How to use verifier?

G

Gary Roach

I'm debugging a machine running XP Pro SP2. It gives a blue screen
occasionally with a c5 stop error. It seems I'm supposed to run the driver
verifier utility to deal with this. I don't know which drivers to monitor
and monitoring them all slows the system down so much that it's unusable.
I've analyzed the minidump from the crash (output included afterwards) and
it tells me the problem is in Internet Explorer. Which drivers should I
monitor? Thanks for any help.

--
Gary Roach
ADB Services


--------------------------------------- Minidump
Output --------------------------------------


Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [p:\Mini062308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)
System Uptime: 2 days 7:32:40.075
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....................
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 8054a10d}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )

Followup: Pool_corruption
---------

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054a10d, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d

STACK_TEXT:
b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107
b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f
b953fd48 805409ac 00000005 0221fedc 00000001
nt!NtWaitForMultipleObjects+0x2f5
b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

SYMBOL_NAME: nt!ExDeferredFreePool+107

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

Followup: Pool_corruption
---------
 
N

nass

Gary Roach said:
I'm debugging a machine running XP Pro SP2. It gives a blue screen
occasionally with a c5 stop error. It seems I'm supposed to run the driver
verifier utility to deal with this. I don't know which drivers to monitor
and monitoring them all slows the system down so much that it's unusable.
I've analyzed the minidump from the crash (output included afterwards) and
it tells me the problem is in Internet Explorer. Which drivers should I
monitor? Thanks for any help.

--
Gary Roach
ADB Services


--------------------------------------- Minidump
Output --------------------------------------


Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [p:\Mini062308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)
System Uptime: 2 days 7:32:40.075
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....................
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 8054a10d}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )

Followup: Pool_corruption
---------

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054a10d, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d

STACK_TEXT:
b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107
b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f
b953fd48 805409ac 00000005 0221fedc 00000001
nt!NtWaitForMultipleObjects+0x2f5
b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

SYMBOL_NAME: nt!ExDeferredFreePool+107

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

Followup: Pool_corruption
---------
Click to expand...

As the eroor mentioning that a plug-ins not loading and you need to know
which plug in?
What your motherboard make and model?

Dopes the machine get overheated?
Try to test the memory by using this tool:

You may have a bad RAM try to test your RAM by running Memtest by
downloading this tool and unzip it and make a floppy or CD/DVD and run it on
Reboot.
http://www.memtest86.com/
You may need to reposition/reset the RAM sticks in their slots.

Try to use the Verifier.exe command to see which Drivers not Verified on
your system:
How to Use Driver Verifier to Troubleshoot Windows Drivers
http://support.microsoft.com/kb/244617/en-us


Stop error message in Windows XP that you may receive: "0x0000009C
(0x00000004, 0x00000000, 0xb2000000, 0x00020151)"
http://support.microsoft.com/?kbid=329284


Unexplained computer behaviour may be caused by deceptive software
http://support.microsoft.com/kb/827315

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

2.... And also for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
http://onecare.live.com/standard/en-gb/default.htm

Run a scan from here on-line:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
http://free.grisoft.com/

=How to perform a clean boot procedure to prevent background programs from
interfering with a game or a program that you currently use
http://support.microsoft.com/kb/331796


Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

HTH.
nass
 
G

Gary Roach

Thanks for the reply. I'm in the process of carrying out the tests. It's a
customer's machine at their site and I don't have much access to it. I'm
looking at getting some time on it do some of the scans like the memory and
spyware tests. They got another blue screen and I've included the minidump
output below. It happened in a driver called rp_skt32.sys which is created
by somebody called Radial Point. I haven't had a chance to determine what
software this comes with but it isn't listed in the unsiged drivers list of
the driver verifier program. I'll include the results of other scans when
I'm able to do them. Here's the latest minidump:

---------------------------------------------------------------------


Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [k:\Mini062508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Jun 24 20:03:42.312 2008 (GMT-4)
System Uptime: 1 days 7:22:30.052
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........................................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 2570001, 8654abf8}

Unable to load image rp_skt32.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rp_skt32.sys
*** ERROR: Module load completed but symbols could not be loaded for
rp_skt32.sys
Probably caused by : rp_skt32.sys ( rp_skt32+4d2 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad
IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 02570001, Memory contents of the pool block
Arg4: 8654abf8, Address of the block of pool being deallocated

Debugging Details:
------------------


POOL_ADDRESS: 8654abf8

FREED_POOL_TAG: RSKT

BUGCHECK_STR: 0xc2_7_RSKT

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 8054a583 to 804f9f13

STACK_TEXT:
f7a6d8c0 8054a583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f7a6d910 f77524d2 8654abf8 00000000 f7a6d930 nt!ExFreePoolWithTag+0x2a3
WARNING: Stack unwind information not available. Following frames may be
wrong.
f7a6d920 f7753fb0 8654abf8 8654abf8 f7a6d944 rp_skt32+0x4d2
f7a6d930 f7754050 00000001 8661b1d8 f751ad09 rp_skt32+0x1fb0
f7a6d944 f7758c42 c0000120 00000000 858b5508 rp_skt32+0x2050
f7a6d97c f7757145 86345ef0 866abf28 854784cc rp_skt32+0x6c42
f7a6d990 f7756583 f7a6d9c8 866abf28 85478438 rp_skt32+0x5145
f7a6db74 f775a9a6 866abe70 866abf28 85478438 rp_skt32+0x4583
f7a6dbcc 804ef163 866abe00 85478438 85478438 rp_skt32+0x89a6
f7a6dbdc 805828e0 86345ed8 00000000 00000000 nt!IopfCallDriver+0x31
f7a6dc14 805ba023 00345ef0 00000000 86345ed8 nt!IopDeleteFile+0x132
f7a6dc30 80525aca 86345ef0 00000000 00000180 nt!ObpRemoveObjectRoutine+0xdf
f7a6dc48 805baef9 867c49c8 e1000e80 867c23c8 nt!ObfDereferenceObject+0x4c
f7a6dc60 805baf8f e1000e80 86345ef0 00000180
nt!ObpCloseHandleTableEntry+0x155
f7a6dca8 805bb0c7 00000180 00000000 00000000 nt!ObpCloseHandle+0x87
f7a6dcbc 805409ac 00000180 f7a6dd4c 804ff581 nt!NtClose+0x1d
f7a6dcbc 804ff581 00000180 f7a6dd4c 804ff581 nt!KiFastCallEntry+0xfc
f7a6dd38 f4a103b4 00000180 8668e8b8 867c23c8 nt!ZwClose+0x11
f7a6dd4c f49f7104 8668e8b8 84278de8 84278de8 netbt!NbtTdiCloseAddress+0x30
f7a6dd60 f49f4c34 00000000 8668e8b8 00000000
netbt!DelayedWipeOutLowerconn+0x2a
f7a6dd7c 80537aff 84278de8 00000000 867c23c8 netbt!NTExecuteWorker+0x18
f7a6ddac 805cea08 84278de8 00000000 00000000 nt!ExpWorkerThread+0xef
f7a6dddc 8054546e 80537a10 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
rp_skt32+4d2
f77524d2 ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: rp_skt32+4d2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rp_skt32

IMAGE_NAME: rp_skt32.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45edb0ee

FAILURE_BUCKET_ID: 0xc2_7_RSKT_rp_skt32+4d2

BUCKET_ID: 0xc2_7_RSKT_rp_skt32+4d2

Followup: MachineOwner
---------


---------------------------------------------------------------------

nass said:
Gary Roach said:
I'm debugging a machine running XP Pro SP2. It gives a blue screen
occasionally with a c5 stop error. It seems I'm supposed to run the
driver
verifier utility to deal with this. I don't know which drivers to monitor
and monitoring them all slows the system down so much that it's unusable.
I've analyzed the minidump from the crash (output included afterwards)
and
it tells me the problem is in Internet Explorer. Which drivers should I
monitor? Thanks for any help.

--
Gary Roach
ADB Services


--------------------------------------- Minidump
Output --------------------------------------


Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [p:\Mini062308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Mon Jun 23 10:41:24.343 2008 (GMT-4)
System Uptime: 2 days 7:32:40.075
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....................
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {0, 2, 1, 8054a10d}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+107 )

Followup: Pool_corruption
---------

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address
at
an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn
up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8054a10d, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 8054a75f to 8054a10d

STACK_TEXT:
b953f994 8054a75f 00000001 863aada8 00000000 nt!ExDeferredFreePool+0x107
b953f9d4 805bf507 862cdd00 00000000 b953fd64 nt!ExFreePoolWithTag+0x47f
b953fd48 805409ac 00000005 0221fedc 00000001
nt!NtWaitForMultipleObjects+0x2f5
b953fd48 7c90eb94 00000005 0221fedc 00000001 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0221ff50 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+107
8054a10d 893b mov dword ptr [ebx],edi

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

SYMBOL_NAME: nt!ExDeferredFreePool+107

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+107

Followup: Pool_corruption
---------
Click to expand...

As the eroor mentioning that a plug-ins not loading and you need to know
which plug in?
What your motherboard make and model?

Dopes the machine get overheated?
Try to test the memory by using this tool:

You may have a bad RAM try to test your RAM by running Memtest by
downloading this tool and unzip it and make a floppy or CD/DVD and run it
on
Reboot.
http://www.memtest86.com/
You may need to reposition/reset the RAM sticks in their slots.

Try to use the Verifier.exe command to see which Drivers not Verified on
your system:
How to Use Driver Verifier to Troubleshoot Windows Drivers
http://support.microsoft.com/kb/244617/en-us


Stop error message in Windows XP that you may receive: "0x0000009C
(0x00000004, 0x00000000, 0xb2000000, 0x00020151)"
http://support.microsoft.com/?kbid=329284


Unexplained computer behaviour may be caused by deceptive software
http://support.microsoft.com/kb/827315

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

2.... And also for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
http://onecare.live.com/standard/en-gb/default.htm

Run a scan from here on-line:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
http://free.grisoft.com/

=How to perform a clean boot procedure to prevent background programs from
interfering with a game or a program that you currently use
http://support.microsoft.com/kb/331796


Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be
sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

HTH.
nass
Click to expand...
 
N

nass

Gary Roach said:
Thanks for the reply. I'm in the process of carrying out the tests. It's a
customer's machine at their site and I don't have much access to it. I'm
looking at getting some time on it do some of the scans like the memory and
spyware tests. They got another blue screen and I've included the minidump
output below. It happened in a driver called rp_skt32.sys which is created
by somebody called Radial Point. I haven't had a chance to determine what
software this comes with but it isn't listed in the unsiged drivers list of
the driver verifier program. I'll include the results of other scans when
I'm able to do them. Here's the latest minidump:
Click to expand...


Hi Gary,
The file belong to radialpoint a security services provider for many of the
ISPs world wide and used in the Ant-virus suites which supplied by the ISP
for example Bellsouth, ATT&AT, Virgin..etc.
Located here:
radialpoint security services - C:\WINDOWS\system32\dllhost.exe
/Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
rppkt - system32\DRIVERS\rp_pkt32.sys
rpskt - system32\DRIVERS\rp_skt32.sys
rpsupdaterr - C:\Program Files\AT&T\AT&T Internet Security
Suite\rpsupdaterR.exe

Bellsouth internet security suite.Spyware.Firewall and Anti virus.
Check in the add/remove programs for it and you will find it there.
Make sure it is up2date and current and laso check for malware and viruses
on this mchine.
Check the machine doesn't heated up quickly or overheating, also the memtest.
HTH.
nass
 
G

Gary Roach

I got the machine and did quite a few scans. I did the memtest86 scan for 8
hours. It did 10 passes and turned up nothing. I ran all the antivirus and
antispyware tests that you mentioned. They all scanned completely clean
except for a few tracking cookies. As you indicated the rp_skt32.sys file is
associated with Bell Internet Security. I checked for updates for it but it
indicates that it is up to date. I think at this point I'm going to suggest
to the customer that he try uninstalling the Bell Security package and run
for a few days to see if the problem reoccurs.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Stop 0x000000C5 Blue Screen + analysis 7
blue screen memory dump please help 3
windows debugging tool 3
Windows debugging tool 1
Blue Screen | Stop Errors 6
Need minidump analyzed 4
Multiple save dumps (with debug info) 4
Help With Crash Dump Analysis 1

Top