Blue screen

[sdsouza]

HI all,

Just wanted to know what is the best way to find a faulty driver.


BI.

 

[DonNagual]

Hello and welcome to Techspot!

Edit: with the addition of your minidumps, I have deleted my original response.

 

[peterdiva]

Two of the dumps are caused by 6z2yZ4py and 419c69X, my guess is they are the same file. It's an infection of some type and it's being renamed to avoid detection. The third one has a bugcheck of C4 - see below. You need to do a virus\malware scan and possibly a rootkit scan. Could you also post the cause if you find it.

DRIVER_VERIFIER_DETECTED_VIOLATION (C4)
A device driver attempting to corrupt the system has been caught. This is because the driver was specified in the registry as being suspect (by the administrator) and the kernel has enabled substantial checking of this driver. If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will be among the most commonly seen crashes.

 

[howard_hopkinso]

Hello and welcome to Techspot.

I agree with peterdiva. You may have a virus infection.

Go and read this thread HERE. Post a HJT log as an attachment into this thread. I`ll take a look and advise.

Regards Howard :wave: :wave:

 

[sdsouza]

hijackThis log

Here are my hijackThis log

 

[Rick]

Free online virus scanners:
http://housecall.antivirus.com
http://www.bitdefender.com/scan8/
http://www.freedom.net/viruscenter/onlineviruscheck.html
http://www.pandasoftware.com/products/ActiveScan.htm

Free online spyware scanners:
http://www.trendmicro.com/spyware-scan/
http://www.ewido.net/en/onlinescan/
http://www.spywareguide.com/onlinescan.php

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

TSServ.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [TrojanSimulator] "" /install

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Sean\LOCALS~1\Temp\Rar$EX07.172\TSServ.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Rename HijackThis.exe to HijackThis1991.exe and post a fresh HJT log.


Regards Howard

 

[sdsouza]

New HijackThis log file

Here is the latest Hijackthis log file

 

[howard_hopkinso]

Your HJT log is clean.

Are you still having problem?

Regards Howard

 

[sdsouza]

After running Verifier.exe from windows, I tested all unsigned drivers. After reboot I then got another bluescreen.

Here is my resent minidump file.

 

[howard_hopkinso]

2 of your minidumps, including your latest crash at VETMONNT.SYS. They also reference vsdatant.sys. These are your antivirus and firewall programmes respectively.

Disconnect from the net and temporarily uninstall your antivirus and firewall software. See is your system becomes stable.

Do not reconnect to the net, until you have reinstalled your firewall.

Regards Howard

 

[sdsouza]

Everything seems to be working fine. Thanks for the help.