White smoke translator, BSOD, have ran S&D, MWB, and MSE

By Gene1 · 4 replies
Dec 18, 2010
Post New Reply
  1. most of the blue screens are irql_not_less_or_equal.

    Dumps usually show ntoskrnl.exe problems. Most of the time Safe Mode boots, normal boots are 50%. As indicated by the title, I have ran each, but after removal, the computer still does not boot successfully.

    The PC is 64 bit Vista. I can download files from another computer and use a USB drive.

    Incredibly frustrating situation, but I saw someone else on this board who had a similar problem solved within the last month, so I have faith. Please help.
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    What do the dumps not usually show? Those are 0xA errors which are caused either by hardware or faulty drivers attempting to acces a higher IRQ Level than it should resulting in system crashes. By the fact that you can boot into Safe Mode most of the time there is the strong possibility your issue is with drivers.

    You need to tell us your system hardware specs including makes and models plus the security software you are running.

    And, again, what do the dumps not usually show?
  3. Gene1

    Gene1 TS Rookie Topic Starter

    I'm not quite sure what your question is....here are my dumps...

    and my symptoms seem closest to this case:


    [delete this space for link]


    My PC is not a custom rig, it is a Gateway DX4200-09,


    [delete this space for link]


    AMD Phenom X4 9100e / 1.8 GHz
    1.0 x 640.0 GB Hard Drive - Standard - Serial ATA-300 - 7200.0 rpm
    ATI Radeon HD 3200
    Microsoft Windows Vista Home Premium 64-bit Edition

    I am running Microsoft Security Essentials and Spybot S&D

    Attached Files:

  4. Gene1

    Gene1 TS Rookie Topic Starter

    Here are my MBAM and GMER logs. DDS could not run without BSOD

    Malwarebytes' Anti-Malware 1.50

    Database version: 5348

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18975

    12/24/2010 2:29:24 AM
    mbam-log-2010-12-24 (02-29-24).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 504997
    Time elapsed: 1 hour(s), 9 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER -
    Rootkit scan 2010-12-24 03:36:28
    Windows 6.0.6002 Service Pack 2
    Running: b8eim19y.exe

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xF2 0x40 0x3D ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x8B 0x8A 0xD3 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0xBD 0xCD 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xF2 0x40 0x3D ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xF2 0x40 0x3D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}@oajidkjjkcmpeoonmodmaeimgbdgoi 0x64 0x61 0x6D 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}@oanfdmglcojpbpipgadoaediiddeal 0x6A 0x61 0x6D 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}@nahijfgcfcmingaajljnpiloijdj 0x6A 0x61 0x6D 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63FBBF18-53D2-5568-8DFC-44FB6A79BAA6}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63FBBF18-53D2-5568-8DFC-44FB6A79BAA6}@hapnjhhkahmobbae 0x6A 0x61 0x64 0x6D ...

    ---- EOF - GMER 1.0.15 ----
  5. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    I wanjt you to run memtest on your RAM. It is free and quite safe.

    See the link below and follow the instructions. There is a newer version than what is listed; use the newer. If you need to see what the Memtest screen looks like go to reply #21. The third screen is the Memtest screen.

    Step1 - Let it run for a LONG time. The rule is a minimum of 7 Passes; the more Passes after 7 so much the better. The only exception is if you start getting errors before 7 Passes then you can skip to Step 2.

    There are 8 individual tests per Pass. Many people will start this test before going to bed and check it the next day.

    If you have errors you have corrupted memory and it needs to be replaced.

    Step 2 – Because of errors you need to run this test per stick of RAM. Take out one and run the test. Then take that one out and put the other in and run the test. If you start getting errors before 7 Passes you know that stick is corrupted and you don’t need to run the test any further on that stick.

    Link: https://www.techspot.com/vb/topic62524.html

    * Get back to us with the results.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...