Solved

Blue Screen Error.....

Posted on 2009-05-15
29
1,341 Views
Last Modified: 2013-11-22
Hi All,
I m facing a problem regarding the blue screen. I m using windows xp and Symantec AV Endpoint.
Problem this when i connect the USB with the system it appear the following blue screen message.

STOP: 0x0000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x00000000)
fltmgr.sys - Address F73D149D base at F73BB000, DateStyamp 41107BAD

However when i Disable the AV it's working fine no error appear.Also it in the Cient side and we r using manage AV.

Is anybody solve this probelm ASAP.

0
Comment
Question by:aliwajdan
  • 11
  • 11
  • 4
  • +2
29 Comments
 
LVL 15

Expert Comment

by:xmachine
ID: 24401543
Hi,

Which version of endpoint protection are you running ?

You can know this by opening SEP GUI interface ---> Help & Support ---> About


A Symantec Certified Specialist @ your service
0
 
LVL 92

Expert Comment

by:nobus
ID: 24401576
can you post the minidump ?   rename it to ***.txt first
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401596
I need you to do the following:

1) Run eventvwr.msc and look in the System log for recent errors.

2) Since nobus asked for minidump files, this how to configure Windows to create them upon BSOD:

Go to the Control Panel and follow this steps:

System Icon
Advanced Tab
Startup and Recovery -> Settings
Enable Write an Event to the system log
Disable Automatically Restart

Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.

3) Plug the USB again, If the explorer crashed again, do the following:

A. Zip all files inside (%SystemRoot%\Minidump) and attach it here
B. Go to eventviewer and save (application) & (system) by right click and choose "Save Event As". Then attach both of them here

0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:aliwajdan
ID: 24401603
I cann't post minidump? and me using Symantec Endpoint 11 version
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401613
I need the complete version number ? 11.0.xxx.xxx

You can know this by opening SEP GUI interface ---> Help & Support ---> About

0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401663
Hi xmachine,
Problem still. I attached the files plz see. Can i redo the changes which u suggested.

I m also trying to attach the zip file but it's give following error.
The extension of one or more files in the archive is not in the list of allowed extensions: Dump/Application Log.evt
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401687
1) I still need the complete version number please, because some old versions had bugs that are similar to your case.

opening SEP GUI interface ---> Help & Support ---> About

2) rename .evt file to .txt, then try uploading it again

3) I can't see any attached file
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401696
xmachine sorry i don't understand the
"opening SEP GUI interface ---> Help & Support ---> Abou".
Wht u want to say?

I attach the file.
Dump.zip
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401721
1) Go start > all programs > Symantec Endpoint Protection

2) Select "Symantec Endpoint Protection"

3) On the right side, select "Help & Support"

4) Select "About"

5) What is the written version ? 11.0.xxx.xxx
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401731
Hi xmachine

This is the name and detail of the AV "Symantec Endpoint Protection 11.0"
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401740
This is the name and detail of the AV "Symantec Endpoint Protection 11.0" and Patch is MR4.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401772
1) Please download and run this tool:

http://www.resplendence.com/whocrashed

http://www.resplendence.com/download/whocrashedSetup.exe

2) Click on Analyze. Once scanning is finished, just copy the results and paste them here. Or take a snapshot and attach it here.
0
 
LVL 92

Expert Comment

by:nobus
ID: 24401864
>>   I cann't post minidump?   <<   why not? READ my 1st comment on how to do it !
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401939
hi xmachine

Plz See
following  the result after the analyze


Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Sat 5/16/2009 8:58:32 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xEE3D1748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\srtsp.sys
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect



On Fri 5/15/2009 6:26:50 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\srtsp.sys
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

2 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401971
Application control driver that is potentially causing problems. Can you drop to a command prompt and type the following:

sc config sysplant start= disabled

then reboot and try connecting the USB again.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401982
Try installing the latest patch for SEP on the same computer, and see if you still have the problem:

http://seer.support.veritas.com/downloads/export.asp?ddProduct=54619&file=SEP32_2295To26_clientMSPMSI.exe&source=5&url=/public/english_us_canada/products/symantec_endpoint_protection/11.0/updates/&id=57554

Note: This patch upgrades Symantec Endpoint Protection 11.0 MR4 (11.0.4000.2295) 32-bit Clients to version 11.0 MR4 Maintenence Pack 1a (MR4 MP1a).
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401983
plz tell me can i change the following values normal before restarting

Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24402005
you can leave them, we may need to get additional dumps
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24402071
I've run above symantec patch and also give above command. But problem still persist.
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24402072
It's a AV is manage and it's on client side. Mean It has a server.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24402082
Dose this happen to one computer or all ?

if it's only a single case, try re-install SEP again (remove then install)
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24402425

 
Hi -
In your 1st post you told us of a BSOD with a bugcheck = 0x8e (0xc0000005,,) = the kernel threw an exception - a memory access violation.
The interesting thing is that the probable cause was not Symantec, but  the Microsoft filter mgr driver fltmgr.sys, timestamp = 41107BAD = Aug 2004.
I ran the 2 dumps and Symantec was indeed named as the probable cause, but I don't find it to be the actual cause because of these timestamps found -
  • NT Kernel = March 2005
  • DirectX Graphics kernel = August 2004
  • Windows GUI = April 2003
  • Intel Ethernet = March 2003
I believe the BSODs are being caused by a conflict between a brand new 2009 Symantec installation and an XP OS that has had no Windows Updates since 2005.  
Windows Updates need to come in and install.  
Your device drivers need to be uptdated; most appear to be dated 2003-2005 with little exception.  Exactly why there have been no Windows Updates in 4+ years, I cannot say  at this time.
XP Windows Updates
 
Regards. . .
jcgriff2
`

0
 
LVL 15

Expert Comment

by:xmachine
ID: 24402474
Thanks jcgriff2 for your input.

@aliwajdan

Can you try updating your windows xp to the latest SP (SP3) and latest patches ?
0
 
LVL 1

Expert Comment

by:gesquivel
ID: 24403302
the best way it's install a clean copy of your windows!
because if u have the blue screen u can fix it but then your windows doesn't been repaired 100%.
so i think u will win some time and money formating it.

Gustavo
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24404440
Sorry, but It also could be said that for every problem an XP install could be grounds for a reformat./ re-instsll.
A BSOD does not in any way, shape or form change/ modify the XP OS.  The BSOD sumply occurs in many cases to be softeare related; the rest hardwsre failure.
Please follow the instructions that  provided.
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24408964
Hi All,
Thnx 4 all of ur valueable inputs. First i rply to xmachine that it's only appear in one machine.
2nd to jcgriff2 that we also analyze system regarding the solution of xmachine it cleary show the root and cause of this error (check above my post i posted result).
Do u've any other solution except reinstallation.
Also windows updated regularly and i also reinstall the AV.
If it's problem regarding Windows Updation can u tell me the specific update of windows so i can download it manually.

Ur quick prompt will highly appreciated.
thnx
0
 
LVL 12

Accepted Solution

by:
John Griffith earned 50 total points
ID: 24409691
Hi -
I can only tell you taht based on the XP OS drivers that I found ion the dumps taht I analyzed years of Windows Updates are not installed in that system.  The NT Kernel w/ 2005 date tells us this.
Run Belarc Advisor & see what it tells you about Windows Updates -  http://www.belarc.com/free_download.html
 I have analyzed 10,000's kernel dumps in the last year and can say with conviction that a root cause cannot be determined until the OS is updated & stabalized.  
My experience is as a Moderator, Microsoft Support, Tech Support Forum * com member #185203 - screen name = jcgriff2        http://www.techsupportforum.com/members/185203.html
0
 
LVL 1

Author Closing Comment

by:aliwajdan
ID: 31582179
I follow all the instructions which passed by the expert and at last i installed complete windows updates. After this the error which occurred due USB solved.
Thnx
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24620301
Hi - Thank you.  I am glad that your system is back up and running.  I do apologize for the typos - very unlike me to allow content out in that manner.  
jcgriff2
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Kaspersky Anti-Ransomware Tool for Business 10 136
ransomware virus 21 108
Is this virus ? 6 41
I suddenly cannot write to C drive 20 73
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question