ttist25
asked on
USBSTOR.SYS Causing Blue Screen Errors
Hey There!
I have a Win XP Pro SP2 workstation (with USB1.1) that's been bluescreening. I've looked at the dump files with WinDbg and USBSTOR.SYS is the culprit in each file.
My client is using a PNY Micro Attache 12GB Flash drive (USB 2.0) to move between work and home (directly modifying files on the USB drive).
I have two minidumps which occured prior to the purchase of the Attache drive which indicate USBSTOR.SYS as the likely culprit. My client states no other USB drives have been attached to the system.
How should I go about preventing these bluescreens at this point?
Do you think the drive is the problem considering the pre-purchase minidumps?
Can I refresh/reload USBSTOR.SYS? If so, what is the best practice to accomplish this?
TIA
PS - In case you're interested, and in an attempt to aid others having this issue, here are the stop error codes (there is no filename reference on the blue screen):
Error code 1000007e
parameter1 c0000005
parameter2 00000000
parameter3 f7a85abc
parameter4 f7a857b8
I have a Win XP Pro SP2 workstation (with USB1.1) that's been bluescreening. I've looked at the dump files with WinDbg and USBSTOR.SYS is the culprit in each file.
My client is using a PNY Micro Attache 12GB Flash drive (USB 2.0) to move between work and home (directly modifying files on the USB drive).
I have two minidumps which occured prior to the purchase of the Attache drive which indicate USBSTOR.SYS as the likely culprit. My client states no other USB drives have been attached to the system.
How should I go about preventing these bluescreens at this point?
Do you think the drive is the problem considering the pre-purchase minidumps?
Can I refresh/reload USBSTOR.SYS? If so, what is the best practice to accomplish this?
TIA
PS - In case you're interested, and in an attempt to aid others having this issue, here are the stop error codes (there is no filename reference on the blue screen):
Error code 1000007e
parameter1 c0000005
parameter2 00000000
parameter3 f7a85abc
parameter4 f7a857b8
Please post the mini dump files so i can look into them and pinpoint problem
File usbstor.sys is located in the folder C:\Windows\System32\driver
The driver can be started or stopped from Services in the Control Panel or by other programs so you can test this way. The file is a Windows system file. The program is not visible. usbstor.sys is a Microsoft signed file.
Important: Some malware camouflage themselves as usbstor.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the usbstor.sys process on your pc whether it is pest.
if you are using any file or folder protection software make sure to disable this also.
Also find the file usbstor.sys and rename to say something like usbstor.bac reboot and see if the OS recreates it after the boot
The driver can be started or stopped from Services in the Control Panel or by other programs so you can test this way. The file is a Windows system file. The program is not visible. usbstor.sys is a Microsoft signed file.
Important: Some malware camouflage themselves as usbstor.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the usbstor.sys process on your pc whether it is pest.
if you are using any file or folder protection software make sure to disable this also.
Also find the file usbstor.sys and rename to say something like usbstor.bac reboot and see if the OS recreates it after the boot
ASKER
Thanks for the responses. I dropped the dmp files in a zip at the following location:
http://www.kntnetworks.com/dumps/minidumps.zip
Your analysis will be greatly appreciated. Thanks for the offer.
I checked the filesize of the usbstor.sys and it is the same size you quoted. Also, I don't see the file in system or system32 folders.
As soon as the system is available to me I will log on and run SysInternals Process Explorer to verify that the instance is signed and that there are no other instances running.
Would it be acceptable to copy usbstor.sys from one machine to another (I have verified the same size and version numbers through file properties)?
Thanks again.
http://www.kntnetworks.com/dumps/minidumps.zip
Your analysis will be greatly appreciated. Thanks for the offer.
I checked the filesize of the usbstor.sys and it is the same size you quoted. Also, I don't see the file in system or system32 folders.
As soon as the system is available to me I will log on and run SysInternals Process Explorer to verify that the instance is signed and that there are no other instances running.
Would it be acceptable to copy usbstor.sys from one machine to another (I have verified the same size and version numbers through file properties)?
Thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.