rt.sys - How to Remove

In the past I was looking for a IRP tracing tool. During that period I ended up install this kernel driver. I am not even sure where I picked it up from. It’s name is RequestTrace and it says it’s from CompSoft. I have had crashes in this driver and I am trying to remove it. (It’s a boot/kernel driver).

I can’t find any reference to this on Google. Microsoft has an older RealTime Driver with this name.

How do I remove it ? I get a Stop 0x0000007b if I delete the file or delete the
registry keys:
CurrentControlSet\Services\RequestTrace

Is it possible for you to boot in "Last known good ". At the boot time,
try hitting F8 to get to a prompt. If it boots in that way, then you could
go ahead and look at the registry entry it created, and make the start=4
to disable. Then reboot. If it does not, then some recovery is needed
perhaps.

If the above steps allows to disable the driver, then normal rebooting
should succeed. If that does not happen, it is possible that the driver is
being installed on the fly like some of the other packages of this type.
And in that case deleting the whole exe when you boot using F8 might help.

-pro

In the past I was looking for a IRP tracing tool. During that period I
ended up install this kernel driver. I am not even sure where I picked it
up from. It’s name is RequestTrace and it says it’s from CompSoft. I have
had crashes in this driver and I am trying to remove it. (It’s a
boot/kernel driver).

I can’t find any reference to this on Google. Microsoft has an older
RealTime Driver with this name.

How do I remove it ? I get a Stop 0x0000007b if I delete the file or
delete the
registry keys:
CurrentControlSet\Services\RequestTrace


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

why not use a live cd like bartpe or knoppix? With BartPe you can access
the filesystem and delete it and also load the system hive and clean
there…

xxxxx@rts-services.com wrote:

In the past I was looking for a IRP tracing tool. During that period I ended up install this kernel driver. I am not even sure where I picked it up from. It’s name is RequestTrace and it says it’s from CompSoft. I have had crashes in this driver and I am trying to remove it. (It’s a boot/kernel driver).

I can’t find any reference to this on Google. Microsoft has an older RealTime Driver with this name.

How do I remove it ? I get a Stop 0x0000007b if I delete the file or delete the
registry keys:
CurrentControlSet\Services\RequestTrace


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

It was installed so long ago I do not have a restore point.
I have used the last known configuration when I zapped the registery and an alternate boot when I zapped the driver to get the machine to boot.
Clearly something is referencing this driver. So I am looking for some information about the driver itself. I can’t remember where I picked this up at.

0x7b is inaccessible boot device - this means that the RT driver is stuck in one of your disk driver stacks somewhere.

You’ll need to pull it out of the device stacks before you can remove the binary or delete the service.

  1. Figure out the service name that uses rt.sys. Look under system\currentcontrolset\services for an entry which uses rt.

  2. Grab devcon out of the DDK (you might want to get the one from the Vista WDK … I’m assuming it still works on XP) and run

Devcon stack * > allstacks.txt

Then search through allstacks.txt for the service name you found in #1

  1. Use the registry editor to remove rt.sys from the filter lists from each device you find in #2.

Cross your fingers while doing this. You could easily hose your machine. If it doesn’t boot you can probably recover by booting into the Last Known Good configuration, but there’s no guarantee of that.

If it does boot then try removing the RT service (sc delete ) and if it still boots after that you should be able to remove the rt binary.

Of course if RT is an export driver that some other service depends on it gets trickier.

-p

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rts-services.com
Sent: Friday, February 23, 2007 5:24 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] rt.sys - How to Remove

In the past I was looking for a IRP tracing tool. During that period I ended up install this kernel driver. I am not even sure where I picked it up from. It’s name is RequestTrace and it says it’s from CompSoft. I have had crashes in this driver and I am trying to remove it. (It’s a boot/kernel driver).

I can’t find any reference to this on Google. Microsoft has an older RealTime Driver with this name.

How do I remove it ? I get a Stop 0x0000007b if I delete the file or delete the
registry keys:
CurrentControlSet\Services\RequestTrace


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Also clear out the critical device database entries for rt.sys, if it is in there, plus any upper filters references to it, plus any enum references to it. But this is a test system - right? You weren’t doing this on your development system, were you? Just IPL the damn thing and be done with it.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-279130-
xxxxx@lists.osr.com] On Behalf Of xxxxx@rts-services.com
Sent: Saturday, February 24, 2007 9:36 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] rt.sys - How to Remove

It was installed so long ago I do not have a restore point.
I have used the last known configuration when I zapped the registery
and an alternate boot when I zapped the driver to get the machine to
boot.
Clearly something is referencing this driver. So I am looking for some
information about the driver itself. I can’t remember where I picked
this up at.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer