Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Cert / EV + Kernel problem

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 5 posts
This is a very strange problem that I've been struggling with for a few days now. I have been suffering from all kinds of BSOD's, however, I have rooted quite a few of them out. The main problem that I am still having, is that my system will BSOD and point to ntoskrnl.exe with several different bugcheck codes, but usually the same error: IRQL_NOT_LESS_OR_EQUAL, or DRIVER_IRQL_NOT_LESS_OR_EQUAL.

I've run memory tests, anti-spy/malware, check voltages, checked for shorts, checked drivers, checked BIOS, checked PSU, ran chkdsk /f, cleaned the registry, and more.

I noticed that the event viewer was acting strange. It wasn't always capturing errors, which was making it very hard to try to pin down where this is coming from. Then I noticed that logging was being turned off for an hour at a time because crypt32 was reaching its limit of 50. The error that is causing this is CAPI2. Failed extract of third-party root list from auto update cab at:

<http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

I downloaded the certificate and installed it into trusted, yet I'm still getting the problem. I also get random system hangs, but no associated errors.

Most everything you need to know about the system can be found in the attachments I've provided. Any and all help is appreciated.

Attached Files

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok, well I feel pretty stupid now. Something just didn't seem right, so I zenmapped the URL and I think that this cert is from a spoofed site.

It resolved to two separate IPs and the rDNS was cds72.ord9.msecn.net

22/tcp open tcpwrapped
53/tcp open domain
80/tcp open http EdgePrism (Limelight Networks Content Delivery Network)
|_html-title: Site doesn't have a title (text/html).
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
161/tcp filtered snmp
199/tcp open smux Linux SNMP multiplexer
443/tcp open ssl/http EdgePrism (Limelight Networks Content Delivery Network)
|_sslv2: server still supports SSLv2
|_html-title: Site doesn't have a title (text/html).
445/tcp filtered microsoft-ds
514/tcp filtered shell
593/tcp filtered http-rpc-epmap
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
2001/tcp open dc?

I'm not the world's greatest at CA. I pulled up my Certificates snap-in in my MMC and looked at Third-Party Root CA, but didn't see anything that stands out. I'm not certain how to fix this.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP