Blue Screens and Constant App Hangs...

[ulTRAX]

After three tedious months of Vista I've come to regard it as worst than ME.
The constant app hangs and blue screens are infuriating... that atop the
program incompatibilities and some poorly thought out new features like the
new Explorer and Search... not to mention UAC. Few programs seem to work
right, not even MSN's own browser/mail client. It takes forever to open mail,
that's when it decides to show my inbox... and often takes up 50% of CPU
resources on a dual core PC.

But perchance Vista is not another piece of MS kludge but merely has become
corrupted and needs to be reinstalled. So here's a few typical app hang
reports. Regardless of the program, the vast majority of app hang reports
have the same Locale... ID:1033

Can anyone make sense of it? Thanks

1-30: MSN CRASH GOING TO INBOX
Description:
A problem caused this program to stop interacting with Windows.

Problem signature:
Problem Event Name: AppHangB1
Application Name: msn.exe
Application Version: 9.50.39.1900
Application Timestamp: 45ff946c
Hang Signature: 762a
Hang Type: 2
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Hang Signature 1: 791d833e67eae2b029b217accf0cf841
Additional Hang Signature 2: 4a92
Additional Hang Signature 3: 262be82814a4a10d2e5d32c636661bc5
Additional Hang Signature 4: 563d
Additional Hang Signature 5: f67e887532d8f256a386448cef41e0f3
Additional Hang Signature 6: 11bc
Additional Hang Signature 7: ed8e6401be336147510d64d1413a33a1


2-5: BLUE SCREEN FROM TYPING ADDRESS IN AVANT BROWSER

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 4a
BCP1: 8218EE63
BCP2: 80000002
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1



2-12: WINAVI CRASHES WHILE PROCESSING A FILE
Problem signature:
Problem Event Name: AppHangB1
Application Name: WinAVI.exe
Application Version: 0.0.0.0
Application Timestamp: 46429082
Hang Signature: cc48
Hang Type: 1
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Hang Signature 1: 03bc14ffb0c99d747abe39c27b3ecef4
Additional Hang Signature 2: 5656
Additional Hang Signature 3: 813da360af196b663ab33c729d982b2d
Additional Hang Signature 4: cc48
Additional Hang Signature 5: 03bc14ffb0c99d747abe39c27b3ecef4
Additional Hang Signature 6: 5656
Additional Hang Signature 7: 813da360af196b663ab33c729d982b2d

 

[Previously Tiberius]

Service pack release is in just a couple of weeks

many people already have the final version installed, like me.. hehe

this fixes lots of the vista crappy problems... so either wait or try to
find the final version of SP1 thats floating around the internet (be careful
though of FAKES and RC (prereleases))

 

[R. C. White]

Hi, ulTRAX.

Well, I can't help with most of it, but...

• Locale ID

The locale ID is specified on the Regional Settings page, and affects how
numbers, calendars, sorting, and time are displayed in the site. For
example, if you have a U.S. English language site (language ID 1033), and
you change the locale ID to French (Canada) (locale ID 3084), the Events
list and Calendar views reflect the French notations for dates, numbers,
time, and so on.
From
http://technet2.microsoft.com/windo...33bd-416a-affe-001b8d1363ad1033.mspx?mfr=true

Didn't take long to find that with Google: locale 1033

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP
(Running Windows Live Mail 2008 in Vista Ultimate x64 SP1)

 

[AlexB]

After 6 months with Vista on 4 machines now I have come to regard it as
much, much superior to XP. I am running high intensity applications with
Graphics and constant downloads not to mention a lot of number crunching. I
am also doing a lot of development.

Why is that it works so well for millions? I mean just if you go thru some
of the posts, people give rave reviews.

Could it be malware that has infected your computer? Why don't you try this.

Also try to run it in safe mode with Internet. In case if delousing won't
help you can do a simple thing: Boot it to safe mode and leave it overnight.
Vista will talk to teh server and there is a non-zero chance it will fix
itself.

Now, this is the malware removal recommendations:

My policy is not to use any 3-rd party anti-malware except Spybot S&D.
Windows Vista offers sufficient protection against malicious software
writers some of them I am sure watch this forum very carefully.

Download Microsoft Windows Baseline Security Analyzer. It is Beta 2.1 for
Vista and I think it is safe to download. Run it.

<http://www.microsoft.com/downloads/...AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en>

It will give you all your vulnerabilities, especially in your firewall
settings. You should read the report and if it suggests any changes, you
should consider them.
Your Windows firewall setting will be analyzed.

Download Microsoft® Windows® Malicious Software Removal Tool (KB890830). It
will want to run upon install. Choose the FULL scan although it may give you
a threatening message that it might take a few hours. It will scan your
entire computer in about half an hour or less if you do not have a lot of
stuff in it.

<http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en>

Some reassuring information: Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/default.mspx>
The Microsoft Windows Malicious Software Removal Tool helps remove specific,
prevalent malicious software from computers that are running Windows Vista,
Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/?kbid=890830

You can also go to Protection Center (Microsoft)
<http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt>
and click "Protection Scan." There will be a dropdown menu and a button:
"Launch Full Scan or Vista." You can do it if you wish.

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be asked
for donations but it is up to you. It is very up to date and every week you
will have to download new updates, sometimes even more often. You should
check for updates every time you run it. It will give you all su*kers
leached into your registry and ask you if you wanted to remove them. Many of
them have masqueraded themselves under MS Windows names like
Windows.something. Do not hesitate to kill them all. You can trust SB S&D.

http://www.spybot.info/en/index.html

It also allows you to IMMUNIZE your system. It means that when you go to a
website and they try to download some kind of a Trojan to you SB S&D will
either kill it silently, or ask you if you want to do it or will kill it and
give you a notice. It is better to let it kill them all in silence.

Listen to Mark Russinovich's (MS) webcast: Advanced Malware Cleaning

<http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359>

Downloading any 3-rd party "free" anti-spyware program is an invitation for
disaster.

The AV (antivirus industry) is on the way to the cemetery:
The slow death of AV technology:
http://www.theregister.co.uk/2007/06/08/death_of_av/
Vista did it in.

Last note: it has been suggested around here by some unscrupulous trolls
that the Microsoft Malicious Software Removal Tool (MSRT) and SB S&D do not
clean the registry. MSRT and SB S&D work on different principles. MSRT in
full mode reads RAM memory and detects patterns in the files that match
known viruses and other malware configuraions. This is why it takes so long
to run. If malicious code is detected it is also quite likely that it has a
representation in the registry. The only way to remove a particular piece of
malware is to CLEAN the registry off of this key.

SB S&D works by going thru the registry and locating known names that match
its database of malicious software. After all culprits are found the user is
asked if he/she want to remove the malicious software. If you say OK, then
the registry IS CLEANED of this set of malicious execs. The execs themselves
are killed in the respective folders.

In this sense both tools do CLEAN the registry. They do not do any
"housekeeping" which is absolutely superfluous and unnecessary. It is NOT
recommended by MS and most of the experienced users as well.

 

[zachd [MSFT]]

Are you having any crashes/hangs with in-box Windows components? The three
references below are all add-ons to Vista. They're potentially interesting,
but I'm wondering if there's Vista-specific issues that it might be possible
to help you with.

I'll take a quick gander at these tomorrow, so if you have chance to pipe up
with a Vista-specific issue before then, that'll potentially get added to
the research queue too. =)

The Avant Browser causing a blue screen is probably the most suspect here.
A browser shouldn't be doing that. Alex's idea about a possible malware
infestation sounds pretty plausible to me.

Cheers,
-Zach

 

[ulTRAX]

Thanks for the response AlexB... but the system is clean right down to
checking for rootkits. The new PC, which I bought in Nov, has always been
buggy. Leaving aside the matter of the app hangs and blue screens, many
programs just won't shut down in task manager. It takes a reboot. However
some programs such as Photoshop run well with no problems. So it could be
that your programs happen to fall into that latter category while many of
mine don't.

I'd really hate to think MS rushed Vista to market but in my opinion it's
acting more like a beta release than a market ready one. But I'm not ignoring
the possibility that Vista has become corrupted which is why I was hoping to
get some insight into the crash reports I posted.

visit my blog at http://reinventing-america.blogspot.com

 

[ulTRAX]

Are you having any crashes/hangs with in-box Windows components? The three
references below are all add-ons to Vista. They're potentially interesting,
but I'm wondering if there's Vista-specific issues that it might be possible
to help you with.

By in-box are you referring to things like Explorer and WMP? Explorer
crashes at least once or twice a day from simple tasks like moving/renaming
files. WMP blue screened just from trying to go to full screen. From my crash
report collection:

2-09: BLUE SCREEN TRYING TO MAKE WMP GO TO FULL SCREEN
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 4a
BCP1: 8218EE63
BCP2: 80000002
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

I'll take a quick gander at these tomorrow, so if you have chance to pipe up
with a Vista-specific issue before then, that'll potentially get added to
the research queue too. =)

Any suggestions are welcome.


visit my blog at http://reinventing-america.blogspot.com/

 

[zachd [MSFT]]

The blue screens are markedly less interesting because that's pretty much
guaranteed to a rather serious problem. You're either looking at hardware
failure, driver failure, or serious malware. I'll check it out.

Actual crashes (not blue screens) would be absolutely the most interesting
here - do you have data on those? The Explorer crashes sound very
interesting.

Thanks for the data so far, I'll check it out shortly. =)

-Zach
--
Speaking for myself only.
See http://zachd.com/pss/pss.html for some helpful WMP info.
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[zachd [MSFT]]

Yeah, bccode (bluescreen crash code) 0x4a represents a call returning to
usermode with a bad interrupt request level (IRQL - the returned value (BCP
parameter 2 below) is higher than PASSIVE_LEVEL (0) ).

This is most definitely not a crash in the player's code. This would
typically be caused by a bogus driver.

You can potentially use a kernel debugger to get the stack if you actually
were trying to debug this, but I can't imagine that's of interest. You
probably simply want to isolate out which driver is bad. Since you said it
was caused by the player going to full screen, that to me would set the
target driver of interest to likely be the video card driver.

What video card are you using? What video card driver version do you have?

 

[zachd [MSFT]]

The MSN crash isn't a full AppHangB1 problem report, is it? That's missing
several important data elements for that problem event type. Did you Check
for Solutions in the Problem Reports and Solutions center control panel?
That will usually hook you up with a problem bucket number, which can be
illuminative.

The Avant Browser bluesceen is the same 0x4a "Bad IRQL return from driver"
crash I detailed in my other response just now.

The same incomplete data set is a problem with the WinAVI hang. A AppHangB1
problem event should also have a stack hash, which is critical for diagnosis
of hangs.

So so far I'm pretty certain you've either got a bogus or broken driver, or
bad hardware. A really good local computer shop could likely sort this out
using a kernel debugger if figuring out which driver/hardware is broken is
beyond you.

 

[zachd [MSFT]]

Following up to Mr. Bonehead (myself) here... Sorry, my bad on the hang
events - I forgot that Hang Signature is the fancy name for stack hash.

The WinAVI hang is in completely non-Microsoft code(?), no idea what it's
doing there. It's probably just suffering from your existing system issue.

The MSN hang is a hang waiting on a data copy in memory. Potentially you've
got faulty memory on this system... ?

I'd suspect that sorting out the 4a blue screen might also solve this issue
too.

Right now this collection of issues does seem to be hardware or
driver-based. That's frustrating to me since there's not too much MS can do
to work around those failures. Anyways, hopefully the 4a issue isn't that
hard to suss out, and if you have crashes directly in MS, those should
hopefully be easier to sort out. =\

 

[AlexB]

I checked your blog. Sorry, you won't find me sympathetic. I am a hard core
Republican without a religious bend.

A member of my family spent a year in Iraq. He is a fairly high ranking
officer in the US Armed Forces.

Your blog su*cks. You are playing into terrorists hands. Who wants us out of
Iraq? Osama bin Laden. You are one of his associates.

 

[AlexB]

It seems I cannot see some of the posts in this thread. It appears you are
responding to some meaningful info.

Has he posted actual event log error messages?

 

[thetruthhurts]

Welcome to Vista...yee ha

 

[NoStop]

I checked your blog. Sorry, you won't find me sympathetic. I am a hard
core Republican without a religious bend.

A member of my family spent a year in Iraq. He is a fairly high ranking
officer in the US Armed Forces.

Your blog su*cks. You are playing into terrorists hands. Who wants us out
of Iraq? Osama bin Laden. You are one of his associates.

Wrong again AlexB. If anyone wants the US in Iraq it's bin Laden. It helps
him build his organization tremendously and gives them a training ground.
You Republicans are such idiots.

Cheers.

PS. ulTRAX, great blog. Thanks!


--
Frank's Brain Activity Plotted (watch the red line):
http://i68.photobucket.com/albums/i4/Astronomy2/PreformanceMonitor.jpg

How a Windows Firewall protects your computer:
http://tinyurl.com/2z9qdn

AlexB (another Vista expert): "I ruined at least 5 or 6 installations of
Vista
before I realized what was going on."

 

[zachd [MSFT]]

Yep, I included that in my responses at the bottom. Answer at top for quick
consumption, relevant context on bottom for reference. =)

If you have trouble reading it, http://deja.com should also have archives
available so you can check the original post. =)

 

[AlexB]

It is a great blog for terrorists and America haters.

"Hate America first," is a fair characteristic of yours.

 

[AlexB]

Thank you very much.

Yep, I included that in my responses at the bottom. Answer at top for
quick consumption, relevant context on bottom for reference. =)

If you have trouble reading it, http://deja.com should also have archives
available so you can check the original post. =)

--
Speaking for myself only.
See http://zachd.com/pss/pss.html for some helpful WMP info.
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[NoStop]

It is a great blog for terrorists and America haters.

"Hate America first," is a fair characteristic of yours.

Quick, put your tinfoil hat back on! The commies might be zapping you from
the space station.

Cheers.

--
Frank's Brain Activity Plotted (watch the red line):
http://i68.photobucket.com/albums/i4/Astronomy2/PreformanceMonitor.jpg

How a Windows Firewall protects your computer:
http://tinyurl.com/2z9qdn

AlexB (another Vista expert): "I ruined at least 5 or 6 installations of
Vista
before I realized what was going on."

 

[ulTRAX]

I'm not going to debate politics here even though it should be obvious to all
but the flag wavers that Bush allowed Bin Laden to escape, provided time for
Al Quida to regroup, has damaged US security by bogging us down in a needless
war, and inspired a new generation of terrorists. None the less, thanks for
the technical help!