Irql_not_less_or_equal bsod

xrx

New Member
-Vista x64
-Original OS pre-installed on system
-Approx 3.5 years old

My computer was infected with a virus which to the best of my knowledge has been removed. I also ran a system restore to a point prior to infection. However, it has left the system in somewhat of a state.

On my main user account, .exe files will not run unless i specifically right click and select run as administrator. Not doing this results in a dialog box asking me which program I want to open the file with. In addition to this, processes are regularly stopped by data execution prevention, usually during startup of a program, resulting in the '[x] has stopped working' dialog box.

I created a new user account, which seems to function normally with regard to processes. Unfortunately, it also BSOD's between 1-3 minutes after logging in, giving me the IRQL_NOT_LESS_OR_EQUAL message and the following data:

STOP: 0x0000000A (0x0000000000000000, 0x000000000000000C, 0x0000000000000000, xFFFFF80001E8AD25)

Thanks for any help

p.s. I was not quite sure about the 3rd instruction on the BSOD FAQ, when I select File/Save as the default file extension is .msc, not .html. But I saved it as .html anyway. Attempting to upload the file on here it gives me the 'invalid file' message, so if you need the extra info you'll have to tell me what I'm doing wrong.
 

My Computer

In most cases like this, you can't upload an .msc or a .html file - they have to be zipped up in order to upload (as a .zip). Try zipping it up by right clicking on it, selecting "Send to", then selecting "Compressed (zipped) folder"

You only have SP1 installed on Vista. Here's a link to instructions on how to install SP2: http://windows.microsoft.com/en-us/...-install-Windows-Vista-Service-Pack-2-SP2Some suggestions to ease the installation:
- update all drivers and programs on your system (a major cause of failure to install a Service Pack)
- scan for malware (another major cause of failure to install a Service Pack)
- visit Windows Update and get ALL available updates BEFORE installing SP2
- once SP2 is installed, visit Windows Update repeatedly until there are no more updates available.

You have a NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter. I've seen lot's of issues with these in Win7, but relatively few in Vista. If SP2 doesn't fix the problem, I'd suggest removing the drivers for this device and then installing a fresh copy of the latest available Vista compatible drivers.

You have issues with Microsoft 6to4 adapters. Please open up Device Manager, right click on the problematic 6to4 adapters, and select "Uninstall". If needed, these devices will automatically reinstall when you reboot. BUT, usually they're not needed and don't reappear.

You also have a Nokia 5310 Xpress Music device that's disabled. Please uninstall the software for the device and remove the device from your system. If you need to reinstall it, please be sure to download the latest drivers from the Nokia website.

This suspicious file is in your startups: 0.05009666534566759.exe.lnk
A google search returns no results for it. This is usually a warning sign of a malware infection. Please use a couple of these free scans to ensure that your current protection isn't compromised: Free Online AntiMalware Resources

Lot's of remnants of Daemon Tools in your dump files. While not usually a problem in Windows Vista, it can become corrupted. Please uninstall it, then use this free tool to remove the sptd.sys driver: DuplexSecure - FAQ - Remove 64 bit sptd.sys

- Further info on BSOD error messages available at: http://www.carrona.org/bsodindx.html
- Info on how to troubleshoot BSOD's (DRAFT): http://www.carrona.org/userbsod.html
- How I do it: http://www.carrona.org/howidoit.html

The following info is just FYI, I've already addressed the issues that I saw in the above paragraphs
3RD PARTY DRIVERS PRESENT IN THE DUMP FILES
Code:
[font=lucida console]
GEARAspiWDM.sys  Mon May 18 08:17:04 2009 (4A1151C0)
Lbd.sys          Fri Aug 28 05:02:24 2009 (4A979D20)
PS2.sys          Thu Sep 07 18:49:03 2006 (4500A1DF)
RTKVHD64.sys     Thu Jul 03 04:56:41 2008 (486C9449)
RTKVHD64.sys     Wed Feb 11 07:39:19 2009 (4992C6F7)
SECDRV.SYS       Wed Sep 13 09:18:38 2006 (4508052E)
Sftfslh.sys      Fri Sep 30 12:43:06 2011 (4E85F19A)
Sftplaylh.sys    Fri Sep 30 12:43:05 2011 (4E85F199)
Sftredirlh.sys   Fri Sep 30 12:43:14 2011 (4E85F1A2)
Sftvollh.sys     Fri Sep 30 12:42:46 2011 (4E85F186)
a055kuwz.SYS     Wed Dec 03 13:18:47 2008 (4936CD87)
a4lhxlxj.SYS     Wed Dec 03 13:18:47 2008 (4936CD87)
a9amo3v9.SYS     Wed Dec 03 13:18:47 2008 (4936CD87)
am7c2gbo.SYS     Wed Dec 03 13:18:47 2008 (4936CD87)
atikmdag.sys     Wed May 14 22:19:05 2008 (482B9D99)
atikmpag.sys     Wed Mar 10 17:34:04 2010 (4B981E5C)
atipmdag.sys     Wed Mar 10 18:14:05 2010 (4B9827BD)
bcmwlhigh664.sys Thu Mar 31 00:42:08 2011 (4D940620)
bcmwlhigh664.sys Thu Nov 05 19:27:07 2009 (4AF36D5B)
hamachi.sys      Thu Feb 19 05:36:41 2009 (499D3639)
mcdbus.sys       Tue Feb 24 05:34:07 2009 (49A3CD1F)
nvmfdx64.sys     Fri Aug 01 14:38:28 2008 (48935824)
nvmfdx64.sys     Wed May 21 13:48:06 2008 (48346056)
nvraid.sys       Wed Jun 06 16:34:01 2007 (46671A39)
nvstor64.sys     Fri Jun 06 22:08:11 2008 (4849ED8B)
savonaccess.sys  Wed Sep 08 12:53:19 2010 (4C87BF7F)
scmndisp.sys     Wed Jan 17 02:48:03 2007 (45ADD4B3)
sptd.sys         Wed Mar 05 19:34:27 2008 (47CF3C13)
[/font]


Code:
[font=lucida console]

[/font]

http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=Lbd.sys
http://www.carrona.org/drivers/driver.php?id=PS2.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=SECDRV.SYS
http://www.carrona.org/drivers/driver.php?id=Sftfslh.sys
http://www.carrona.org/drivers/driver.php?id=Sftplaylh.sys
http://www.carrona.org/drivers/driver.php?id=Sftredirlh.sys
http://www.carrona.org/drivers/driver.php?id=Sftvollh.sys
http://www.carrona.org/drivers/driver.php?id=a055kuwz.SYS
http://www.carrona.org/drivers/driver.php?id=a4lhxlxj.SYS
http://www.carrona.org/drivers/driver.php?id=a9amo3v9.SYS
http://www.carrona.org/drivers/driver.php?id=am7c2gbo.SYS
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atipmdag.sys
http://www.carrona.org/drivers/driver.php?id=bcmwlhigh664.sys
http://www.carrona.org/drivers/driver.php?id=hamachi.sys
http://www.carrona.org/drivers/driver.php?id=mcdbus.sys
http://www.carrona.org/drivers/driver.php?id=nvmfdx64.sys
http://www.carrona.org/drivers/driver.php?id=nvraid.sys
http://www.carrona.org/drivers/driver.php?id=nvstor64.sys
http://www.carrona.org/drivers/driver.php?id=savonaccess.sys
http://www.carrona.org/drivers/driver.php?id=scmndisp.sys
http://www.carrona.org/drivers/driver.php?id=sptd.sys

Code:
[font=lucida console]
Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\Mini050412-01.dmp]
Built by: 6001.18538.amd64fre.vistasp1_gdr.101014-0432
Debug session time: Fri May  4 06:29:29.167 2012 (UTC - 4:00)
System Uptime: 0 days 0:06:12.867
BugCheck 1E, {ffffffffc0000005, fffff800021323e2, 1, 18}
Probably caused by : ntkrnlmp.exe ( nt!ObpCreateUnnamedHandle+122 )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  plugin-containe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_nt!ObpCreateUnnamedHandle+122
Bugcheck code 0000001E
Arguments ffffffff`c0000005 fffff800`021323e2 00000000`00000001 00000000`00000018
BiosVersion =  5.14
BiosReleaseDate = 06/20/2008
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\Mini051712-01.dmp]
Built by: 6001.18538.amd64fre.vistasp1_gdr.101014-0432
Debug session time: Thu May 17 16:33:08.197 2012 (UTC - 4:00)
System Uptime: 0 days 9:59:03.897
BugCheck A, {291f, c, 1, fffff80001e809b6}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+86 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0xA_nt!KeStackAttachProcess+86
Bugcheck code 0000000A
Arguments 00000000`0000291f 00000000`0000000c 00000000`00000001 fffff800`01e809b6
BiosVersion =  5.14
BiosReleaseDate = 06/20/2008
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\Mini051712-02.dmp]
Built by: 6001.18538.amd64fre.vistasp1_gdr.101014-0432
Debug session time: Thu May 17 16:53:49.974 2012 (UTC - 4:00)
System Uptime: 0 days 0:01:57.020
BugCheck A, {0, c, 0, fffff80001e8ad25}
Probably caused by : ntkrnlmp.exe ( nt!ExpGetProcessInformation+2b9 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  AAWService.exe
FAILURE_BUCKET_ID:  X64_0xA_nt!ExpGetProcessInformation+2b9
Bugcheck code 0000000A
Arguments 00000000`00000000 00000000`0000000c 00000000`00000000 fffff800`01e8ad25
BiosVersion =  5.14
BiosReleaseDate = 06/20/2008
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\Mini051712-03.dmp]
Built by: 6001.18538.amd64fre.vistasp1_gdr.101014-0432
Debug session time: Thu May 17 17:47:43.773 2012 (UTC - 4:00)
System Uptime: 0 days 0:02:41.819
BugCheck A, {7f072, c, 1, fffff80001eb99b6}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+86 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0xA_nt!KeStackAttachProcess+86
Bugcheck code 0000000A
Arguments 00000000`0007f072 00000000`0000000c 00000000`00000001 fffff800`01eb99b6
BiosVersion =  5.14
BiosReleaseDate = 06/20/2008
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

  [/font]
 

My Computer

Back
Top