Spread the love! TechSpot Tech Gift Shortlist 2017

Help determining if BSOD is virus, bad driver, or hardware cause

By leeleses · 9 replies
May 24, 2010
  1. Hello:

    The problem I’m having started about a week after I worked on a Dell laptop that was loaded with Trojan viruses. It would not run at all. It kept giving tons of “bad image” errors and then locked up on the desktop. What I did was copy the laptop’s hard drive to an external Western digital USB drive using Norton Ghost. Then I used the Dell restore/recovery partition on the laptop to restore the laptop to operating condition. The laptop is now doing great.

    Then I carried the external drive over to a desktop Dell XPS 400, and used the XPS 400 to scan the external drive for viruses. I used McAfee and also Super Anti-Spyware. I found that the external drive was loaded with Trojans, and I ended up deleting the Windows folder, and basically everything else except for the documents and settings folder. I was trying to save various files in that folder, including some e-books, music, word documents, and pictures.

    While I was scanning for viruses, I got a ton of hits for Trojans and also PUP’s. When I was done, the external drive seemed virus free, and the desktop also seemed okay. I also note, that from now on, I will only use a junk computer in a situation such as this to scan for viruses on an infected drive! Lesson learned.

    About a week after all of the above, the Dell XPS 400 started blue screening, with the dreaded BSOD error DRIVER_IRQL_NOT_LESS_OR_EQUAL. I assumed that there was a virus hidden somewhere that had damaged the XPS 400’s Windows XP operating system. I took what I thought would be a *shortcut*. I used a known good image from the XPS 400 that was taken about two months ago to overwrite the C partition. Then, the ONLY thing I used from the C partition from before I overwrote it was a backup I made of iTunes before I overwrote the partition with the known good image. What I did was copy the iTunes folder before I wiped the C partition. Then I scanned the iTunes folder for viruses, and copied it back to the machine after the C partition was wiped. The iTunes then said that it could not open the music because it was from a previous version of iTunes. So I decided to delete the iTunes folder, reinstall the latest version of iTunes, and then use some iTunes backup disks I also made to restore iTunes to the way it was before this started. I left iTunes installing (from the internet) and went to bed. In the morning, the machine was locked up and the iTunes never installed.

    When I rebooted it, the machine is blue screening again. Could a virus make it start blue screening again that fast, or is this more likely an intermittent hardware cause? After I used the image from 2-3 months ago, initially it booted right up the first time.

    I also replaced the memory in the XPS 400 about 2-3 months ago with 4GB of Crucial RAM (Ballstix Model). I read that some people had problems with the Crucial Ballstix RAM going bad, and they were mad because it’s supposed to be “high-end” RAM. It has fancy metal heat sinks on it, etc. etc.. The machine is well maintained otherwise, no dust or anything like that.

    I read the sticky about things to look at before you post minidump files, and I have a question about underpowered CPU’s.

    How would I know if the power supply was going bad and not supplying enough power to the CPU? Would that show up in a diagnostic test? I had a machine once that was blue screening, and that I traced back to improperly installed heat sinking compound that had caused hot spots on the CPU and blown the CPU.

    So, I’m not sure which thing to think next:

    1) Should I overwrite the C partition again and not use the potentially infected iTunes and see if the machine is okay, therefore proving there is a virus on the iTunes?
    2) Should I put the old memory back in and see what effect if any that has?
    3) From reading, I think Hijack this! Has something to do with situations like this for diagnosis, and/or the dump and/or the mini-dump files.

    From my limited understanding, I understand you put the mini-dump files through a “debugger” program to find the problem?

    What I really would like is if someone could point me in the right direction explaining how you interpret dump or mini-dump files, and/or how you use Hijack this and what it actually is? Is Hijack this software, like a debugger or something, and how does it compare to the use of the dump files.

    I’m very good with Norton Partition Magic and Norton Ghost, but I am very new to diagnosing the dreaded BSOD.

    Do we think this is a hidden virus lurking on the hard drive, or is that not likely if I ran McAfee and Super Anti-Spyware many times?

    I’m going to send along three or four mini-dump files in case they will help.

    What is my next move?



    Attached Files:

  2. tkr3alm3r

    tkr3alm3r TS Rookie Posts: 29

    two things
    1. bad ram
    2. invalid drivers
    please update your drivers from the respective manufacturer websites
    when you get the error above, its usually due to a graphic card drivers
  3. leeleses

    leeleses TS Rookie Topic Starter

    I used the BlueScreenView.exe recommended by someone here, and it pointed to ntoskrnl.exe and ntfs.sys as the causes.

    One of the threads says that usually points to a hardware cause.

    In the same thread, it also suggested McAfee could be the cause.

    I uninstalled McAfee and installed AVG. I'm reinstalling iTunes, and the machine seems stable so far.

    I also had time for one pass of mem test 4.10, and at least that one pass did not show a memory fault.

    Anyone have any thoughts or ideas?

  4. tkr3alm3r

    tkr3alm3r TS Rookie Posts: 29

    Glad ur PC is now stable...let us know if you get anymore BSOD's?
  5. leeleses

    leeleses TS Rookie Topic Starter

    Anyone have any ideas what to do next?

    So, yesterday, I used bluescreenview on this machine.

    Then I removed McAfee and installed AVG instead and did a thorough scan.

    Then I downloaded and installed iTunes again and restored iTunes with backup disks I made. I rebooted several times. The machine was running flawlessly.

    Then I ran the Dell Diagnostics and also seven passes of mem test all night.

    Then I left it running all day and came home to it locked up with a black screen again. When I restarted it, it said the registry was corrupted and it had to recover from known good registry information or something close to that.

    Does anyone have any ideas? Bad hard drive? Bad memory? Failing CPU or other component.

    Where to go from here, other than putting it in the trash!

  6. tkr3alm3r

    tkr3alm3r TS Rookie Posts: 29

    just a thought, are you still using the same Ballstix ram?
    please try installing just the up to date drivers for hardware on the PC, minus the programs....specially itunes, which seems to be the repeat in this process.
    (basically a fresh install not from an image)

    i want to eliminate driver conflicts with memory IRQL assigned from hardware to itunes as the cause.

    if it doesn't fault then hardware is not the problem, i'd say software wise better to mount the image and save files you need, but you will have to install the software side again

    let us know how you pan out :p
  7. leeleses

    leeleses TS Rookie Topic Starter

    It would not boot at all this morning.

    I ran checkdisk after booting from the XP CD, and then it booted again.

    I removed the Ballistix RAM this morning and put back the original RAM. I want to see if that makes any difference.

    I noticed among other things, I brought the Ballistix RAM because it ran at PC2-6400 instead of the non-Ballistix Crucial RAM that ran at PC2-5300. The original RAM ran at 5200 I think. Maybe Crucial is wrong and this motherboard can't handle the 6400 speed?

    I also read about VERY high failure rates on the Ballistix RAM.

  8. tkr3alm3r

    tkr3alm3r TS Rookie Posts: 29

    can u post motherboard brand and type, we'll see if it is compatible?
  9. leeleses

    leeleses TS Rookie Topic Starter

    Wow. Great Idea.

    How can I figure out the brand and type?

    It's in a Dell XPS 400.

    Where can I find that information?
    Physical Inspection?
    Somewhere in device manager?

    I'm trying to think of the answer!

  10. tkr3alm3r

    tkr3alm3r TS Rookie Posts: 29

    Watch the computer as it boots. The manufacture's name and motherboard model might be displayed as the BIOS goes through its post routine. Use the Pause Key to freeze the screen (and any key to restart it)

    Download and run CT BIOS. This utility may grab the manufacturer's info from the BIOS. In the case of my BIOS, it listed the manufacturer's web site URL among other things.

    link: http://download.softpedia.ro/dl/d5b...8/100000913/software/SYSTEM/INFO/ctbios15.zip
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...