Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD with iastor.sys error when I run MBAM


  • This topic is locked This topic is locked
1 reply to this topic

#1 jtb14789

jtb14789

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:52 PM

Posted 16 November 2010 - 09:10 AM

Hi - I posted 5 days ago about this topic in the Malware thread and included a HT log there. I have not received an answer. While continuing to Google about my problem, I thought perhaps I hadn't received an answer because the issue might not be malware, but maybe a computer problem? So I am trying a post here, with more information, to see if anyone has some ideas. Here is a link to my original post for more background:
http://www.bleepingcomputer.com/forums/topic359769.html/page__p__2012308__hl__bsod+mbam__fromsearch__1#entry2012308

As long as I do not run MBAM, my PC is otherwise running fine. My browsers are running fine now too. I shut off a Flash plug-in that was added when I updated Flash and that seems to have resolved that issue. I shut off the teatimer for SB S&D that was running in the background. As I have Window Defender & SAS both running with live protection, along with Sunbelt Firewall & Avast AV, SB was perhaps overkill?

I recorded the error message that occurs when I get a BSOD. Perhaps these codes will help:

DRIVER_IRQL_NOT_LESS_OR_EQUAL
Stop: 0x000000D1 (0x00000018, 0x00000002, 0x00000000, 0xF734725F)
iastor.sys - Address F734725F base at F7338000, DateStamp 42b2bf42
dump physical memory

The error log after Windows restarts reads:

Error signature
BCCode: d1
BCP1: 00000018
BCP2: 00000002
BCP3: 00000000
BCP4: F734725F
OSVer: 5_1_2600
SP: 3_0
Product 768_1

The error report contains:

Files included in this report:
C:\DOCUME~1\TONY\LOCALS~1\Temp|WERa7af.dir00\Mini111410-01.dmp
C:\DOCUME~1\TONY\LOCALS`1\Temp\WERa7af.dir00\sysdata.xml

When I run MBAM, the program crashes about 4 seconds in while it says it is in the process of "Enumerating Registry Objects"

It does not crash when I run it in Safe Mode. During one of the times I ran it in Safe Mode, it found and removed 1 threat:

Hijack.Homepage Registry Data
Key_Current_User\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage

This was found after I had run full scans of Avast AV, SAS, and SB S&D, all of which had found nothing. After MBAM removed this threat, it would still crash when run in Normal mode. A subsequent scan in Safe Mode again had this threat pop up as existing and needing removing. I would swear that I did tell MBAM to remove it the first time it was found, so I am concerned that it didn't get removed. It appears to have been removed now, but I have not attempted to run MBAM again, since I am concerned about repeatedly crashing my PC.

During the several attempts to determine the source of the problem, I tried shutting off my AV, SAS & Windows Defender, to make sure that perhaps some recent upgrade to MBAM wasn't conflicting with the other programs I run (I left the firewall on). When I ran MBAM by itself with all these items off it still didn't help. MBAM crashed the PC. I had no other programs open at the time either.

FWIW, I have NOT had any issues with my homepage getting hijacked, nor any attempts that I've seen to do so. I have Spyware Blaster on my system and it is set to block changes to the home page.

I defragged my drive (Window Defrag showed it 15% fragged, Defraggler showed it 34% fragged. I don't know why the difference). I have a 145Gb hard drive that is about 55% full. I ran Defraggler. That did not resolve the crash problem. It did seem to speed up the PC a bit.

In Googling my problem further with some of the error codes above, some posts pointed to a potential Intel chipset driver problem? Since I am able to use the program with no issues in Safe Mode, it made sense a driver could be a source of the problem (I would also suspect a potential registry issue). I ran my Dell's Driver Reset tool on my PC. Nothing came up from that. I went to Dell's site and ran their driver tool. It said I needed a critical update from 2006 to my Intel chipset. I thought I did that long ago, but anyway...I downloaded and installed it again. I ran MBAM again, with the same BSOD (the above error codes are from that last crash).

Thanks for any and all help with this! If I have posted this to the wrong forum, my apologies, and I hope you can let me know and move it to the correct area. I tried to figure out the best place for it. I am not posting an updated HT log here, as the instructions say not to. Please let me know if you need any further information I may have omitted, or if there are any steps you would like me to take.

I have a Dell Dimensions DXP051 with Windows XP Home Edition, Version 2002, Edition, SP3, Intel Pentium 4 3.2Ghz, 1Gb RAM, 145Gb hard drive. For anti-virus/mal/spyware, I have: Sunbelt Personal Firewall (previously Kerio), Avast Anti-virus, Windows Defender, SAS Free Edition (with real-time protection), MBAM (only run manually), SpyBot Search & Destroy (only run manually), Spyware Blaster (with autoupdate). I use Firefox 3.6.12 & IE8.

As mentioned in my previous thread, within the 10 days or so, I updated/ran Secunia PSI to check for programs that needed updates. I then updated Adobe Flash, Adobe Reader, Adobe Shockwave, Java, Real Player. Might be 1 or 2 other programs in there that I'm not recalling right now. I had IE7 & upgraded it to IE8 also.

I mentioned a minor issue with SB S&D in my previous thread (the User Abort popping up). That issue, whatever it was, appears to have gone away. I have run a full scan successfully with it without that happening again.

Thanks again very much for any help

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:52 PM

Posted 16 November 2010 - 09:31 AM

Good morning :).

Malware logs...are worked somewhat in the order of received, with a current approximate 7-day backlog of logs which have not been picked up by a helper. A quick look at the open logs as of right now...reveals that logs dated 9 Nov are at the top of the iist, so I would expect that you will receive some response to your situation either today or tomorrow.

We understand your impatience...but I will try to explain a few things about how malware log topics are handled and the way that the Malware Removal Logs forum functions.

Anyone posting a log...can expect something less than immediate attention. We have a rather large number of members who have posted malware logs because they have malware issues. Currently, we have a backlog of approximately 7 days...which means that there are many more persons with malware problems...than we have volunteers capable of providing assistance.

We (BC Staff) are all volunteers...there are not an unlimited number of persons trained in dealing with malware...who are just standing around waiting to try to help those who post. BC Staff members generally work, have families, etc...just as you probably do.

There's a standard blurb that I sometimes use when a log is posted in the Log forum after the OP started a post in a different forum:

"Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond."

Sooo...I will close this topic and ask that you consider all that I have posted...and be patient :).

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users