aliwajdan
asked on
Blue Screen Error.....
Hi All,
I m facing a problem regarding the blue screen. I m using windows xp and Symantec AV Endpoint.
Problem this when i connect the USB with the system it appear the following blue screen message.
STOP: 0x0000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x00000000)
fltmgr.sys - Address F73D149D base at F73BB000, DateStyamp 41107BAD
However when i Disable the AV it's working fine no error appear.Also it in the Cient side and we r using manage AV.
Is anybody solve this probelm ASAP.
I m facing a problem regarding the blue screen. I m using windows xp and Symantec AV Endpoint.
Problem this when i connect the USB with the system it appear the following blue screen message.
STOP: 0x0000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x00000000)
fltmgr.sys - Address F73D149D base at F73BB000, DateStyamp 41107BAD
However when i Disable the AV it's working fine no error appear.Also it in the Cient side and we r using manage AV.
Is anybody solve this probelm ASAP.
can you post the minidump ? rename it to ***.txt first
I need you to do the following:
1) Run eventvwr.msc and look in the System log for recent errors.
2) Since nobus asked for minidump files, this how to configure Windows to create them upon BSOD:
Go to the Control Panel and follow this steps:
System Icon
Advanced Tab
Startup and Recovery -> Settings
Enable Write an Event to the system log
Disable Automatically Restart
Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
3) Plug the USB again, If the explorer crashed again, do the following:
A. Zip all files inside (%SystemRoot%\Minidump) and attach it here
B. Go to eventviewer and save (application) & (system) by right click and choose "Save Event As". Then attach both of them here
1) Run eventvwr.msc and look in the System log for recent errors.
2) Since nobus asked for minidump files, this how to configure Windows to create them upon BSOD:
Go to the Control Panel and follow this steps:
System Icon
Advanced Tab
Startup and Recovery -> Settings
Enable Write an Event to the system log
Disable Automatically Restart
Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
3) Plug the USB again, If the explorer crashed again, do the following:
A. Zip all files inside (%SystemRoot%\Minidump) and attach it here
B. Go to eventviewer and save (application) & (system) by right click and choose "Save Event As". Then attach both of them here
ASKER
I cann't post minidump? and me using Symantec Endpoint 11 version
I need the complete version number ? 11.0.xxx.xxx
You can know this by opening SEP GUI interface ---> Help & Support ---> About
You can know this by opening SEP GUI interface ---> Help & Support ---> About
ASKER
Hi xmachine,
Problem still. I attached the files plz see. Can i redo the changes which u suggested.
I m also trying to attach the zip file but it's give following error.
The extension of one or more files in the archive is not in the list of allowed extensions: Dump/Application Log.evt
Problem still. I attached the files plz see. Can i redo the changes which u suggested.
I m also trying to attach the zip file but it's give following error.
The extension of one or more files in the archive is not in the list of allowed extensions: Dump/Application Log.evt
1) I still need the complete version number please, because some old versions had bugs that are similar to your case.
opening SEP GUI interface ---> Help & Support ---> About
2) rename .evt file to .txt, then try uploading it again
3) I can't see any attached file
opening SEP GUI interface ---> Help & Support ---> About
2) rename .evt file to .txt, then try uploading it again
3) I can't see any attached file
ASKER
xmachine sorry i don't understand the
"opening SEP GUI interface ---> Help & Support ---> Abou".
Wht u want to say?
I attach the file.
Dump.zip
"opening SEP GUI interface ---> Help & Support ---> Abou".
Wht u want to say?
I attach the file.
Dump.zip
1) Go start > all programs > Symantec Endpoint Protection
2) Select "Symantec Endpoint Protection"
3) On the right side, select "Help & Support"
4) Select "About"
5) What is the written version ? 11.0.xxx.xxx
2) Select "Symantec Endpoint Protection"
3) On the right side, select "Help & Support"
4) Select "About"
5) What is the written version ? 11.0.xxx.xxx
ASKER
Hi xmachine
This is the name and detail of the AV "Symantec Endpoint Protection 11.0"
This is the name and detail of the AV "Symantec Endpoint Protection 11.0"
ASKER
This is the name and detail of the AV "Symantec Endpoint Protection 11.0" and Patch is MR4.
1) Please download and run this tool:
http://www.resplendence.com/whocrashed
http://www.resplendence.com/download/whocrashedSetup.exe
2) Click on Analyze. Once scanning is finished, just copy the results and paste them here. Or take a snapshot and attach it here.
http://www.resplendence.com/whocrashed
http://www.resplendence.com/download/whocrashedSetup.exe
2) Click on Analyze. Once scanning is finished, just copy the results and paste them here. Or take a snapshot and attach it here.
>> I cann't post minidump? << why not? READ my 1st comment on how to do it !
ASKER
hi xmachine
Plz See
following the result after the analyze
Analysis
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
On Sat 5/16/2009 8:58:32 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xEE3D1748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_ HANDLED_M
file path: C:\WINDOWS\system32\driver s\srtsp.sy s
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect
On Fri 5/15/2009 6:26:50 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_ HANDLED_M
file path: C:\WINDOWS\system32\driver s\srtsp.sy s
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Conclusion
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
2 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Plz See
following the result after the analyze
Analysis
--------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
On Sat 5/16/2009 8:58:32 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xEE3D1748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_
file path: C:\WINDOWS\system32\driver
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect
On Fri 5/15/2009 6:26:50 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_
file path: C:\WINDOWS\system32\driver
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect
--------------------------
Conclusion
--------------------------
2 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Application control driver that is potentially causing problems. Can you drop to a command prompt and type the following:
sc config sysplant start= disabled
then reboot and try connecting the USB again.
sc config sysplant start= disabled
then reboot and try connecting the USB again.
Try installing the latest patch for SEP on the same computer, and see if you still have the problem:
http://seer.support.veritas.com/downloads/export.asp?ddProduct=54619&file=SEP32_2295To26_clientMSPMSI.exe&source=5&url=/public/english_us_canada/products/symantec_endpoint_protection/11.0/updates/&id=57554
Note: This patch upgrades Symantec Endpoint Protection 11.0 MR4 (11.0.4000.2295) 32-bit Clients to version 11.0 MR4 Maintenence Pack 1a (MR4 MP1a).
http://seer.support.veritas.com/downloads/export.asp?ddProduct=54619&file=SEP32_2295To26_clientMSPMSI.exe&source=5&url=/public/english_us_canada/products/symantec_endpoint_protection/11.0/updates/&id=57554
Note: This patch upgrades Symantec Endpoint Protection 11.0 MR4 (11.0.4000.2295) 32-bit Clients to version 11.0 MR4 Maintenence Pack 1a (MR4 MP1a).
ASKER
plz tell me can i change the following values normal before restarting
Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
you can leave them, we may need to get additional dumps
ASKER
I've run above symantec patch and also give above command. But problem still persist.
ASKER
It's a AV is manage and it's on client side. Mean It has a server.
Dose this happen to one computer or all ?
if it's only a single case, try re-install SEP again (remove then install)
if it's only a single case, try re-install SEP again (remove then install)
Hi -
In your 1st post you told us of a BSOD with a bugcheck = 0x8e (0xc0000005,,) = the kernel threw an exception - a memory access violation.
The interesting thing is that the probable cause was not Symantec, but the Microsoft filter mgr driver fltmgr.sys, timestamp = 41107BAD = Aug 2004.
I ran the 2 dumps and Symantec was indeed named as the probable cause, but I don't find it to be the actual cause because of these timestamps found -
- NT Kernel = March 2005
- DirectX Graphics kernel = August 2004
- Windows GUI = April 2003
- Intel Ethernet = March 2003
Windows Updates need to come in and install.
Your device drivers need to be uptdated; most appear to be dated 2003-2005 with little exception. Exactly why there have been no Windows Updates in 4+ years, I cannot say at this time.
XP Windows Updates
Regards. . .
jcgriff2
`
Thanks jcgriff2 for your input.
@aliwajdan
Can you try updating your windows xp to the latest SP (SP3) and latest patches ?
@aliwajdan
Can you try updating your windows xp to the latest SP (SP3) and latest patches ?
the best way it's install a clean copy of your windows!
because if u have the blue screen u can fix it but then your windows doesn't been repaired 100%.
so i think u will win some time and money formating it.
Gustavo
because if u have the blue screen u can fix it but then your windows doesn't been repaired 100%.
so i think u will win some time and money formating it.
Gustavo
Sorry, but It also could be said that for every problem an XP install could be grounds for a reformat./ re-instsll.
A BSOD does not in any way, shape or form change/ modify the XP OS. The BSOD sumply occurs in many cases to be softeare related; the rest hardwsre failure.
Please follow the instructions that provided.
A BSOD does not in any way, shape or form change/ modify the XP OS. The BSOD sumply occurs in many cases to be softeare related; the rest hardwsre failure.
Please follow the instructions that provided.
ASKER
Hi All,
Thnx 4 all of ur valueable inputs. First i rply to xmachine that it's only appear in one machine.
2nd to jcgriff2 that we also analyze system regarding the solution of xmachine it cleary show the root and cause of this error (check above my post i posted result).
Do u've any other solution except reinstallation.
Also windows updated regularly and i also reinstall the AV.
If it's problem regarding Windows Updation can u tell me the specific update of windows so i can download it manually.
Ur quick prompt will highly appreciated.
thnx
Thnx 4 all of ur valueable inputs. First i rply to xmachine that it's only appear in one machine.
2nd to jcgriff2 that we also analyze system regarding the solution of xmachine it cleary show the root and cause of this error (check above my post i posted result).
Do u've any other solution except reinstallation.
Also windows updated regularly and i also reinstall the AV.
If it's problem regarding Windows Updation can u tell me the specific update of windows so i can download it manually.
Ur quick prompt will highly appreciated.
thnx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I follow all the instructions which passed by the expert and at last i installed complete windows updates. After this the error which occurred due USB solved.
Thnx
Thnx
Hi - Thank you. I am glad that your system is back up and running. I do apologize for the typos - very unlike me to allow content out in that manner.
jcgriff2
jcgriff2
Which version of endpoint protection are you running ?
You can know this by opening SEP GUI interface ---> Help & Support ---> About
A Symantec Certified Specialist @ your service