Does anyone know what this MS driver does? (It sounds like it ought to be networking-related). On three or four occasions in the last few weeks, when I have been trying to get other driver installation issues sorted out, I have got a BSOD, either just as a driver installation finishes, or after reboot when Windows is finding the new hardware. On these occasions, when I have had a look at the minidump, wanarp.sys has always been the culprit. Last night, it happened again, and my PC proceeded to write me a memory dump of more than 2 GB as well as the usual minidump. I'd like to think it might be of use to someone; I sat there for about 20 minutes wondering if it was ever going to stop ...

I have tried Googling to find out more about it, and the first few dozen hits at any rate (going back three or four years), if they're not just log file content pages, all seem to be about other people getting wanarp.sys BSODs. Not a thing of any use can I find that tells me what the thing is for, or why it might be implicated in causing problems with other drivers being upgraded. Or better still, what if anything I can do about it. Obviously Microsoft aren't going to be any help. When my PC reported the BSOD to them this morning, a web page opened up to say they were unable to determine the cause. A little bit disingenuous, say I - if I can diagnose a memory dump, I'm damn sure MS can Sigh.

Andy is your OS Windows 2000? refresh my memory please I forgot

Whoops, sorry, should have said, it's Win XP Home SP3.

They claim to have found a fix for the BSOD with this file at Tech Support Guy

Lately have you installed SP3 ??

Yeah, I read that thread too. But I can't see what the fix is supposed to be: "download this app to check out your startups, ooh thanks I'll try stopping it loading at boot time and see how I go for a couple of days, damn it's happened again ...", and thread expires while bad RAM is the suspect. Did you see something I missed?

You would have to download Autoruns. The good part is whatever you un-check (if it does not solve the prob) you can run autoruns again & check what you unchecked! So if you were to use that program. Make sure you keep track of what you unchecked. let us know how it goes please. cheers...

Ha, funny you should ask that. I installed SP3 some time ago - weeks, months, not exactly sure. Then, on Sunday, I made a bad error Don';t try this at home, kids! If you're going to have your Windows CD in the CD drive to diagnose a minidump, make sure you take it out before you reboot, because if you're going to have your PC set to boot from CD, and you're going to go and put the kettle on while that reboot is taking place, you might come back, like I did, to find that your PC is re-installing SP2 and there won't be a thing you can do about it. If you forcibly extract the PC and reboot, WIndows will just keep insisting you put the thing back in so it can carry on, until you surrender.

I still don't understand how it happened, I'm supposed to get prompted to hit the Any key if I want to boot from a bootable CD in the CD drive. And whatever happened to OK-Cancel early in the process? Anyway, that is what happened, and as a result I only finished re-downloading up to and beyond SP3 again last night. But it was after I'd finished all that that I got the BSOD in question.

So yes, actually - very lately

The post above that Firefox found #4 makes interesting reading! but, I don't want to get you in a spot thats worse than where you are now! Give that post a lookover above # 4 ..... before I say anymore I'd like a 2nd opinion on the course of action you should take!

Description: File wanarp.sys is located in the folder C:\Windows\System32\drivers. Known file sizes on Windows XP are 34,560 bytes (93% of all occurrence), 33,280 bytes, 61,952 bytes, 62,464 bytes.
The driver can be started or stopped from Services in the Control Panel or by other programs. The file is a Windows core system file. The program has no visible window. The file is a Microsoft signed file. wanarp.sys seems to be a compressed file. Therefore the technical security rating is 0% dangerous....

Are your AV scans Clean? MBAM scans also

It's OK, I'm not in a bad spot at the moment! The dust has settled, Windows is all back up to date, everything seems to be working just fine (apart from the unstable wireless connection, posted about elsewhere these fora - but that's been like it for quite a few weeks now). I'm just trying to figure out why wanarp.sys only ever seems to cause a BSOD when I'm trying to fix another device BSOD problem, and at the moment (touch wood) I'm not.

I installed autoruns and gave it a look. It seems like a potentially useful utility to have. The associated forum looks worthy of a bookmark too. wanarp.sys is loaded at start-up on my machine, but I'm not about to go making any changes just yet! It didn't help the OP in the thread that Firefox pointed us to.

Yup, I'm in that 93%. It's been a long time since MBAM found anything to get excited about. I don't do regular AV scans with Avast, I tend to rely on its start-up checking and on-access nature (and on MBAM) - bad, I know, but last time I gave it a full scan to do, it took nearly 7 hours. I suppose I could schedule it to start at 3 a.m. provided I can remember not to switch the PC off before I hit the sack ... I'm doing a quick scan at the moment

Well we do keep software & updates and Alerts here: http://www.malwarebytes.org/forums/index.php?showforum=13

somewhere, If you want to use autoruns, and zip it and attach it here. we can look at it (I already sent a pm to a moderator)

we can look it over, no personal info is on it just the programs & ms files, & files from other programs. I'll post the instructions for the autoruns so its done correctly:

Please delete your old version of Autoruns and download the latest version from here.

• Save Autoruns.exe to your desktop and double-click it to run it.
• Once it starts, please press the Esc key on your keyboard.
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
• Now right-click on the Autoruns.arn file located on your desktop and highlight Sent To and select Compressed (zipped) Folder
• Please attach the Autoruns.zip file you just created to your next post.

Thanks! Zip attached. While it was scanning,Online Armor told me that autoruns wanted to use the Internet , and asked me if that was OK. I said it was. I hope I was right (can't think why it would need to).

As a matter of interest, how can I delete old attachments? I'm up to 341/500 k now, and I've never managed to find a delete option yet.

thanks for the log... Go up to My Controls then Manage Your Attachments the old ones on this forum can be removed from there....

Aaahhh, that feels better - as good as a dose of syrup of figs! The Avast quick scan came up clean BTW.

You could remove the file and place it in a temp folder. And replace it with another, take a look at this: http://www.dynamiclink.nl/htmfiles/rframes...s/info_w/14.htm
Look where it says Download Page but save the original copy. (I always keep a folder on my C drive called Temp#1) besides the C Temp folder.... I was thinking of a system restore? but what is going thru my head has the wanarp.sys been corrupted? Or you could leave this post here for a while and see if there are any further comments.

If you really want to know what wanarp.sys it, it's the MS driver used for the Routing and Remote Access service . I don't know what caused your BSOD's and other issues, but at least that's answered . Aside from that, if you really want to replace the file then slipstream SP3 into your SP2 disc per the tutorial here then use the Recovery Console to expand a clean version of winarp.sys to your System32\drivers folder. I would not recommend downloading system files from third party sites if it can be avoided.