driver in the Device Manager. I
uninstalled both of those.

***I have no idea what this is. Actually, I have two of these.
C:\Program Files\Belarc\Advisor\System\BANTExt.sys (Belarc SMBios
Access????)
and
C:\WINDOWS\system32\drivers\BANTExt.sys
They appear to be the same file.

I Started AVG Alert Manager (avgamsvr.exe) it ran for a few seconds and
disappeared. Started AVG Control Center (avgcc.exe) and it ran, but it
reported that AVG Resident Shield (avg7rsxp.sys) did not load.

Event Type: Error
Event Source: AVG7
Event Category: Error
Event ID: 100
Date: 1/30/2005
Time: 9:03:02 AM
User: MYPENTIUM450\Wesley P. Vogel
Computer: MYPENTIUM450
Description:
2005-01-30 16:03:02,445 MYPENTIUM450 [000856:001016] ERROR 000 AVG7.AM
service module run failed: Error 0x80004015
-----

I have no idea if AFD Networking Support Environment, vsdatant, AVG7 Kernel,
AVG7 Rezident Driver, AVG7 Wrap Driver and Fips can even be started manually
in Safe Mode. I never rebooted into Safe Mode to try.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Glen]

If you can, make an image of the disc as it is now. Norton Ghost or Acronis
True Image are two very good products. This will let you restore the drive
if you get the same fault again. You can then fault find without fear of
having to reinstall Windows if it all goes pear shape.

Glen

 

[cquirke (MVP Windows shell/user)]

That's one of many troubles with "just re-install". When this doesn't
fix the problem, as is often the case, you've not only learned nothing
about what the problem was, but have destroyed your best source of
information about that problem (the original installation).

See http://cquirke.mvps.org/reinst.htm

Is that a typo, or do you mean SP1 and then SP2? Or is it XP SP1 and
then IE 6 SP1 or something like that?

FYI, it's not necessary to install XP SP1 before XP SP2. You can
install SP2 directly over original XP, and it will do everything
needed. But if your HD is > 137G and your original OS is the original
XP, then you should slipstream at least SP1 into the file set before
you do the initial install; the original XP is unsafe > 137G.

Interesting this applies to code files loaded after the initial
NTOSKrnl etc. This smells like the sort of issue I mentioned earlier;
the initial part of the OS load may lack support for "large" HDs, and
require needed files to be on the right side of that capacity barrier.
Events that shift files around within the address space - including
patching that replaces them - can break this requirement.

When installing the OS onto a bare drive, it is unlikely for any of
the files to be located beyond this capacity horizon. But then "just"
re-installing and then patching up an existing installation, the risk
is greater that some files will be over the horizon.

If HD is > 137G, SP1 will work, but is prone to data corruption
because some particular contexts don't support > 137G - e.g. when the
system does a memory dump after a crash, that code isn't 137G+OK.

For this reason, as well as the more familiar safety/security
concerns, I'd favor SP2 over SP1 if it is at all possible.

As above. Make sure your firewall is enabled! Because you have no
idea whether your previous installation was malware'd or not, you have
no idea whether your current installation process is open to similar
malware attack - so make sure your defenses are good.

I'd also step back and check for hardware defects at this point.