TechSpot

Startup problems, malware related?

By cc481613
May 22, 2010
  1. Hello,

    I've recently been getting BSoD's everytime I started my computer, so I decided to post a thread in the Windows BSoD/Freezing/Restarting forum. However, after several minidump logs, I was told to check for a certain "agent.exe" which may have been a problem. Here is the quote (and the link to the thread):

    Anyway, I've went through the eight steps, and I've attached the three logs as requested. Could you please take a look and see if anything is awry?

    Thanks a lot!
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I don't see much so far, but I have a question about your current AV program.
    I don't see any AV program active, but I can see traces of Eset and Norton.
     
  3. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    I'm running off Safe Mode, so neither of them are running ATM. Nonetheless, I regularly use Eset NOD32, and it's been relatively good for me, so I've stuck with with it for the past few years. I'm not really sure what Norton's doing on my system; I've never used it in my life, on this computer.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Can you boot to normal mode at all?
    Download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    When done...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
  5. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    I can boot into normal mode, but it crashes with a BSoD about 10 seconds I log in, so there is no point running it in normal mode. Just in case it made a difference as to what I should do~

    In any case, I'll run ComboFix and HiJackThis now... I'll post the log ASAP.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yeah, you can run Combofix in safe mode.
     
  7. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    OK well.. I've run both HiJack This and ComboFix... Just one problem: Combofix doesn't seem to produce a complete log for me... Do you have any idea why?

    I've tried running it several times, and it just quits (without saying anything) as it says "Please wait... preparing log report"
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Delete your Combofix file, download fresh one, but rename combofix.exe to broni.com BEFORE saving it to your desktop.
    Try to run it again.
     
  9. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    I renamed the download and ran Combofix again... but now, instead of silently crashing, Combofix seems to be stuck at the "Preparing Log Report" screen... I've been waiting for about 30 minutes, and nothing seems to be happening. Any ideas? :O
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Give it another 10-15 minutes.
    If still stuck, stop it and see, if you can find combofix.txt file in C:\ directory.
    If yes, post it, if not, let me know.
     
  11. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    It's been running for about an hour now...

    I stopped it, and the Combofix.txt file (which I found in C:\broni.com\) is again, incomplete...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    userinit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    The log files are too long... so I've attached them along with this post

    Thanks!
     

    Attached Files:

  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\RunOnce: []  File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
      O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2010/05/11 18:13:36 | 000,000,000 | ---D | C] -- C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP
      [2010/05/11 18:13:21 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
      [2010/03/13 22:51:46 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
      [2010/03/10 22:27:16 | 000,002,048 | ---- | M] () -- C:\Windows\System32\win32xml.TXI
      @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
      @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:54D4173A
      @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CBD3E4DE
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0F8F5844
      @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AFFC859A
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  15. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    Hmm... What exactly do you mean by "reboot"? Does it do it automatically? Because I've clicked the Run Fix button, and it did a bunch of stuff, closed off Explorer, and now OTL doesn't seem to be doing anything...

    EDIT: Nevermind... I wasn't patient enough :| it's rebooting now
     
  16. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    Okay.. Here are the logs
     

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Attempt to run broni.com again.
     
  18. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    When you say broni.com, you mean Combofix renamed, right?
     

    Attached Files:

  19. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    Okay... I ran broni.com, but to no avail; the program still quits while "Preparing Log File"
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Did you run rKill and exehelper?
    I need exehelper log.
     
  21. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I'm not sure, why Combofix doesn't want to run, but at this point I don't think we're dealing here with an infection.
    None of all scans, we ran so far shows anything suspicious.

    Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
  23. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    ==================================================
    Dump File : Mini052210-03.dmp
    Crash Time : 22/05/2010 1:29:25 PM
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x1000000a
    Parameter 1 : 0xcbd91c60
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x82a35778
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+1ef778
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052210-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052210-02.dmp
    Crash Time : 22/05/2010 10:13:26 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052210-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052210-01.dmp
    Crash Time : 22/05/2010 7:34:54 AM
    Bug Check String : DRIVER_CORRUPTED_EXPOOL
    Bug Check Code : 0x100000c5
    Parameter 1 : 0xbc227ef0
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x829284a2
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7838
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052210-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052110-04.dmp
    Crash Time : 21/05/2010 5:41:24 AM
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x82876d53
    Parameter 3 : 0xa6442a54
    Parameter 4 : 0x00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+6cd53
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052110-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052110-03.dmp
    Crash Time : 21/05/2010 5:35:22 AM
    Bug Check String : CRITICAL_OBJECT_TERMINATION
    Bug Check Code : 0x000000f4
    Parameter 1 : 0x00000003
    Parameter 2 : 0x86782648
    Parameter 3 : 0x86782794
    Parameter 4 : 0x829f1dd0
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+bb859
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052110-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052110-02.dmp
    Crash Time : 21/05/2010 5:31:47 AM
    Bug Check String : CRITICAL_OBJECT_TERMINATION
    Bug Check Code : 0x000000f4
    Parameter 1 : 0x00000003
    Parameter 2 : 0x86a0dd90
    Parameter 3 : 0x86a0dedc
    Parameter 4 : 0x829e5dd0
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+bb859
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052110-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052110-01.dmp
    Crash Time : 21/05/2010 5:16:19 AM
    Bug Check String : DRIVER_CORRUPTED_EXPOOL
    Bug Check Code : 0x100000c5
    Parameter 1 : 0xb2a0ad4c
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000001
    Parameter 4 : 0x828fc4a6
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+e44a6
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18209 (vistasp2_gdr.100218-0019)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052110-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052010-05.dmp
    Crash Time : 20/05/2010 5:18:05 PM
    Bug Check String : DRIVER_CORRUPTED_EXPOOL
    Bug Check Code : 0x100000c5
    Parameter 1 : 0xcb130ea8
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x829224a2
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+7cfc
    File Description : ATAPI Driver Extension
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052010-05.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052010-04.dmp
    Crash Time : 20/05/2010 7:07:14 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052010-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052010-03.dmp
    Crash Time : 20/05/2010 6:56:41 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052010-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052010-02.dmp
    Crash Time : 20/05/2010 6:51:28 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052010-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini052010-01.dmp
    Crash Time : 20/05/2010 6:46:45 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052010-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-07.dmp
    Crash Time : 19/05/2010 10:01:56 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-07.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-06.dmp
    Crash Time : 19/05/2010 9:23:53 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-06.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-05.dmp
    Crash Time : 19/05/2010 9:14:06 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-05.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-04.dmp
    Crash Time : 19/05/2010 9:11:11 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-03.dmp
    Crash Time : 19/05/2010 8:11:42 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-02.dmp
    Crash Time : 19/05/2010 4:52:54 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================

    ==================================================
    Dump File : Mini051910-01.dmp
    Crash Time : 19/05/2010 4:33:03 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000001
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+17311
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051910-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    ==================================================
     

    Attached Files:

  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We shouldn't be solving this problem in malware forum (I assume, it's not a malware issue anymore), but I'm curious what's wrong with your computer.

    Your errors indicate crucial system files being at fault, so whoever sent you to malware forum did something, what I'd probably do too. With errors like those, it's always a good idea to check for malware.
    Since I don't see it as malware issue, we have to proceed with some other checks.
    Other possible causes, would be:
    - corrupted startup program
    - system files issue
    - RAM problem
    - hard drive issue

    We have to try to eliminate those possibilities one by one.

    Let's try this....

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Having BSODs?
     
  25. cc481613

    cc481613 TS Rookie Topic Starter Posts: 22

    Nope.. No BSoD...

    So I'm going to assume it's a problem with one of my startup programs/services?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...