Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista wont boot


  • This topic is locked This topic is locked
12 replies to this topic

#1 Texastee

Texastee

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 09 May 2011 - 09:49 PM

Hey yall,
I am new on here, so let me first say hello to everyone:)
I am running Vista basic on my Compaq laptop. The other day my cpu crashed and when I went to restart it, it would not load windows. I went through the start up repair and it was unable to "repair this computer automatically". I tried to start it in safe mode and it didnt do any better. When ever I try to start it w/out going to the repair, it flashes the evil blue screen then instantly shuts down. I purchased the laptop brand new and it did not come w any disks...I was wondering if there is a restore or reboot program that I can download somewhere? Is there any other approach that I should take? Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 10 May 2011 - 04:04 AM

Hi Texastee,

Do you remember anything in particular that preceded this problem?

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Texastee

Texastee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 10 May 2011 - 09:29 PM

Thanks for the quick response! Now I am able to read the blue screen, and it looks just like the one you pasted, almost.
Ok, first is PAGE_FAULT_IN_NONPAGED_AREA like you showed me. The only difference is the Technical information:

***STOP: 0x00000050 (0xB50EBC93, 0x00000000, 0x81A4E885, 0x00000002)
*** volsnap.sys - Address 81A4E885 base at 81A1F000, Datestamp 47214b21

#4 Texastee

Texastee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 10 May 2011 - 09:36 PM

Oh, and directly above PAGE_FAULT_IN_NONPAGED_AREA it reads:
A problem has been detected and windows has been shut down to prevent damage to your computer.
volsnap.sys

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 11 May 2011 - 01:54 AM

Thank you, that is helpful information. :)
Since this is most likely a rootkit infection, I'll move this topic to a more appropriate forum.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Texastee

Texastee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 13 May 2011 - 06:25 PM

Alright it seemed to work just as you said, here is what I got:

Tue May 30 01:21:51 UTC 2006
Driver report for /mnt/sda1/Windows/System32/drivers
ab3e98894bec5b655e1eaf6ae593b063 volsnap.sys has NO Company Name!

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

84fc6df81212d16be5c4f441682feccc acpi.sys
Microsoft Corporation

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

5d24caf8efd924a875698ff28384db8b afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

0ca0071da4315b00fc1328ca86b425da amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

e86cf7ce67d5de898f27ef884dc357d8 asyncmac.sys
Microsoft Corporation

b35cfcef838382ab6490b321c87edf17 atapi.sys
Microsoft Corporation

a928bbca9235ac328953b34ca0c1f5a0 ataport.sys
Microsoft Corporation

c8739c95cf801c8bc35735e012230770 battc.sys
Microsoft Corporation

746f59822a5187510471fc46889b8cc9 BCMWL6.SYS
Broadcom Corporation

7e1a145a316da06d339df644dee86c4c bdasup.sys
Microsoft Corporation

ac3dd1708b22761ebd7cbe14dcc3b5d7 beep.sys
Microsoft Corporation

913cd06fbe9105ce6077e90fd4418561 bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

2ac8f5b88771c31c4211a11be6bffe14 bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

6598d078d5446197aed6b46c6a2a3431 BVRPMPR5.SYS
bHoVS_VERSION_INFO?baStringFileInfobCommentsFCompanyNameAvanquestSoftwarel"FileDescriptionBVRPNDIS.MPRProtocolDrivervFileVersion...:rInternalNameBVRPMPR.SYSv)LegalCopyrightCopyright-AvanquestSoftware(LegalTrademarksBrOriginalFilenameBVRPMPR.SYSPrivateBuildProductNameBVRPNDISRawetherforWindows:vProductVersion...SpecialBuildDVarFileInfo$Translationt<@HL

6c3a437fc873c6f6a4fc620b6888cb86 cdfs.sys
Microsoft Corporation

bf79e659c506674c0497cc9c61f1a165 cdr4_xp.sys
Sonic Solutions

2c41cd49d82d5fd85c72d57b6ca25471 cdralw2k.sys
Sonic Solutions

8d1866e61af096ae8b582454f5e4d303 cdrom.sys
Microsoft Corporation

07eee11d6e2b78122e17db3878b4c687 CHDART.sys
Conexant

da8e0afc7baa226c538ef53ac2f90897 circlass.sys
Microsoft Corporation

d1d2b10698d97df0fc95bc8c108f09c1 Classpnp.sys
Microsoft Corporation

ed97ad3df1b9005989eaf149bf06c821 CmBatt.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

722936afb75a7f509662b69b5632f48a compbatt.sys
Microsoft Corporation

de15777902a5d9121857d155873a1d1b CPQBttn.sys
Hewlett-Packard

3596cb9ea8a12e6e858107912973ebfb crashdmp.sys
Microsoft Corporation

2a213ae086bbec5e937553c7d9a2b22c crcdisk.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

a7179de59ae269ab70345527894ccd7c dfsc.sys
Microsoft Corporation

f2e3834562c0b1b577ab4b5c405e6c5b Diskdump.sys
Microsoft Corporation

841af4c4d41d3e3b2f244e976b0f7963 disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

ee472cd2c01f6f8e8aa1fa06ffef61b6 drmkaud.sys
Microsoft Corporation

1660613337e5ebe07b4dd78c1a55c5c0 drmk.sys
Microsoft Corporation

5d975cd05fc673794501e3ce37aea6e0 Dumpata.sys
Microsoft Corporation

a253aa14ca560a4b8ba6e9d1f78ef10e dxapi.sys
Microsoft Corporation

334988883de69adb27e2cf9f9715bbdb dxgkrnl.sys
Microsoft Corporation

61d4d58d09357f0598a04d1192a4b76c dxg.sys
Microsoft Corporation

c0b00e55cf82d122d25983c7a6a53dea e100b325.sys
Intel Corporation

f88fb26547fd2ce6d0a5af2985892c48 E1G60I32.sys
Intel Corporation

e88b0cfcecf745211bba87f44f85d0dd eabfiltr.sys
Hewlett-Packard

0efc7531b936ee57fdb4e837664c509f ecache.sys
Microsoft Corporation

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

84a317cb0b3954d3768cdcd018dbf670 fastfat.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

65773d6115c037ffd7ef8280ae85eb9d fileinfo.sys
Microsoft Corporation

c226dd0de060745f3e042f58dcf78402 filetrace.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

a6a8da7ae4d53394ab22ac3ab6d3f5d3 fltMgr.sys
Microsoft Corporation

66a078591208baa210c7634b11eb392c fs_rec.sys
Microsoft Corporation

e216cf8c8605e546981098484b78d08b FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

8182ff89c65e4d38b2de4bb0fb18564e GEARAspiWDM.sys
GEAR Software

0db613a7e427b5663563677796fd5258 hdaudbus.sys
Microsoft Corporation

cb04c744be0a61b1d648faed182c3b59 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

081655939fa6c09eec56da090f461ecc hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

451a4d76448cee21407fb0a9a362c057 hidparse.sys
Microsoft Corporation

3c64042b95e583b366ba4e5d2450235e hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

6d2350bb6e77e800fc4be4e5b7a2e89a HSX_CNXT.sys
Conexant

53229dcf431d76434816cd29251168a0 HSX_DPV.sys
Conexant

31f949d452201f2f0af0c88d7db512cd HSXHWAZL.sys
Conexant

3c3cba3ce1a66439a960d4531a167c39 http.sys
Microsoft Corporation

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

1c9ee072baa3abb460b91d7ee9152660 i8042prt.sys
Microsoft Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

496db78e6a0c4c44023d9a92b4a7ac31 igdkmd32.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

97469037714070e45194ed318d636401 intelide.sys
Microsoft Corporation

ce44cc04262f28216dd4341e9e36a16f intelppm.sys
Microsoft Corporation

880c6f86cc3f551b8fea2c11141268c0 ipfltdrv.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

10077c35845101548037df04fd1a420b ipnat.sys
Microsoft Corporation

f11a90fb3f44f37ad10a4893bb690065 irda.sys
Microsoft Corporation

a82f328f4792304184642d6d397bb1e3 irenum.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

b076b2ab806b3f696dab21375389101c kbdclass.sys
Microsoft Corporation

ed61dbc6603f612b7338283edbacbc4b kbdhid.sys
Microsoft Corporation

0a829977b078dea11641fc2af87ceade ksecdd.sys
Microsoft Corporation

48314cdd79ce94b8f36bd6243323a310 ks.sys
Microsoft Corporation

fd015b4f95daa2b712f0e372a116fbad lltdio.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

42885bb44b6e065b8575a8dd6c430c52 luafv.sys
Microsoft Corporation

5f001fcf8166464b850eca3a6a4187d7 mbamswissarmy.sys
Malwarebytes Corporation

0447888a6feb655068bd1696d1c16a5b mcd.sys
Microsoft Corporation

0cea2d0d3fa284b85ed5b68365114f76 mdmxsdk.sys
Conexant

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

21755967298a46fb6adfec9db6012211 modem.sys
Microsoft Corporation

7446e104a5fe5987ca9e4983fbac4f97 monitor.sys
Microsoft Corporation

5fba13c1a1841b0885d316ed3589489d mouclass.sys
Microsoft Corporation

a3a6dff7e9e757db3df51a833bc28885 mouhid.sys
Microsoft Corporation

01f1e5a3e4877c931cbb31613fec16a6 mountmgr.sys
Microsoft Corporation

583a41f26278d9e0ea548163d6139397 mpio.sys
Microsoft Corporation

6e7a7f0c1193ee5648443fe2d4b789ec mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

1d8828b98ee309d65e006f0829e280e5 mrxdav.sys
Microsoft Corporation

47e13ab23371be3279eef22bbfa2c1be mrxsmb10.sys
Microsoft Corporation

90b3fc7bd6b3d7ee7635debba2187f66 mrxsmb20.sys
Microsoft Corporation

8af705ce1bb907932157fab821170f27 mrxsmb.sys
Microsoft Corporation

742aed7939e734c36b7e8d6228ce26b7 msahci.sys
Microsoft Corporation

3fc82a2ae4cc149165a94699183d3028 msdsm.sys
Microsoft Corporation

729eafefd4e7417165f353a18dbe947d msfs.sys
Microsoft Corporation

2c3f1983cd3629573cb9e9658247847a msisadrv.sys
Microsoft Corporation

4dca456d4d5723f8fa9c6760d240b0df msiscsi.sys
Microsoft Corporation

892cedefa7e0ffe7be8da651b651d047 mskssrv.sys
Microsoft Corporation

ae2cb1da69b2676b4cee2a501af5871c mspclock.sys
Microsoft Corporation

f910da84fa90c44a3addb7cd874463fd mspqm.sys
Microsoft Corporation

84571c0ae07647ba38d493f5f0015df7 msrpc.sys
Microsoft Corporation

1f6f7159c75e4b27d138b5225808860f mssmbios.sys
Microsoft Corporation

c826dd1373f38afd9ca46ec3c436a14e mstee.sys
Microsoft Corporation

fa7aa70050cf5e2d15de00941e5665e5 mup.sys
Microsoft Corporation

227c11e1e7cf6ef8afb2a238d209760c ndis.sys
Microsoft Corporation

81659cdcbd0f9a9e07e6878ad8c78d3f ndistapi.sys
Microsoft Corporation

5de5ee546bf40838ebe0e01cb629df64 ndisuio.sys
Microsoft Corporation

397402adcbb8946223a1950101f6cd94 ndiswan.sys
Microsoft Corporation

1b24fa907af283199a81b3bb37e5e526 ndproxy.sys
Microsoft Corporation

356dbb9f98e8dc1028dd3092fceeb877 netbios.sys
Microsoft Corporation

e3a168912e7eefc3bd3b814720d68b41 netbt.sys
Microsoft Corporation

325d94481d81b7e909681de1f6a10cd7 netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

4f9832beb9fafd8ceb0e541f1323b26e npfs.sys
Microsoft Corporation

b488dfec274de1fc9d653870ef2587be nsiproxy.sys
Microsoft Corporation

37430aa7a66d7a63407adc2c0d05e9f6 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

ec5efb3c60f1b624648344a328bce596 null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

446864078dbe3059587954cb2d858a9b nvlddmkm.sys
NVIDIA Corporation

1657f3fbd9061526c14ff37e79306f98 nvm60x32.sys
NVIDIA Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

9aebc32f9d6e02ebee0369ab296fe7c8 nvsmu.sys
NVIDIA Corporation

4c93d50bca15b3bfcab07306b258b248 nvstor32.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

6da4a0fc7c0e83df0cb3cfd0a514c3bc nwifi.sys
Microsoft Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

4431f2fa27f56f4bc654b0af5810cc91 P0620Vid.sys
Creative Technology

2c8bae55247c4e09352e870292e4d1ab pacer.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

555a5b2c8022983bc7467bc925b222ee partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

caba65e9c41cd2900d4c92d4f825c5f8 pciide.sys
Microsoft Corporation

406d01679063768e1a033b6afe2551b3 pciidex.sys
Microsoft Corporation

5bedd5e1416da009c4f24adf8da13773 pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

9a23e21eca1246950e440e158de50750 portcls.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

d86b4a68565e444d76457f14172c875a pxhelp20.sys
Sonic Solutions

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

d2b3e2b7426dc23e185fbc73c8936c12 qwavedrv.sys
Microsoft Corporation

bd7b30f55b3649506dd8b3d38f571d2a rasacd.sys
Microsoft Corporation

68b0019fee429ec49d29017af937e482 rasl2tp.sys
Microsoft Corporation

ccf4e9c6cbbac81437f88cb2ae0b6c96 raspppoe.sys
Microsoft Corporation

c04dec5ace67c5247b150c4223970bb7 raspptp.sys
Microsoft Corporation

54129c5d9581bbec8bd1ebd3ba813f47 rdbss.sys
Microsoft Corporation

794585276b5d7fca9f3fc15543f9f0b9 RDPCDD.sys
Microsoft Corporation

e8bd98d46f2ed77132ba927fccb47d8b rdpdr.sys
Microsoft Corporation

980b56e2e273e19d3a9d72d5c420f008 RDPENCDD.sys
Microsoft Corporation

8830e790a74a96605faba74f9665bb3c rdpwd.sys
Microsoft Corporation

8804bcb4383859f66ffd51f049a1d744 rmcast.sys
Microsoft Corporation

09de72fcfc9c7ff59d6da1d5ae70a48f RNDISMP.sys
Microsoft Corporation

d49d61312b273de069584d48c81c8b1d rootmdm.sys
Microsoft Corporation

97e939d2128fec5d5a3e6e79b290a2f4 rspndr.sys
Microsoft Corporation

bf4709c002d632170dc15a282813d6b3 rt73.sys
Ralink Technology

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

f5dbd29fbdb39bf49af7bb81a4d9561d scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

450accd77ec5cea720c1cdb9e26b953b sermouse.sys
Microsoft Corporation

103b79418da647736ee95645f305f68a sffdisk.sys
Microsoft Corporation

8fd08a310645fe872eeec6e08c6bf3ee sffp_mmc.sys
Microsoft Corporation

9cfa05fcfcb7124e69cfc812b72f9614 sffp_sd.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

ac0d90738adb51a6fd12ff00874a2162 smb.sys
Microsoft Corporation

4e7bb783f21efba4b563f1b8f79e5c98 smclib.sys
Microsoft Corporation

426f9b029aa9162ceccf65369457d046 spldr.sys
Microsoft Corporation

297ed36343de583013757975af58da84 spsys.sys
Microsoft Corporation

6971a757af8cb5e2cbcbb76cc530db6c srv2.sys
Microsoft Corporation

9e1a4603b874eebce0298113951abefb srvnet.sys
Microsoft Corporation

038579c35f7cad4a4bbf735dbf83277d srv.sys
Microsoft Corporation

ed386e31d263448b2ed36d4839f2ca04 Storport.sys
Microsoft Corporation

c13b3688451d86e8557ba9486ddbb2d1 stream.sys
Microsoft Corporation

92894dd7fdd62af808b1409b73af9c73 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

8327106d1c93e9a7b98e63b9fcc24bb7 SynTP.sys
Synaptics

c92e9f3e4154415ceebeb80250e32d19 tape.sys
Microsoft Corporation

5ce0c4a7b12d0067dad527d72b68c726 tcpipreg.sys
Microsoft Corporation

4a82fa8f0df67aa354580c3faaf8bde3 tcpip.sys
Microsoft Corporation

bbe07d2766fb165bdf1f49107dabce85 tdi.sys
Microsoft Corporation

964248aef49c31fa6a93201a73ffaf50 tdpipe.sys
Microsoft Corporation

7d2c1ae1648a60fce4aa0f7982e419d3 tdtcp.sys
Microsoft Corporation

ab4fde8af4a0270a46a001c08cbce1c2 tdx.sys
Microsoft Corporation

85908da29af0ab835048107ad2ad07d1 termdd.sys
Microsoft Corporation

29f0eca726f0d51f7e048bdb0b372f29 tssecsrv.sys
Microsoft Corporation

65e953bc0084d44498b51f59784d2a82 TUNMP.SYS
Microsoft Corporation

4a39bda5e0fd30bdf4884f9d33ae6105 tunnel.sys
Microsoft Corporation

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

6348da98707ceda8a0dfb05820e17732 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

3fb78f1d1dd86d87bececd9dffa24dd9 umbus.sys
Microsoft Corporation

08ea9c0247f391af4d4a16885a1c159d umpass.sys
Microsoft Corporation

b930b3e1f15824cee12b5838ed8ee40b usb8023.sys
Microsoft Corporation

1df89c499bf45d878b87ebd4421d462d usbaapl.sys
Apple

d2f0639163b12f791f81b52dc1155863 USBCAMD2.sys
Microsoft Corporation

391e74f5c8c5b3c41c360b71798e2801 USBCAMD.sys
Microsoft Corporation

b0ba9caffe9b0555ec0317f30cb79cd2 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

4c54f915bf3542be3decdb1a933c4c45 usbd.sys
Microsoft Corporation

c9fcd05b0a80ea08c2768e5a279b14de usbehci.sys
Microsoft Corporation

5e44f7d957f7560da06bfe6b84b58a35 usbhub.sys
Microsoft Corporation

9333e482a173938788cbde8f81ec52fb usbohci.sys
Microsoft Corporation

97706e9e0eb6e454db1b1ff5c3a4f00d usbport.sys
Microsoft Corporation

b51e52acf758be00ef3a58ea452fe360 usbprint.sys
Microsoft Corporation

7887ce56934e7f104e98c975f47353c5 USBSTOR.SYS
Microsoft Corporation

325dbbacb8a36af9988ccf40eac228cc usbuhci.sys
Microsoft Corporation

7d92be0028ecdedec74617009084b5ef vgapnp.sys
Microsoft Corporation

17a8f877314e4067f8c8172cc6d9101c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

d1fa901e4878b7011fe8a8c2890e90c7 videoprt.sys
Microsoft Corporation

d9e9490c960624c416fbde080deeb7fe volmgr.sys
Microsoft Corporation

294da8d3f965f6a8db934a83c7b461ff volmgrx.sys
Microsoft Corporation

ab3e98894bec5b655e1eaf6ae593b063 volsnap.sys

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

46d67209550973257601a533e2ac5785 VSTAZL3.SYS
Conexant

5c7bdcf5864db00323fe2d90fa26a8a2 VSTCNXT3.SYS
Conexant

ec36f1d542ed4252390d446bf6d4dfd0 VSTDPV3.SYS
Conexant

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

6798c1209a53b5a0ded8d437c45145ff wanarp.sys
Microsoft Corporation

3a1f38a6fb749fc7a57a2826f6f8fb01 watchdog.sys
Microsoft Corporation

7b5f66e4a2219c7d9daf9e738480e534 Wdf01000.sys
Microsoft Corporation

7bfdaa4b0b327d13c0ff60d00cf4f113 WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

17eac0d023a65fa9b02114cc2baacad5 wmiacpi.sys
Microsoft Corporation

20b05e362bb678cf51d610673c9a12e7 wmilib.sys
Microsoft Corporation

2d27171b16a577ef14c1273668753485 WpdUsb.sys
Microsoft Corporation

84620aecdcfd2a7a14e6263927d8c0ed ws2ifsl.sys
Microsoft Corporation

3d80328aa84d9fe130d869cf83923d74 WUDFPf.sys
Microsoft Corporation

a2aafcc8a204736296d937c7c545b53f WUDFRd.sys
Microsoft Corporation

5a7ff9a18ff6d7e0527fe3abf9204ef8 XAudio.sys
Conexant

Driver report for /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtsp64.sys has NO Company Name! /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspl64.sys has NO Company Name! /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspx64.sys has NO Company Name!

e0af52a80fa12202bd6e91fd3d03005c /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtsp64.sys
Symantec Corporation

f29be5027b6fd3459fc7818d463b3dd8 /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspl64.sys
Symantec Corporation

8d8f19162c6191a8829d0bbde659a20b /mnt/sda1/SwSetup/Inetsec/US/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspx64.sys
Symantec Corporation

Driver report for /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers/srtspl.sys has NO Company Name! /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers/srtsp.sys has NO Company Name! /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers/srtspx.sys has NO Company Name!

c70a2581e35e03c85f29aa1bc723659a /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers/srtspl.sys
Symantec Corporation

ed5e9f3bf11d0bb770f652b22ec26465 /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers/srtsp.sys
Symantec Corporation

05f2db228922e6b8a001ed83ee4d1153 /mnt/sda1/SwSetup/Inetsec/US/Support/SRTSP/SRTSP/System32/Drivers/srtspx.sys
Symantec Corporation

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 14 May 2011 - 06:31 AM

That confirms indeed a patched driver causing the problem.

Please reboot in xPUD, make sure you see driver.sh, click Tool > Open Terminal, type the following and press enter.

bash driver.sh -f

When asked for the filename, type volsnap.sys and press enter.

Post me the resulting filefind.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Texastee

Texastee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 15 May 2011 - 12:51 PM

Search results for volsnap.sys

d8b4a53dd2769f226b3eb374374987c9 /mnt/sda1/Windows/SoftwareDistribution/Download/df81987ce1972154ab659b2f560f1610/x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd/volsnap.sys
222.6K Jan 19 2008

ab3e98894bec5b655e1eaf6ae593b063 /mnt/sda1/Windows/System32/drivers/volsnap.sys
206.1K Jan 9 2008

11ef6c1caef76b685233450a126125d6 /mnt/sda1/Windows/System32/DriverStore/FileRepository/volume.inf_9320b452/volsnap.sys
203.6K Nov 2 2006

80dc0c9bcb579ed9815001a4d37cbfd5 /mnt/sda1/Windows/System32/DriverStore/FileRepository/volume.inf_f47b2c78/volsnap.sys
206.1K Jan 9 2008

80dc0c9bcb579ed9815001a4d37cbfd5 /mnt/sda1/Windows/winsxs/x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447/volsnap.sys
206.1K Jan 9 2008

327639d2ec931b057f3826a51adc73e9 /mnt/sda1/Windows/winsxs/x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5/volsnap.sys
206.1K Jan 9 2008

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 15 May 2011 - 01:10 PM

Using xPUD, navigate to the following file, right click on it and select Copy:
/mnt/sda1/Windows/System32/DriverStore/FileRepository/volume.inf_f47b2c78/volsnap.sys

Next navigate to the following file, right clck on it and select Rename. Rename the file to volsnap.vir
/mnt/sda1/Windows/System32/drivers/volsnap.sys

Finally, right click in an empty space in the drivers folder and select Paste. This will paste volsnap.sys you copied earlier.

Restart your computer normally and let me know what happens.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Texastee

Texastee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 15 May 2011 - 06:35 PM

Ok, I did all that and windows actually started up! However, once I got into windows I got a pop up window from "Windows Recovery" that automatically ran a scan and said I have 11 problems...It wanted me to click "ok" to fix them....I just turned off the computer instead.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 16 May 2011 - 12:44 AM

Does the same thing come up in Safe Mode with Networking?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 22 May 2011 - 03:58 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 07 June 2011 - 02:08 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users