Irregular BSOD's

sharman1234 · Dec 27, 2010

Hi, i have been using vista for a while and have recently been getting varied BSOD's at irregular intervals, but mainly DRIVER_IRQL_LESS_OR_NOT_EQUAL. And it is getting ridiculously annoying any help would be appreciated

It is a 32-Bit Home Premium upgrade version
Upgraded from XP Home Edition
It is the full retail version

My PC is custom built and is 1.5 years old
The OS has been installed twice (due to hard drive wiping), most recently about 8 months ago

Thanks

richc46 · Dec 27, 2010

Welcome and happy holidays
I have examined your report and have found one driver to be the primary cause of your problem
armgdmsq.sys
My research indicates that this may be a virus
Please update your anti virus and make a full scan
Please download and run malwarebytes make a full updated scan
Report either way and we shall proceed.
http://malwarebytes.org/

sharman1234 · Dec 28, 2010

Happy holidays to you too

ran malwarebytes and my usual virus scanner (spybot)
Malwarebytes found nothing and spybot found the usual few things
then recieved a BSOD just after.

niemiro · Dec 28, 2010

sharman1234 said:
Happy holidays to you too
ran malwarebytes and my usual virus scanner (spybot)
Malwarebytes found nothing and spybot found the usual few things
then recieved a BSOD just after.

Hello!

Please navigate to C:\Windows\System32\Drivers\armgdmsq.sys

Does that file exist? Or should I say, can you see it?

Thanks!

Richard

sharman1234 · Dec 28, 2010

yes i can find find it,

although earlier i was greeted with this message,

File: \Windows\System32\Drivers\armgdmsq.sys

Status: 0xc0000098

Info: Windows failed to load because a critical system driver is missing, or corrut.

which required me to insert my disk and repair my computer
thanks

niemiro · Dec 28, 2010

Hello!

That is interesting! So it isn't hidden from the Windows API. That is good news. I need you to upload it for analysis. We currently beleive that it is a nasty piece of malware which can hide from MBAM. We will just test out out theory, before putting you in charge of our security expert, or not.

Please go to VirusTotal - Free Online Virus, Malware and URL Scanner

Browse to C:\Windows\System32\Drivers\armgdmsq.sys and upload it.

If it says that it has already been analysed, click on Reanalyse. When it has finished, please post your report here.

Thanks!

Richard

sharman1234 · Dec 28, 2010

Hi am unable to upload it as it says

armgdmsq.sys
'A device attached to the system is not functioning'

richc46 · Dec 28, 2010

I did not forget about you. I am just waiting to see what our best security people have to say. Im glad that you brought your problem to us. We are ready and more than able to help.

niemiro · Dec 28, 2010

sharman1234 said:
Hi am unable to upload it as it says

armgdmsq.sys
'A device attached to the system is not functioning'

Hello!

Please naviage to C:\Windows\System32\drivers, and copy armgdmsq.sys to your Desktop. Upload it to Virus Total from your Desktop. Whether it works or not, delete it immediately from your Desktop, and then remember to Empty your Recycle bin.

Thanks!

Richard

sharman1234 · Dec 28, 2010

Hi!

I am unable to copy it to my desktop as I receive a message saying

cannot read from source file or disk.

thanks

Chris

niemiro · Dec 28, 2010

sharman1234 said:
Hi!

I am unable to copy it to my desktop as I receive a message saying

cannot read from source file or disk.

thanks

Chris

Hello Chris!

Right, don't worry

It almost certainly is some form of nasty malware. Please don't try anything yourself, because, for example, just renaming the file may mean that the registry entry is not deleted, and this can make your computer BSoD before login.

You need to wait for our fully qualified security expert, to give you advanced tools, or we can redirect you to another forum. This will be a massive establishment, with many staff members and a training centre. However, they are so busy that a reply can take a little while to come by.

Hopefully our own security expert will come by soon

Everyone is extremely busy. Many staff are on holiday, including our security expert, and people now have the time on theirs hands to ask for help on their computers, and trainees are free, and posting faster than their instructors can. Busy time!

Thank you so much for your patience!

Richard

sharman1234 · Dec 28, 2010

Hello!

Firstly thank you Richard

This is excellent news, as long as it gets sorted at some point i will be completely fine!
I understand this probably didn't happen at the best time of year

And i thoroughly appreciate the fact that this isn't an easy fix, because it is buried right in the heart of the system

Thanks alot! And have a good new year!

Chris

sharman1234 · Jan 1, 2011

Hi! Happy New Year!

are we any closer to getting this sorted?
the BSOD's are getting pretty annoying and i have no access to another computer

Thanks

Chris

Jacee · Jan 2, 2011

Hi Sharman, download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

Disable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt <--this will be minimized in the task tray
Save both reports to your desktop.

Copy and paste the contents of both logs in your next reply.

sharman1234 · Jan 3, 2011

Thanks for the reply

Jacee · Jan 3, 2011

µTorrent ..... please uninstall this program while we are trying to get this issue sorted.
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work.
TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
***Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next,
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself

After doing the above, I'd like you to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the

button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on
  
  to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the
  
  icon on your desktop.
Check
Click the

button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the

button.
Push

sharman1234 · Jan 3, 2011

when i ran the scan the first time i got to 93% and was then BSoDed, but i had 4 threats.
when i ran again it completed and there were no threats.

is there anyway to retrieve the log from the interrupted scan?

Jacee · Jan 3, 2011

See #11 in my post above... "export to text". Save it to your desktop, copy and paste the results of the .txt log.

sharman1234 · Jan 4, 2011

Hi!

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentddod.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentwel.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Users\Chris\Music\Downloads\registrybooster.exe multiple threats deleted - quarantined

Jacee · Jan 4, 2011

Download HijackThis!
HijackThis - Trend Micro USA

Right click to run as Administrator. Click 'Do a System Scan and Save logfile'.
The HJT log will open in notepad.
Copy and paste the HJT log from notepad in your next post. Also let me know if your computer has had any more BSOD's

Irregular BSOD's

My Computer

My Computer

My Computer

Banned

My Computer

My Computer

Banned

My Computer

My Computer

My Computer

Banned

My Computer

My Computer

Banned

My Computer

My Computer

My Computer

Security

My Computer

Attachments

My Computer

Security

My Computer

My Computer

Security

My Computer

My Computer

Security

My Computer