[kpope78]

This is a very strange problem that I've been struggling with for a few days now. I have been suffering from all kinds of BSOD's, however, I have rooted quite a few of them out. The main problem that I am still having, is that my system will BSOD and point to ntoskrnl.exe with several different bugcheck codes, but usually the same error: IRQL_NOT_LESS_OR_EQUAL, or DRIVER_IRQL_NOT_LESS_OR_EQUAL.

I've run memory tests, anti-spy/malware, check voltages, checked for shorts, checked drivers, checked BIOS, checked PSU, ran chkdsk /f, cleaned the registry, and more.

I noticed that the event viewer was acting strange. It wasn't always capturing errors, which was making it very hard to try to pin down where this is coming from. Then I noticed that logging was being turned off for an hour at a time because crypt32 was reaching its limit of 50. The error that is causing this is CAPI2. Failed extract of third-party root list from auto update cab at:

<http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

I downloaded the certificate and installed it into trusted, yet I'm still getting the problem. I also get random system hangs, but no associated errors.

Most everything you need to know about the system can be found in the attachments I've provided. Any and all help is appreciated.

Attached Files

•  DxDiag.txt   56.05KB   84 downloads
•  Memory Dumps.txt   1.19KB   99 downloads
•  hijackthis.log   12.83KB   127 downloads
•  CPUID.txt   75KB   100 downloads

[Advertisements]

Ok, well I feel pretty stupid now. Something just didn't seem right, so I zenmapped the URL and I think that this cert is from a spoofed site.

It resolved to two separate IPs and the rDNS was cds72.ord9.msecn.net

PORT STATE SERVICE VERSION
22/tcp open tcpwrapped
53/tcp open domain
80/tcp open http EdgePrism 4.0.11.1 (Limelight Networks Content Delivery Network)
|_html-title: Site doesn't have a title (text/html).
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
161/tcp filtered snmp
199/tcp open smux Linux SNMP multiplexer
443/tcp open ssl/http EdgePrism 4.0.11.1 (Limelight Networks Content Delivery Network)
|_sslv2: server still supports SSLv2
|_html-title: Site doesn't have a title (text/html).
445/tcp filtered microsoft-ds
514/tcp filtered shell
593/tcp filtered http-rpc-epmap
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
2001/tcp open dc?



I'm not the world's greatest at CA. I pulled up my Certificates snap-in in my MMC and looked at Third-Party Root CA, but didn't see anything that stands out. I'm not certain how to fix this.

[kpope78]

Ok, well I feel pretty stupid now. Something just didn't seem right, so I zenmapped the URL and I think that this cert is from a spoofed site.

It resolved to two separate IPs and the rDNS was cds72.ord9.msecn.net

PORT STATE SERVICE VERSION
22/tcp open tcpwrapped
53/tcp open domain
80/tcp open http EdgePrism 4.0.11.1 (Limelight Networks Content Delivery Network)
|_html-title: Site doesn't have a title (text/html).
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
161/tcp filtered snmp
199/tcp open smux Linux SNMP multiplexer
443/tcp open ssl/http EdgePrism 4.0.11.1 (Limelight Networks Content Delivery Network)
|_sslv2: server still supports SSLv2
|_html-title: Site doesn't have a title (text/html).
445/tcp filtered microsoft-ds
514/tcp filtered shell
593/tcp filtered http-rpc-epmap
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
2001/tcp open dc?



I'm not the world's greatest at CA. I pulled up my Certificates snap-in in my MMC and looked at Third-Party Root CA, but didn't see anything that stands out. I'm not certain how to fix this.