Jump to content

How to use verifier?

Guest Gary Roach

By Guest Gary Roach
in Windows XP

 Share

Recommended Posts

Guest Gary Roach

Guest Gary Roach

Posted
Posted

I'm debugging a machine running XP Pro SP2. It gives a blue screen

occasionally with a c5 stop error. It seems I'm supposed to run the driver

verifier utility to deal with this. I don't know which drivers to monitor

and monitoring them all slows the system down so much that it's unusable.

I've analyzed the minidump from the crash (output included afterwards) and

it tells me the problem is in Internet Explorer. Which drivers should I

monitor? Thanks for any help.

 

--

Gary Roach

ADB Services

 

 

--------------------------------------- Minidump

Output --------------------------------------

 

 

Microsoft ® Windows Debugger Version 6.6.0007.5

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [p:\Mini062308-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is: c:\windows\i386

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86

compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_qfe.070227-2300

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700

Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)

System Uptime: 2 days 7:32:40.075

Loading Kernel Symbols

................................................................................................................................

Loading User Symbols

Loading unloaded module list

.....................

ERROR: FindPlugIns 8007007b

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 100000C5, {0, 2, 1, 8054a10d}

 

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )

 

Followup: Pool_corruption

---------

 

1: kd> !analyze -v

ERROR: FindPlugIns 8007007b

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

DRIVER_CORRUPTED_EXPOOL (c5)

An attempt was made to access a pageable (or completely invalid) address at

an

interrupt request level (IRQL) that is too high. This is

caused by drivers that have corrupted the system pool. Run the driver

verifier against any new (or suspect) drivers, and if that doesn't turn up

the culprit, then use gflags to enable special pool.

Arguments:

Arg1: 00000000, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: 8054a10d, address which referenced memory

 

Debugging Details:

------------------

 

 

BUGCHECK_STR: 0xC5_2

 

CURRENT_IRQL: 2

 

FAULTING_IP:

nt!ExDeferredFreePool+107

8054a10d 893b mov dword ptr [ebx],edi

 

CUSTOMER_CRASH_COUNT: 1

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

PROCESS_NAME: iexplore.exe

 

LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d

 

STACK_TEXT:

b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107

b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f

b953fd48 805409ac 00000005 0221fedc 00000001

nt!NtWaitForMultipleObjects+0x2f5

b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc

WARNING: Frame IP not in any known module. Following frames may be wrong.

0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!ExDeferredFreePool+107

8054a10d 893b mov dword ptr [ebx],edi

 

SYMBOL_STACK_INDEX: 0

 

FOLLOWUP_NAME: Pool_corruption

 

IMAGE_NAME: Pool_Corruption

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

SYMBOL_NAME: nt!ExDeferredFreePool+107

 

MODULE_NAME: Pool_Corruption

 

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

 

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

 

Followup: Pool_corruption

---------

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest nass

Guest nass

Posted
Posted

RE: How to use verifier?

 

 

 

"Gary Roach" wrote:

> I'm debugging a machine running XP Pro SP2. It gives a blue screen

> occasionally with a c5 stop error. It seems I'm supposed to run the driver

> verifier utility to deal with this. I don't know which drivers to monitor

> and monitoring them all slows the system down so much that it's unusable.

> I've analyzed the minidump from the crash (output included afterwards) and

> it tells me the problem is in Internet Explorer. Which drivers should I

> monitor? Thanks for any help.

>

> --

> Gary Roach

> ADB Services

>

>

> --------------------------------------- Minidump

> Output --------------------------------------

>

>

> Microsoft ® Windows Debugger Version 6.6.0007.5

> Copyright © Microsoft Corporation. All rights reserved.

>

>

> Loading Dump File [p:\Mini062308-01.dmp]

> Mini Kernel Dump File: Only registers and stack trace are available

>

> Symbol search path is:

> srv*c:\symbols*http://msdl.microsoft.com/download/symbols

> Executable search path is: c:\windows\i386

> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86

> compatible

> Product: WinNt, suite: TerminalServer SingleUserTS

> Built by: 2600.xpsp_sp2_qfe.070227-2300

> Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700

> Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)

> System Uptime: 2 days 7:32:40.075

> Loading Kernel Symbols

> ................................................................................................................................

> Loading User Symbols

> Loading unloaded module list

> .....................

> ERROR: FindPlugIns 8007007b

> *******************************************************************************

> *

> *

> * Bugcheck Analysis

> *

> *

> *

> *******************************************************************************

>

> Use !analyze -v to get detailed debugging information.

>

> BugCheck 100000C5, {0, 2, 1, 8054a10d}

>

> Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )

>

> Followup: Pool_corruption

> ---------

>

> 1: kd> !analyze -v

> ERROR: FindPlugIns 8007007b

> *******************************************************************************

> *

> *

> * Bugcheck Analysis

> *

> *

> *

> *******************************************************************************

>

> DRIVER_CORRUPTED_EXPOOL (c5)

> An attempt was made to access a pageable (or completely invalid) address at

> an

> interrupt request level (IRQL) that is too high. This is

> caused by drivers that have corrupted the system pool. Run the driver

> verifier against any new (or suspect) drivers, and if that doesn't turn up

> the culprit, then use gflags to enable special pool.

> Arguments:

> Arg1: 00000000, memory referenced

> Arg2: 00000002, IRQL

> Arg3: 00000001, value 0 = read operation, 1 = write operation

> Arg4: 8054a10d, address which referenced memory

>

> Debugging Details:

> ------------------

>

>

> BUGCHECK_STR: 0xC5_2

>

> CURRENT_IRQL: 2

>

> FAULTING_IP:

> nt!ExDeferredFreePool+107

> 8054a10d 893b mov dword ptr [ebx],edi

>

> CUSTOMER_CRASH_COUNT: 1

>

> DEFAULT_BUCKET_ID: DRIVER_FAULT

>

> PROCESS_NAME: iexplore.exe

>

> LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d

>

> STACK_TEXT:

> b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107

> b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f

> b953fd48 805409ac 00000005 0221fedc 00000001

> nt!NtWaitForMultipleObjects+0x2f5

> b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc

> WARNING: Frame IP not in any known module. Following frames may be wrong.

> 0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94

>

>

> STACK_COMMAND: kb

>

> FOLLOWUP_IP:

> nt!ExDeferredFreePool+107

> 8054a10d 893b mov dword ptr [ebx],edi

>

> SYMBOL_STACK_INDEX: 0

>

> FOLLOWUP_NAME: Pool_corruption

>

> IMAGE_NAME: Pool_Corruption

>

> DEBUG_FLR_IMAGE_TIMESTAMP: 0

>

> SYMBOL_NAME: nt!ExDeferredFreePool+107

>

> MODULE_NAME: Pool_Corruption

>

> FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

>

> BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

>

> Followup: Pool_corruption

> ---------

 

As the eroor mentioning that a plug-ins not loading and you need to know

which plug in?

What your motherboard make and model?

 

Dopes the machine get overheated?

Try to test the memory by using this tool:

 

You may have a bad RAM try to test your RAM by running Memtest by

downloading this tool and unzip it and make a floppy or CD/DVD and run it on

Reboot.

http://www.memtest86.com/

You may need to reposition/reset the RAM sticks in their slots.

 

Try to use the Verifier.exe command to see which Drivers not Verified on

your system:

How to Use Driver Verifier to Troubleshoot Windows Drivers

http://support.microsoft.com/kb/244617/en-us

 

 

Stop error message in Windows XP that you may receive: "0x0000009C

(0x00000004, 0x00000000, 0xb2000000, 0x00020151)"

http://support.microsoft.com/?kbid=329284

 

 

Unexplained computer behaviour may be caused by deceptive software

http://support.microsoft.com/kb/827315

 

Go through these Cleaning steps:

1... First, try to clean up your caches, Internet files and delete cookies

by doing this:

Click Start >> Control Panel >> Double click Network and Internet

Connections >> Double click Internet Options.

On the IE properties windows you will see these Tabs:

General | Security | Privacy | Content | Connections | Programs |

Advanced

Under General Tab clear your History, Internet Files and Cookies.

Then click on Advanced tab and scroll down to under the Browsing Option:

[&] Browsing

[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.

Then click on Programs Tab and click Manage Add-Ons and Disable all non

Verified Add-Ons (You should Renable them later one-by-one and see the

culprit and update it or remove it.

How to manage Add-Ons:

http://support.microsoft.com/kb/883256

 

2.... And also for malware from here:

http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

http://onecare.live.com/standard/en-gb/default.htm

 

Run a scan from here on-line:

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Download Avast Cleaner from here:

http://www.avast.com/eng/avast-virus-cleaner.html

Lots of tools to download and disinfect your machine:

http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

http://free.grisoft.com/

 

=How to perform a clean boot procedure to prevent background programs from

interfering with a game or a program that you currently use

http://support.microsoft.com/kb/331796

 

 

Open a Notepad, customize or minimize to the taskbar as you will need it

later for this step to copy the error message on it.

Open a run command and type in:

eventvwr.msc click [OK] you will get the Event viewer control Panel.

click on each of these:

Application

System

Security

Look in the right Pane/window for error message with red (X) or Yellow

exclamation mark /!\ , double click each one to get more info about the

causer.

On the Event error properties message you will see:

Up Arrow

Down arrow

Two pages

Click on the two pages to copy the error message then bring up the Notepad

you opened earlier and right click on the first line and select Paste from

the list, this will paste the error message on a Notepad.

Please don't duplicate the error message one of each kind will be sufficient.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP

http://support.microsoft.com/kb/308427/en-us

 

Please we need just the error messages with Red (X) and don't repeat the

error, just one of each kind and post them back in your next post.

 

HTH.

nass

-------

http://www.nasstec.co.uk

Guest Gary Roach

Guest Gary Roach

Posted
Posted

Re: How to use verifier?

 

Thanks for the reply. I'm in the process of carrying out the tests. It's a

customer's machine at their site and I don't have much access to it. I'm

looking at getting some time on it do some of the scans like the memory and

spyware tests. They got another blue screen and I've included the minidump

output below. It happened in a driver called rp_skt32.sys which is created

by somebody called Radial Point. I haven't had a chance to determine what

software this comes with but it isn't listed in the unsiged drivers list of

the driver verifier program. I'll include the results of other scans when

I'm able to do them. Here's the latest minidump:

 

---------------------------------------------------------------------

 

 

Microsoft ® Windows Debugger Version 6.9.0003.113 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [k:\Mini062508-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is: c:\windows\i386

Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86

compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_qfe.070227-2300

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700

Debug session time: Tue Jun 24 20:03:42.312 2008 (GMT-4)

System Uptime: 1 days 7:22:30.052

Loading Kernel Symbols

................................................................................................................................

Loading User Symbols

Loading unloaded module list

...........................................

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck C2, {7, cd4, 2570001, 8654abf8}

 

Unable to load image rp_skt32.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for rp_skt32.sys

*** ERROR: Module load completed but symbols could not be loaded for

rp_skt32.sys

Probably caused by : rp_skt32.sys ( rp_skt32+4d2 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad

IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 00000cd4, (reserved)

Arg3: 02570001, Memory contents of the pool block

Arg4: 8654abf8, Address of the block of pool being deallocated

 

Debugging Details:

------------------

 

 

POOL_ADDRESS: 8654abf8

 

FREED_POOL_TAG: RSKT

 

BUGCHECK_STR: 0xc2_7_RSKT

 

CUSTOMER_CRASH_COUNT: 1

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

PROCESS_NAME: System

 

LAST_CONTROL_TRANSFER: from 8054a583 to 804f9f13

 

STACK_TEXT:

f7a6d8c0 8054a583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b

f7a6d910 f77524d2 8654abf8 00000000 f7a6d930 nt!ExFreePoolWithTag+0x2a3

WARNING: Stack unwind information not available. Following frames may be

wrong.

f7a6d920 f7753fb0 8654abf8 8654abf8 f7a6d944 rp_skt32+0x4d2

f7a6d930 f7754050 00000001 8661b1d8 f751ad09 rp_skt32+0x1fb0

f7a6d944 f7758c42 c0000120 00000000 858b5508 rp_skt32+0x2050

f7a6d97c f7757145 86345ef0 866abf28 854784cc rp_skt32+0x6c42

f7a6d990 f7756583 f7a6d9c8 866abf28 85478438 rp_skt32+0x5145

f7a6db74 f775a9a6 866abe70 866abf28 85478438 rp_skt32+0x4583

f7a6dbcc 804ef163 866abe00 85478438 85478438 rp_skt32+0x89a6

f7a6dbdc 805828e0 86345ed8 00000000 00000000 nt!IopfCallDriver+0x31

f7a6dc14 805ba023 00345ef0 00000000 86345ed8 nt!IopDeleteFile+0x132

f7a6dc30 80525aca 86345ef0 00000000 00000180 nt!ObpRemoveObjectRoutine+0xdf

f7a6dc48 805baef9 867c49c8 e1000e80 867c23c8 nt!ObfDereferenceObject+0x4c

f7a6dc60 805baf8f e1000e80 86345ef0 00000180

nt!ObpCloseHandleTableEntry+0x155

f7a6dca8 805bb0c7 00000180 00000000 00000000 nt!ObpCloseHandle+0x87

f7a6dcbc 805409ac 00000180 f7a6dd4c 804ff581 nt!NtClose+0x1d

f7a6dcbc 804ff581 00000180 f7a6dd4c 804ff581 nt!KiFastCallEntry+0xfc

f7a6dd38 f4a103b4 00000180 8668e8b8 867c23c8 nt!ZwClose+0x11

f7a6dd4c f49f7104 8668e8b8 84278de8 84278de8 netbt!NbtTdiCloseAddress+0x30

f7a6dd60 f49f4c34 00000000 8668e8b8 00000000

netbt!DelayedWipeOutLowerconn+0x2a

f7a6dd7c 80537aff 84278de8 00000000 867c23c8 netbt!NTExecuteWorker+0x18

f7a6ddac 805cea08 84278de8 00000000 00000000 nt!ExpWorkerThread+0xef

f7a6dddc 8054546e 80537a10 00000001 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

rp_skt32+4d2

f77524d2 ?? ???

 

SYMBOL_STACK_INDEX: 2

 

SYMBOL_NAME: rp_skt32+4d2

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: rp_skt32

 

IMAGE_NAME: rp_skt32.sys

 

DEBUG_FLR_IMAGE_TIMESTAMP: 45edb0ee

 

FAILURE_BUCKET_ID: 0xc2_7_RSKT_rp_skt32+4d2

 

BUCKET_ID: 0xc2_7_RSKT_rp_skt32+4d2

 

Followup: MachineOwner

---------

 

 

---------------------------------------------------------------------

 

"nass" <nass@discussions.microsoft.com> wrote in message

news:97AFF25A-2ADF-4DD2-BCE9-321C5BC96B9E@microsoft.com...

>

>

> "Gary Roach" wrote:

>

>> I'm debugging a machine running XP Pro SP2. It gives a blue screen

>> occasionally with a c5 stop error. It seems I'm supposed to run the

>> driver

>> verifier utility to deal with this. I don't know which drivers to monitor

>> and monitoring them all slows the system down so much that it's unusable.

>> I've analyzed the minidump from the crash (output included afterwards)

>> and

>> it tells me the problem is in Internet Explorer. Which drivers should I

>> monitor? Thanks for any help.

>>

>> --

>> Gary Roach

>> ADB Services

>>

>>

>> --------------------------------------- Minidump

>> Output --------------------------------------

>>

>>

>> Microsoft ® Windows Debugger Version 6.6.0007.5

>> Copyright © Microsoft Corporation. All rights reserved.

>>

>>

>> Loading Dump File [p:\Mini062308-01.dmp]

>> Mini Kernel Dump File: Only registers and stack trace are available

>>

>> Symbol search path is:

>> srv*c:\symbols*http://msdl.microsoft.com/download/symbols

>> Executable search path is: c:\windows\i386

>> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86

>> compatible

>> Product: WinNt, suite: TerminalServer SingleUserTS

>> Built by: 2600.xpsp_sp2_qfe.070227-2300

>> Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700

>> Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)

>> System Uptime: 2 days 7:32:40.075

>> Loading Kernel Symbols

>> ................................................................................................................................

>> Loading User Symbols

>> Loading unloaded module list

>> .....................

>> ERROR: FindPlugIns 8007007b

>> *******************************************************************************

>> *

>> *

>> * Bugcheck Analysis

>> *

>> *

>> *

>> *******************************************************************************

>>

>> Use !analyze -v to get detailed debugging information.

>>

>> BugCheck 100000C5, {0, 2, 1, 8054a10d}

>>

>> Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )

>>

>> Followup: Pool_corruption

>> ---------

>>

>> 1: kd> !analyze -v

>> ERROR: FindPlugIns 8007007b

>> *******************************************************************************

>> *

>> *

>> * Bugcheck Analysis

>> *

>> *

>> *

>> *******************************************************************************

>>

>> DRIVER_CORRUPTED_EXPOOL (c5)

>> An attempt was made to access a pageable (or completely invalid) address

>> at

>> an

>> interrupt request level (IRQL) that is too high. This is

>> caused by drivers that have corrupted the system pool. Run the driver

>> verifier against any new (or suspect) drivers, and if that doesn't turn

>> up

>> the culprit, then use gflags to enable special pool.

>> Arguments:

>> Arg1: 00000000, memory referenced

>> Arg2: 00000002, IRQL

>> Arg3: 00000001, value 0 = read operation, 1 = write operation

>> Arg4: 8054a10d, address which referenced memory

>>

>> Debugging Details:

>> ------------------

>>

>>

>> BUGCHECK_STR: 0xC5_2

>>

>> CURRENT_IRQL: 2

>>

>> FAULTING_IP:

>> nt!ExDeferredFreePool+107

>> 8054a10d 893b mov dword ptr [ebx],edi

>>

>> CUSTOMER_CRASH_COUNT: 1

>>

>> DEFAULT_BUCKET_ID: DRIVER_FAULT

>>

>> PROCESS_NAME: iexplore.exe

>>

>> LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d

>>

>> STACK_TEXT:

>> b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107

>> b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f

>> b953fd48 805409ac 00000005 0221fedc 00000001

>> nt!NtWaitForMultipleObjects+0x2f5

>> b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc

>> WARNING: Frame IP not in any known module. Following frames may be wrong.

>> 0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94

>>

>>

>> STACK_COMMAND: kb

>>

>> FOLLOWUP_IP:

>> nt!ExDeferredFreePool+107

>> 8054a10d 893b mov dword ptr [ebx],edi

>>

>> SYMBOL_STACK_INDEX: 0

>>

>> FOLLOWUP_NAME: Pool_corruption

>>

>> IMAGE_NAME: Pool_Corruption

>>

>> DEBUG_FLR_IMAGE_TIMESTAMP: 0

>>

>> SYMBOL_NAME: nt!ExDeferredFreePool+107

>>

>> MODULE_NAME: Pool_Corruption

>>

>> FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

>>

>> BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

>>

>> Followup: Pool_corruption

>> ---------

>

> As the eroor mentioning that a plug-ins not loading and you need to know

> which plug in?

> What your motherboard make and model?

>

> Dopes the machine get overheated?

> Try to test the memory by using this tool:

>

> You may have a bad RAM try to test your RAM by running Memtest by

> downloading this tool and unzip it and make a floppy or CD/DVD and run it

> on

> Reboot.

> http://www.memtest86.com/

> You may need to reposition/reset the RAM sticks in their slots.

>

> Try to use the Verifier.exe command to see which Drivers not Verified on

> your system:

> How to Use Driver Verifier to Troubleshoot Windows Drivers

> http://support.microsoft.com/kb/244617/en-us

>

>

> Stop error message in Windows XP that you may receive: "0x0000009C

> (0x00000004, 0x00000000, 0xb2000000, 0x00020151)"

> http://support.microsoft.com/?kbid=329284

>

>

> Unexplained computer behaviour may be caused by deceptive software

> http://support.microsoft.com/kb/827315

>

> Go through these Cleaning steps:

> 1... First, try to clean up your caches, Internet files and delete cookies

> by doing this:

> Click Start >> Control Panel >> Double click Network and Internet

> Connections >> Double click Internet Options.

> On the IE properties windows you will see these Tabs:

> General | Security | Privacy | Content | Connections | Programs |

> Advanced

> Under General Tab clear your History, Internet Files and Cookies.

> Then click on Advanced tab and scroll down to under the Browsing Option:

> [&] Browsing

> [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.

> Then click on Programs Tab and click Manage Add-Ons and Disable all non

> Verified Add-Ons (You should Renable them later one-by-one and see the

> culprit and update it or remove it.

> How to manage Add-Ons:

> http://support.microsoft.com/kb/883256

>

> 2.... And also for malware from here:

> http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

> http://onecare.live.com/standard/en-gb/default.htm

>

> Run a scan from here on-line:

> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

> http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

> Download Avast Cleaner from here:

> http://www.avast.com/eng/avast-virus-cleaner.html

> Lots of tools to download and disinfect your machine:

> http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

> http://free.grisoft.com/

>

> =How to perform a clean boot procedure to prevent background programs from

> interfering with a game or a program that you currently use

> http://support.microsoft.com/kb/331796

>

>

> Open a Notepad, customize or minimize to the taskbar as you will need it

> later for this step to copy the error message on it.

> Open a run command and type in:

> eventvwr.msc click [OK] you will get the Event viewer control Panel.

> click on each of these:

> Application

> System

> Security

> Look in the right Pane/window for error message with red (X) or Yellow

> exclamation mark /!\ , double click each one to get more info about the

> causer.

> On the Event error properties message you will see:

> Up Arrow

> Down arrow

> Two pages

> Click on the two pages to copy the error message then bring up the Notepad

> you opened earlier and right click on the first line and select Paste from

> the list, this will paste the error message on a Notepad.

> Please don't duplicate the error message one of each kind will be

> sufficient.

> HOW TO: View and Manage Event Logs in Event Viewer in Windows XP

> http://support.microsoft.com/kb/308427/en-us

>

> Please we need just the error messages with Red (X) and don't repeat the

> error, just one of each kind and post them back in your next post.

>

> HTH.

> nass

> -------

> http://www.nasstec.co.uk

>

>

Guest nass

Guest nass

Posted
Posted

Re: How to use verifier?

 

 

 

"Gary Roach" wrote:

> Thanks for the reply. I'm in the process of carrying out the tests. It's a

> customer's machine at their site and I don't have much access to it. I'm

> looking at getting some time on it do some of the scans like the memory and

> spyware tests. They got another blue screen and I've included the minidump

> output below. It happened in a driver called rp_skt32.sys which is created

> by somebody called Radial Point. I haven't had a chance to determine what

> software this comes with but it isn't listed in the unsiged drivers list of

> the driver verifier program. I'll include the results of other scans when

> I'm able to do them. Here's the latest minidump:

 

 

Hi Gary,

The file belong to radialpoint a security services provider for many of the

ISPs world wide and used in the Ant-virus suites which supplied by the ISP

for example Bellsouth, ATT&AT, Virgin..etc.

Located here:

radialpoint security services - C:\WINDOWS\system32\dllhost.exe

/Processid:{80098F68-1220-4F43-80A8-15C7395B8874}

rppkt - system32\DRIVERS\rp_pkt32.sys

rpskt - system32\DRIVERS\rp_skt32.sys

rpsupdaterr - C:\Program Files\AT&T\AT&T Internet Security

Suite\rpsupdaterR.exe

 

Bellsouth internet security suite.Spyware.Firewall and Anti virus.

Check in the add/remove programs for it and you will find it there.

Make sure it is up2date and current and laso check for malware and viruses

on this mchine.

Check the machine doesn't heated up quickly or overheating, also the memtest.

HTH.

nass

---

http://www.nasstec.co.uk

Guest Gary Roach

Guest Gary Roach

Posted
Posted

Re: How to use verifier?

 

I got the machine and did quite a few scans. I did the memtest86 scan for 8

hours. It did 10 passes and turned up nothing. I ran all the antivirus and

antispyware tests that you mentioned. They all scanned completely clean

except for a few tracking cookies. As you indicated the rp_skt32.sys file is

associated with Bell Internet Security. I checked for updates for it but it

indicates that it is up to date. I think at this point I'm going to suggest

to the customer that he try uninstalling the Bell Security package and run

for a few days to see if the problem reoccurs.

 

"nass" <nass@discussions.microsoft.com> wrote in message

news:5651D202-B8B6-4372-ADEF-DEDB85224315@microsoft.com...

>

>

> "Gary Roach" wrote:

>

>> Thanks for the reply. I'm in the process of carrying out the tests. It's

>> a

>> customer's machine at their site and I don't have much access to it. I'm

>> looking at getting some time on it do some of the scans like the memory

>> and

>> spyware tests. They got another blue screen and I've included the

>> minidump

>> output below. It happened in a driver called rp_skt32.sys which is

>> created

>> by somebody called Radial Point. I haven't had a chance to determine what

>> software this comes with but it isn't listed in the unsiged drivers list

>> of

>> the driver verifier program. I'll include the results of other scans when

>> I'm able to do them. Here's the latest minidump:

>

>

> Hi Gary,

> The file belong to radialpoint a security services provider for many of

> the

> ISPs world wide and used in the Ant-virus suites which supplied by the ISP

> for example Bellsouth, ATT&AT, Virgin..etc.

> Located here:

> radialpoint security services - C:\WINDOWS\system32\dllhost.exe

> /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}

> rppkt - system32\DRIVERS\rp_pkt32.sys

> rpskt - system32\DRIVERS\rp_skt32.sys

> rpsupdaterr - C:\Program Files\AT&T\AT&T Internet Security

> Suite\rpsupdaterR.exe

>

> Bellsouth internet security suite.Spyware.Firewall and Anti virus.

> Check in the add/remove programs for it and you will find it there.

> Make sure it is up2date and current and laso check for malware and viruses

> on this mchine.

> Check the machine doesn't heated up quickly or overheating, also the

> memtest.

> HTH.

> nass

> ---

> http://www.nasstec.co.uk

 Share
Go to topic listing
×
×
  • Create New...