laptop crashing and restarting by itself, please help...

[lola]

It has been like that since last night after i accidentally pressed "yes" or "accept" when a window popped up while i was watching a tv show online. Sorry I don't remember what it said in that window, I was tired and I'm not exactly computer savvy.
Did i dl a virus? After that, the laptop crashed and a blue screen came up with something about crash dumping files at the bottom and the comp restarted. I did not know what to do so when i was able to get back in with safe mode(after many many tries), I did system restore to an earlier time but it did not work. Blue screen and restarting still happened afterward. So I ran norton while i was logged in w safe mode w networking again but the comp restarted half way thru it. I used Avira later and the same thing. The browsing i can do online to search for what could be wrong is limited as well, because when i click on any of the stuff that came up in the search results, it takes me to some advertisement page instead...the only way i can view any search result is by clicking on the cached link. So that is how i got to this site! Please help me!! I dunno what is going on... is it a virus or faulty hard drive or what is it? I feel like it has to do that thing i dl-ed last night. The laptop is new i just bought it last month and it is so frustrating that this is happening so soon. On the blue screen, i saw DRIVERS_IRQL_NOT_LESS_OR_EQUAL

Also my windows security center service is not turned on and i'm not able to turn it on. when i try, it says "windows security center service can't be started".

i thought it might be the "sasser" virus that people were complaining about...they say their computer keeps restarting due to it and that you have to turn off "system restore" in order to remove it. So i went to start>computer>properties> which took me to "system" in my windows7 but the turn on/off tab is missing!! Please help! What should I do?

 

[lola]

here i've attached my mini dump files, hopefully it works.

 

[Elmer BeFuddled]

Hi lola and Welcome to the Forum.

I just re-read your first post.

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then import a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

Below is attached RKill in a zip.

View attachment rkill.zip


Download, install and update Malwarebytes' Free. Run a full scan in Safe Mode.

Download TDSSKiller and run it in Safe Mode.


STOP 0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Usual causes: Device driver

Your later dump files list iaStor.sys as the probable cause.
Old and incompatible drivers can and do cause issues with Windows 7.

As a Priority:

iaStor.sys Wed Mar 24 20:55:45 2010 Intel Rapid Storage.

You have Norton AND Avira installed. Two AV/Security programs running is asking for trouble. Neither of them are particularly Blue screen friendly. You need to uninstall one of them at least. Your choice.
I'd say remove the Norton using the Norton Removal Tool in Safe Mode. If blue screens continue, Uninstall Avira and download BSOD friendly Microsoft Security Essentials as its replacement. Make sure Windows firewall is enabled!

Outdated Drivers. Update:

pgeffect.sys Mon Jun 22 10:00:11 2009 Toshiba Universal Camera Filter driver/Pangu Effect driver

QIOMem.sys Mon Jun 15 06:58:48 2009 TOSHIBA Generic IO & Memory Access

TVALZFL.sys Fri Jun 19 11:05:44 2009 TVALZ Filter Driver - Toshiba

Bugcheck Analysis:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\ DOWNLOADS\lola\New folder\040611-24523-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\WinSym*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a1e000 PsLoadedModuleList = 0xfffff800`02c5be50
Debug session time: Wed Apr  6 08:50:30.431 2011 (UTC + 1:00)
System Uptime: 0 days 0:01:51.805
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 1, fffff88001149b55}

Unable to load image \SystemRoot\system32\DRIVERS\iaStor.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
Probably caused by : iaStor.sys ( iaStor+50b55 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88001149b55, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc60e0
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
iaStor+50b55
fffff880`01149b55 4c8902          mov     qword ptr [rdx],r8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88003322ab0 -- (.trap 0xfffff88003322ab0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffffa8004989c38
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001149b55 rsp=fffff88003322c40 rbp=fffffa80088e2c28
 r8=fffff80000000000  r9=0000000000000000 r10=fffffa8004987000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
iaStor+0x50b55:
fffff880`01149b55 4c8902          mov     qword ptr [rdx],r8 ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002a8dca9 to fffff80002a8e740

STACK_TEXT:  
fffff880`03322968 fffff800`02a8dca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`03322970 fffff800`02a8c920 : 00000000`00000003 fffffa80`04987000 00000000`00000000 fffffa80`085382d0 : nt!KiBugCheckDispatch+0x69
fffff880`03322ab0 fffff880`01149b55 : 00000000`0000ff00 fffff880`076e96a0 fffff880`076e96a0 fffffa80`04987000 : nt!KiPageFault+0x260
fffff880`03322c40 00000000`0000ff00 : fffff880`076e96a0 fffff880`076e96a0 fffffa80`04987000 00000000`00000022 : iaStor+0x50b55
fffff880`03322c48 fffff880`076e96a0 : fffff880`076e96a0 fffffa80`04987000 00000000`00000022 00000000`00000000 : 0xff00
fffff880`03322c50 fffff880`076e96a0 : fffffa80`04987000 00000000`00000022 00000000`00000000 fffffa80`00100000 : 0xfffff880`076e96a0
fffff880`03322c58 fffffa80`04987000 : 00000000`00000022 00000000`00000000 fffffa80`00100000 fffff880`01126d46 : 0xfffff880`076e96a0
fffff880`03322c60 00000000`00000022 : 00000000`00000000 fffffa80`00100000 fffff880`01126d46 fffff880`076e96a0 : 0xfffffa80`04987000
fffff880`03322c68 00000000`00000000 : fffffa80`00100000 fffff880`01126d46 fffff880`076e96a0 fffffa80`00100000 : 0x22


STACK_COMMAND:  kb

FOLLOWUP_IP: 
iaStor+50b55
fffff880`01149b55 4c8902          mov     qword ptr [rdx],r8

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  iaStor+50b55

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: iaStor

IMAGE_NAME:  iaStor.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4baa7c51

FAILURE_BUCKET_ID:  X64_0xD1_iaStor+50b55

BUCKET_ID:  X64_0xD1_iaStor+50b55

Followup: MachineOwner

Drivers:

fffff880`00f08000 fffff880`00f5f000   ACPI     ACPI.sys     Tue Jul 14 00:19:34 2009 (4A5BC106)
fffff880`03e00000 fffff880`03e8a000   afd      afd.sys      Tue Jul 14 00:21:40 2009 (4A5BC184)
fffff880`0424a000 fffff880`04260000   AgileVpn AgileVpn.sys Tue Jul 14 01:10:24 2009 (4A5BCCF0)
fffff880`01341000 fffff880`0134c000   amdxata  amdxata.sys  Tue May 19 18:56:59 2009 (4A12F2EB)
fffff880`01303000 fffff880`0130c000   atapi    atapi.sys    Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`0130c000 fffff880`01336000   ataport  ataport.SYS  Tue Aug 10 03:37:02 2010 (4C60BB4E)
fffff880`010cf000 fffff880`010ec000   avgntflt avgntflt.sys Thu Nov 11 15:59:48 2010 (4CDC12F4)
fffff880`043dd000 fffff880`043ff000   avipbb   avipbb.sys   Mon Feb 22 10:08:50 2010 (4B8257B2)
fffff880`00fd0000 fffff880`00fdc000   BATTC    BATTC.SYS    Tue Jul 14 00:31:01 2009 (4A5BC3B5)
fffff880`04101000 fffff880`04108000   Beep     Beep.SYS     Tue Jul 14 01:00:13 2009 (4A5BCA8D)
fffff880`042c7000 fffff880`043dd000   BHDrvx64 BHDrvx64.sys Wed Feb 23 22:42:55 2011 (4D658D6F)
fffff880`0301e000 fffff880`0302f000   blbdrive blbdrive.sys Tue Jul 14 00:35:59 2009 (4A5BC4DF)
fffff880`02be0000 fffff880`02bfe000   bowser   bowser.sys   Tue Jul 14 00:23:50 2009 (4A5BC206)
fffff960`007d0000 fffff960`007f7000   cdd      cdd.dll      unavailable (00000000)
fffff880`040ce000 fffff880`040f8000   cdrom    cdrom.sys    Tue Jul 14 00:19:54 2009 (4A5BC11A)
fffff880`046c7000 fffff880`0477a000   CHDRT64  CHDRT64.sys  Wed Mar 31 07:18:52 2010 (4BB2E94C)
fffff880`00cc4000 fffff880`00d84000   CI       CI.dll       Tue Jul 14 02:32:13 2009 (4A5BE01D)
fffff880`01c80000 fffff880`01cb0000   CLASSPNP CLASSPNP.SYS Tue Jul 14 00:19:58 2009 (4A5BC11E)
fffff880`00c66000 fffff880`00cc4000   CLFS     CLFS.SYS     Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`044ec000 fffff880`044f0500   CmBatt   CmBatt.sys   Tue Jul 14 00:31:03 2009 (4A5BC3B7)
fffff880`01400000 fffff880`01473000   cng      cng.sys      Tue Jul 14 00:49:40 2009 (4A5BC814)
fffff880`00fc7000 fffff880`00fd0000   compbatt compbatt.sys Tue Jul 14 00:31:02 2009 (4A5BC3B6)
fffff880`057e5000 fffff880`057f5000   CompositeBus CompositeBus.sys Tue Jul 14 01:00:33 2009 (4A5BCAA1)
fffff880`047eb000 fffff880`047f9000   crashdmp crashdmp.sys Tue Jul 14 01:01:01 2009 (4A5BCABD)
fffff880`03000000 fffff880`0301e000   dfsc     dfsc.sys     Tue Jul 14 00:23:44 2009 (4A5BC200)
fffff880`031e9000 fffff880`031f8000   discache discache.sys Tue Jul 14 00:37:18 2009 (4A5BC52E)
fffff880`01c6a000 fffff880`01c80000   disk     disk.sys     Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`047b7000 fffff880`047d9000   drmk     drmk.sys     Tue Jul 14 02:01:25 2009 (4A5BD8E5)
fffff880`040ba000 fffff880`040cd000   dump_dumpfve dump_dumpfve.sys Tue Jul 14 00:21:51 2009 (4A5BC18F)
fffff880`03eb0000 fffff880`040ba000   dump_iaStor dump_iaStor.sys Wed Mar 24 20:55:45 2010 (4BAA7C51)
fffff880`047df000 fffff880`047eb000   Dxapi    Dxapi.sys    Tue Jul 14 00:38:28 2009 (4A5BC574)
fffff880`05689000 fffff880`0577d000   dxgkrnl  dxgkrnl.sys  Fri Oct 02 02:00:14 2009 (4AC5509E)
fffff880`0577d000 fffff880`057c3000   dxgmms1  dxgmms1.sys  Tue Jul 14 00:38:32 2009 (4A5BC578)
fffff880`03173000 fffff880`031e9000   eeCtrl64 eeCtrl64.sys Fri May 21 22:44:45 2010 (4BF6FECD)
fffff880`01071000 fffff880`01085000   fileinfo fileinfo.sys Tue Jul 14 00:34:25 2009 (4A5BC481)
fffff880`0134c000 fffff880`01398000   fltmgr   fltmgr.sys   Tue Jul 14 00:19:59 2009 (4A5BC11F)
fffff880`017dd000 fffff880`017e7000   Fs_Rec   Fs_Rec.sys   Tue Jul 14 00:19:45 2009 (4A5BC111)
fffff880`01c30000 fffff880`01c6a000   fvevol   fvevol.sys   Tue Jul 14 00:22:15 2009 (4A5BC1A7)
fffff880`01085000 fffff880`010cf000   fwpkclnt fwpkclnt.sys Tue Jul 14 00:21:08 2009 (4A5BC164)
fffff800`02ffa000 fffff800`03043000   hal      hal.dll      Tue Jul 14 02:27:36 2009 (4A5BDF08)
fffff880`04226000 fffff880`0424a000   HDAudBus HDAudBus.sys Tue Jul 14 01:06:13 2009 (4A5BCBF5)
fffff880`057c3000 fffff880`057d4000   HECIx64  HECIx64.sys  Thu Sep 17 20:54:16 2009 (4AB293E8)
fffff880`02b18000 fffff880`02be0000   HTTP     HTTP.sys     Tue Jul 14 00:22:16 2009 (4A5BC1A8)
fffff880`018b2000 fffff880`018bb000   hwpolicy hwpolicy.sys Tue Jul 14 00:19:22 2009 (4A5BC0FA)
fffff880`04415000 fffff880`04433000   i8042prt i8042prt.sys Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`010f9000 fffff880`01303000   iaStor   iaStor.sys   Wed Mar 24 20:55:45 2010 (4BAA7C51)
fffff880`030f8000 fffff880`03173000   IDSvia64 IDSvia64.sys Fri Nov 05 21:13:11 2010 (4CD47367)
fffff880`04c6a000 fffff880`056886e0   igdkmd64 igdkmd64.sys Wed Jul 28 22:10:36 2010 (4C509CCC)
fffff880`044af000 fffff880`044d5d00   Impcd    Impcd.sys    Fri Feb 26 23:32:11 2010 (4B8859FB)
fffff880`044d6000 fffff880`044ec000   intelppm intelppm.sys Tue Jul 14 00:19:25 2009 (4A5BC0FD)
fffff880`01dae000 fffff880`01ddb000   Ironx64  Ironx64.SYS  Fri Nov 12 23:06:50 2010 (4CDDC88A)
fffff880`04433000 fffff880`04442000   kbdclass kbdclass.sys Tue Jul 14 00:19:50 2009 (4A5BC116)
fffff800`00baf000 fffff800`00bb2000   kdcom    kdcom.dll    Mon Mar 14 11:05:09 2011 (4D7DF665)
fffff880`04603000 fffff880`04646000   ks       ks.sys       Tue Jul 14 01:00:31 2009 (4A5BCA9F)
fffff880`017b2000 fffff880`017cc000   ksecdd   ksecdd.sys   Tue Jul 14 00:20:54 2009 (4A5BC156)
fffff880`01860000 fffff880`0188b000   ksecpkg  ksecpkg.sys  Fri Dec 11 06:03:32 2009 (4B21E0B4)
fffff880`047d9000 fffff880`047de200   ksthunk  ksthunk.sys  Tue Jul 14 01:00:19 2009 (4A5BCA93)
fffff880`04400000 fffff880`04415000   L1C62x64 L1C62x64.sys Mon Feb 22 09:51:51 2010 (4B8253B7)
fffff880`017e7000 fffff880`017fc000   lltdio   lltdio.sys   Tue Jul 14 01:08:50 2009 (4A5BCC92)
fffff880`015d3000 fffff880`015f6000   luafv    luafv.sys    Tue Jul 14 00:26:13 2009 (4A5BC295)
fffff880`00c0e000 fffff880`00c52000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Tue Jul 14 02:29:10 2009 (4A5BDF66)
fffff880`01cb0000 fffff880`01cbe000   monitor  monitor.sys  Tue Jul 14 00:38:52 2009 (4A5BC58C)
fffff880`04496000 fffff880`044a5000   mouclass mouclass.sys Tue Jul 14 00:19:50 2009 (4A5BC116)
fffff880`00e00000 fffff880`00e1a000   mountmgr mountmgr.sys Tue Jul 14 00:19:54 2009 (4A5BC11A)
fffff880`02a00000 fffff880`02a18000   mpsdrv   mpsdrv.sys   Tue Jul 14 01:08:25 2009 (4A5BCC79)
fffff880`02a18000 fffff880`02a45000   mrxsmb   mrxsmb.sys   Sat Feb 27 07:52:19 2010 (4B88CF33)
fffff880`02a45000 fffff880`02a93000   mrxsmb10 mrxsmb10.sys Sat Feb 27 07:52:28 2010 (4B88CF3C)
fffff880`02e7a000 fffff880`02e9d000   mrxsmb20 mrxsmb20.sys Sat Feb 27 07:52:26 2010 (4B88CF3A)
fffff880`01336000 fffff880`01341000   msahci   msahci.sys   Tue Aug 10 04:23:00 2010 (4C60C614)
fffff880`04166000 fffff880`04171000   Msfs     Msfs.SYS     Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`00f68000 fffff880`00f72000   msisadrv msisadrv.sys Tue Jul 14 00:19:26 2009 (4A5BC0FE)
fffff880`01575000 fffff880`015d3000   msrpc    msrpc.sys    Tue Jul 14 00:21:32 2009 (4A5BC17C)
fffff880`018a0000 fffff880`018b2000   mup      mup.sys      Tue Jul 14 00:23:45 2009 (4A5BC201)
fffff880`018ca000 fffff880`019bc000   ndis     ndis.sys     Tue Jul 14 00:21:40 2009 (4A5BC184)
fffff880`04284000 fffff880`04290000   ndistapi ndistapi.sys Tue Jul 14 01:10:00 2009 (4A5BCCD8)
fffff880`02aed000 fffff880`02b00000   ndisuio  ndisuio.sys  Tue Jul 14 01:09:25 2009 (4A5BCCB5)
fffff880`04290000 fffff880`042bf000   ndiswan  ndiswan.sys  Tue Jul 14 01:10:11 2009 (4A5BCCE3)
fffff880`046b2000 fffff880`046c7000   NDProxy  NDProxy.SYS  Tue Jul 14 01:10:05 2009 (4A5BCCDD)
fffff880`01cd4000 fffff880`01ce3000   netbios  netbios.sys  Tue Jul 14 01:09:26 2009 (4A5BCCB6)
fffff880`041ad000 fffff880`041f2000   netbt    netbt.sys    Tue Jul 14 00:21:28 2009 (4A5BC178)
fffff880`01800000 fffff880`01860000   NETIO    NETIO.SYS    Tue Jul 14 00:21:46 2009 (4A5BC18A)
fffff880`04171000 fffff880`04182000   Npfs     Npfs.SYS     Tue Jul 14 00:19:48 2009 (4A5BC114)
fffff880`030e1000 fffff880`030ed000   nsiproxy nsiproxy.sys Tue Jul 14 00:21:02 2009 (4A5BC15E)
fffff800`02a1e000 fffff800`02ffa000   nt       ntkrnlmp.exe Sat Jun 19 05:16:41 2010 (4C1C44A9)
fffff880`0160f000 fffff880`017b2000   Ntfs     Ntfs.sys     Tue Jul 14 00:20:47 2009 (4A5BC14F)
fffff880`040f8000 fffff880`04101000   Null     Null.SYS     Tue Jul 14 00:19:37 2009 (4A5BC109)
fffff880`02a9a000 fffff880`02aed000   nwifi    nwifi.sys    Tue Jul 14 01:07:23 2009 (4A5BCC3B)
fffff880`03e8a000 fffff880`03eb0000   pacer    pacer.sys    Tue Jul 14 01:09:41 2009 (4A5BCCC5)
fffff880`00fb2000 fffff880`00fc7000   partmgr  partmgr.sys  Tue Jul 14 00:19:58 2009 (4A5BC11E)
fffff880`00f72000 fffff880`00fa5000   pci      pci.sys      Sat Oct 17 10:26:25 2009 (4AD98DC1)
fffff880`00e1a000 fffff880`00e21000   pciide   pciide.sys   Tue Jul 14 00:19:49 2009 (4A5BC115)
fffff880`00e21000 fffff880`00e31000   PCIIDEX  PCIIDEX.SYS  Tue Jul 14 00:19:48 2009 (4A5BC114)
fffff880`017cc000 fffff880`017dd000   pcw      pcw.sys      Tue Jul 14 00:19:27 2009 (4A5BC0FF)
fffff880`02e9d000 fffff880`02f43000   peauth   peauth.sys   Tue Jul 14 02:01:19 2009 (4A5BD8DF)
fffff880`047f9000 fffff880`047ffe80   pgeffect pgeffect.sys Mon Jun 22 10:00:11 2009 (4A3F481B)
fffff880`0477a000 fffff880`047b7000   portcls  portcls.sys  Tue Jul 14 01:06:27 2009 (4A5BCC03)
fffff880`00c52000 fffff880`00c66000   PSHED    PSHED.dll    Tue Jul 14 02:32:23 2009 (4A5BE027)
fffff880`045f1000 fffff880`045fb000   QIOMem   QIOMem.sys   Mon Jun 15 06:58:48 2009 (4A35E318)
fffff880`04260000 fffff880`04284000   rasl2tp  rasl2tp.sys  Tue Jul 14 01:10:11 2009 (4A5BCCE3)
fffff880`0302f000 fffff880`0304a000   raspppoe raspppoe.sys Tue Jul 14 01:10:17 2009 (4A5BCCE9)
fffff880`0304a000 fffff880`0306b000   raspptp  raspptp.sys  Tue Jul 14 01:10:18 2009 (4A5BCCEA)
fffff880`0306b000 fffff880`03085000   rassstp  rassstp.sys  Tue Jul 14 01:10:25 2009 (4A5BCCF1)
fffff880`03090000 fffff880`030e1000   rdbss    rdbss.sys    Tue Jul 14 00:24:09 2009 (4A5BC219)
fffff880`0414b000 fffff880`04154000   RDPCDD   RDPCDD.sys   Tue Jul 14 01:16:34 2009 (4A5BCE62)
fffff880`04154000 fffff880`0415d000   rdpencdd rdpencdd.sys Tue Jul 14 01:16:34 2009 (4A5BCE62)
fffff880`0415d000 fffff880`04166000   rdprefmp rdprefmp.sys Tue Jul 14 01:16:35 2009 (4A5BCE63)
fffff880`019bc000 fffff880`019f6000   rdyboost rdyboost.sys Sat Jun 19 05:25:06 2010 (4C1C46A2)
fffff880`02b00000 fffff880`02b18000   rspndr   rspndr.sys   Tue Jul 14 01:08:50 2009 (4A5BCC92)
fffff880`044f4000 fffff880`045e4000   rtl8192Ce rtl8192Ce.sys Fri Feb 12 07:49:15 2010 (4B7507FB)
fffff880`01c00000 fffff880`01c0a000   SASDIFSV64 SASDIFSV64.SYS Tue Feb 09 00:11:52 2010 (4B70A848)
fffff880`01df1000 fffff880`01dfb000   SASKUTIL64 SASKUTIL64.SYS Tue Feb 09 22:27:34 2010 (4B71E156)
fffff880`02f43000 fffff880`02f4e000   secdrv   secdrv.SYS   Wed Sep 13 14:18:38 2006 (4508052E)
fffff880`01898000 fffff880`018a0000   spldr    spldr.sys    Mon May 11 17:56:27 2009 (4A0858BB)
fffff880`01ddb000 fffff880`01df1000   SRTSPX64 SRTSPX64.SYS Sat Nov 20 00:18:10 2010 (4CE713C2)
fffff880`0704c000 fffff880`070e2000   srv      srv.sys      Tue Jun 22 04:21:11 2010 (4C202C27)
fffff880`02f8d000 fffff880`02ff5000   srv2     srv2.sys     Tue Jun 22 04:20:47 2010 (4C202C0F)
fffff880`02f4e000 fffff880`02f7b000   srvnet   srvnet.sys   Tue Jun 22 04:20:32 2010 (4C202C00)
fffff880`045fb000 fffff880`045fc480   swenum   swenum.sys   Tue Jul 14 01:00:18 2009 (4A5BCA92)
fffff880`01000000 fffff880`01071000   SYMDS64  SYMDS64.SYS  Fri Oct 15 18:53:54 2010 (4CB89532)
fffff880`014ac000 fffff880`01575000   SYMEFA64 SYMEFA64.SYS Mon Nov 15 21:56:23 2010 (4CE1AC87)
fffff880`01d78000 fffff880`01dae000   SYMEVENT64x86 SYMEVENT64x86.SYS Sat Jul 31 00:05:59 2010 (4C535AD7)
fffff880`01d12000 fffff880`01d78000   SYMNETS  SYMNETS.SYS  Tue Nov 30 23:24:40 2010 (4CF587B8)
fffff880`04442000 fffff880`04494000   SynTP    SynTP.sys    Thu Mar 11 02:02:01 2010 (4B984F19)
fffff880`01a01000 fffff880`01bfe000   tcpip    tcpip.sys    Mon Jun 14 04:39:04 2010 (4C15A458)
fffff880`02f7b000 fffff880`02f8d000   tcpipreg tcpipreg.sys Tue Jul 14 01:09:49 2009 (4A5BCCCD)
fffff880`044a5000 fffff880`044af000   tdcmdpst tdcmdpst.sys Thu Jul 30 09:39:35 2009 (4A715C47)
fffff880`041a0000 fffff880`041ad000   TDI      TDI.SYS      Tue Jul 14 00:21:18 2009 (4A5BC16E)
fffff880`04182000 fffff880`041a0000   tdx      tdx.sys      Tue Jul 14 00:21:15 2009 (4A5BC16B)
fffff880`01cfe000 fffff880`01d12000   termdd   termdd.sys   Tue Jul 14 01:16:36 2009 (4A5BCE64)
fffff960`00550000 fffff960`0055a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`04200000 fffff880`04226000   tunnel   tunnel.sys   Tue Jul 14 01:09:37 2009 (4A5BCCC1)
fffff880`01893000 fffff880`01897e00   TVALZ_O  TVALZ_O.SYS  Tue Jul 14 03:19:26 2009 (4A5BEB2E)
fffff880`04c56000 fffff880`04c5d000   TVALZFL  TVALZFL.sys  Fri Jun 19 11:05:44 2009 (4A3B62F8)
fffff880`04646000 fffff880`04658000   umbus    umbus.sys    Tue Jul 14 01:06:56 2009 (4A5BCC20)
fffff880`01c0a000 fffff880`01c27000   usbccgp  usbccgp.sys  Tue Jul 14 01:06:45 2009 (4A5BCC15)
fffff880`04494000 fffff880`04495f00   USBD     USBD.SYS     Tue Jul 14 01:06:23 2009 (4A5BCBFF)
fffff880`057d4000 fffff880`057e5000   usbehci  usbehci.sys  Fri Dec 04 07:26:02 2009 (4B18B98A)
fffff880`04658000 fffff880`046b2000   usbhub   usbhub.sys   Fri Dec 04 07:26:39 2009 (4B18B9AF)
fffff880`04c00000 fffff880`04c56000   USBPORT  USBPORT.SYS  Tue Jul 14 01:06:31 2009 (4A5BCC07)
fffff880`01473000 fffff880`014a0100   usbvideo usbvideo.sys Tue Jul 14 01:07:00 2009 (4A5BCC24)
fffff880`00fa5000 fffff880`00fb2000   vdrvroot vdrvroot.sys Tue Jul 14 01:01:31 2009 (4A5BCADB)
fffff880`04108000 fffff880`04116000   vga      vga.sys      Tue Jul 14 00:38:47 2009 (4A5BC587)
fffff880`04116000 fffff880`0413b000   VIDEOPRT VIDEOPRT.SYS Tue Jul 14 00:38:51 2009 (4A5BC58B)
fffff880`00fdc000 fffff880`00ff1000   volmgr   volmgr.sys   Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`00d84000 fffff880`00de0000   volmgrx  volmgrx.sys  Tue Jul 14 00:20:33 2009 (4A5BC141)
fffff880`01398000 fffff880`013e4000   volsnap  volsnap.sys  Tue Jul 14 00:20:08 2009 (4A5BC128)
fffff880`045e4000 fffff880`045f1000   vwifibus vwifibus.sys Tue Jul 14 01:07:21 2009 (4A5BCC39)
fffff880`01cbe000 fffff880`01cd4000   vwififlt vwififlt.sys Tue Jul 14 01:07:22 2009 (4A5BCC3A)
fffff880`01ce3000 fffff880`01cfe000   wanarp   wanarp.sys   Tue Jul 14 01:10:21 2009 (4A5BCCED)
fffff880`0413b000 fffff880`0414b000   watchdog watchdog.sys Tue Jul 14 00:37:35 2009 (4A5BC53F)
fffff880`0188b000 fffff880`01893000   wd       wd.sys       Tue Jul 14 00:19:55 2009 (4A5BC11B)
fffff880`00e55000 fffff880`00ef9000   Wdf01000 Wdf01000.sys Tue Jul 14 00:22:07 2009 (4A5BC19F)
fffff880`00ef9000 fffff880`00f08000   WDFLDR   WDFLDR.SYS   Tue Jul 14 00:19:54 2009 (4A5BC11A)
fffff880`041f2000 fffff880`041fb000   wfplwf   wfplwf.sys   Tue Jul 14 01:09:26 2009 (4A5BCCB6)
fffff960`00000000 fffff960`0030f000   win32k   win32k.sys   unavailable (00000000)
fffff880`04c5d000 fffff880`04c66000   wmiacpi  wmiacpi.sys  Tue Jul 14 00:31:02 2009 (4A5BC3B6)
fffff880`00f5f000 fffff880`00f68000   WMILIB   WMILIB.SYS   Tue Jul 14 00:19:51 2009 (4A5BC117)
fffff880`00e31000 fffff880`00e52000   WudfPf   WudfPf.sys   Tue Jul 14 01:05:37 2009 (4A5BCBD1)

Unloaded modules:
fffff880`02461000 fffff880`0249e000   RtsUStor.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0003D000
fffff880`01cb0000 fffff880`01cbe000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`03eb1000 fffff880`040bb000   dump_iaStor.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020A000
fffff880`040bb000 fffff880`040ce000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`030ed000 fffff880`030f8000   mssmbios.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000

If you get further problems with blue screens, attach your new dump files and details and we'll move on from there.


HTH.

 

[lola]

Hi Elmer BeFuddled

Thanks a lot for the prompt reply, i do have Malwarebytes, i dl-ed it earlier today. Superantispyware free edition too, should i delete that one? Btw I dl-ed Avira today out of panic since norton did not work. So ok i will try to remove norton and report back.

 

[Elmer BeFuddled]

I've edited (again!) my 1st post. Attached a little program called rkill in case you need it. SAS can stay (for now!!!)

 

[lola]

I've edited (again!) my 1st post. Attached a little program called rkill in case you need it. SAS can stay (for now!!!)

Hi Elmer, I'm back. I removed norton w that prog and restarted the comp. Blue screen came up with System_Service_Exception and... I dunno what else it said on there, it was too quick to restart. I dl-ed rkill when i signed back on to reply and... when i let it run, the blue screen again. It's back to DRIVERS_IRQL_NOT_LESS_OR_EQUAL again. What should i do now?

 

[lola]

Hi Elmer, this is the new mini dump file btw...

 

[lola]

Hi Elmer, I just ran a full scan with Malwarebytes free and there's something called rootkit.tdss.


edit: I tried to remove it w MB but it didn't work.

 

[Elmer BeFuddled]

You need TDssKiller run in Safe Mode. Let Me know if you can't download.

DIRECT LINK:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

[lola]

Elmer, I think it's gone! I ran the TDsskiller like you said. No more blue screen! Phew. Don't need to sign in with safe mode anymore either. Which progs should i keep? I now have MB,SAS, Rkill, TDsskiller, Spyware doc and Avira.

Thank you soo much for your help, i really appreciate it.

 

[Elmer BeFuddled]

Glad to hear things have settled.

Keep TDSSKiller (wish I'd read your 1st post properly, that was your problem!) and rkill in a handy "kill the bad guys" folder. They don't install on your system. They're just handy to have.
Especially if you download "iffy" stuff!!

Avira AV gives some people BSOD problems. If you're now clear then no need to worry. Just check to make sure it is running properly in case the TDSS messed with it. If you get (possibly BSOD) problems replace it with Microsoft Security Essentials

Mbam is good. Update the database and do a weekly manual quick scan.

SAS is also good if you feel you need it. Sometimes (very rarely) it has been known to clash with other "security" programs.

I wouldn't bother with Spyware Doc.

HTH.

NB Delete all your System Restore points and start afresh.