[Tommie]

Dear geek(s),

I was downloading some files with utorrent when my computer started crashing over and over again. I have added an OTL, a hijack this log and an BlueScreenView of the problem.

I have the latest updates installed for my Windows and nVidia videocard drivers.

Please help me out on this one!

Kind regards,

Thomas

Attached Files

•  bluescreenview.txt   1.76KB   134 downloads
•  hijackthis.log   12.57KB   128 downloads
•  OTL.Txt   87.01KB   110 downloads

Edited by Tommie, 22 August 2011 - 04:19 PM.

[Advertisements]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

• Please download WhoCrashed 3.02 from here to your Desktop.
• Install it and run it.
• Click on Analyze button.
• Select all (CTRL+A) and then copy (CTRL+C).
• Paste (CTRL+V) contents of clipboard in your next reply.

[Render]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

• Please download WhoCrashed 3.02 from here to your Desktop.
• Install it and run it.
• Click on Analyze button.
• Select all (CTRL+A) and then copy (CTRL+C).
• Paste (CTRL+V) contents of clipboard in your next reply.

[Tommie]

Hi,

Thanks for your reply, here is my log:

--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: THOMASHP
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel® Core™ i5 CPU M 430 @ 2.27GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 4218281984 total
VM: 2147352576, free: 1920487424



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Tue 23-8-2011 16:33:46 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082311-19890-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002199B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Tue 23-8-2011 16:33:46 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: mfenlfk.sys (mfenlfk+0x113E)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002199B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfenlfk.sys .
Google query: mfenlfk.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL




On Mon 22-8-2011 21:49:29 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-31481-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002011B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22-8-2011 21:32:51 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-19562-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002156B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22-8-2011 19:47:30 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-20982-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002011B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22-8-2011 17:32:28 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-19297-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002398B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22-8-2011 16:37:49 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-38641-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002128B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22-8-2011 16:22:07 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-21590-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002011B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Mon 22-8-2011 6:14:24 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-18189-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002211B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sun 21-8-2011 22:28:23 GMT your computer crashed
crash dump file: C:\Windows\Minidump\082211-27346-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC40)
Bugcheck code: 0xD1 (0x28, 0x2, 0x0, 0xFFFFF88002359B2D)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

10 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

mfenlfk.sys

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

[Render]

Hi,

It looks like McAfee is involved in the issue and the only way to test is to totally remove it. Merely disabling it is not sufficient as it will still load pieces of itself into memory. Uninstall it and then run the McAfee Removal Tool to be sure remnants are not left behind.

Temporary install one of these free antivirus programmes:

• Microsoft Security Essential
• Avira AntiVir
• avast! Home Edition

NOTE: Make sure you only use one, though!

Then use your computer as normal and let me know if BSOD's reappears.

[Tommie]

Hi,

I think it works because I don't had any blue screens so far.

Thank you very much.

Cheers,

Thomas

[Render]

Hi,

Good. Anyway I would like to see current condition of your machine. Please do the following:


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Tommie]

Hi,

Here's my logs.

Thomas

Attached Files

•  OTL.Txt   147.64KB   103 downloads
•  Extras.Txt   68.75KB   108 downloads

[Render]

Hi,

Please do the following now:

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)


Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post

[Tommie]

Here is are my detected threats and system info, indeed it took a while.

Thomas

Attached Files

•  Detected threats.txt   579bytes   114 downloads
•  avptool_sysinfo.zip   10.36KB   125 downloads

[Render]

Hi,

29-8-2011 20:05:34 Disinfected Trojan program Exploit.Linux.Lotoor.o G:\USB\HTC\Applications\Recovery Flasher (1.1.3).apk High
29-8-2011 20:05:34 Disinfected Trojan program Exploit.Linux.Lotoor.o G:\USB\HTC\Applications\Recovery Flasher (1.1.3).apk/assets/raw/asroot2 High
29-8-2011 20:05:34 Disinfected Trojan program Exploit.Linux.Lotoor.d G:\USB\HTC\Applications\UniversalAndroot-1.6.apk High
29-8-2011 20:05:34 Disinfected Trojan program Exploit.Linux.Lotoor.d G:\USB\HTC\Applications\UniversalAndroot-1.6.apk/res/raw/exploid High

These are some android applications so to be sure your smart phone is clean check it with some AV if you are using them there.

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

• Please reopen on your desktop.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  :Commands
  [ClearAllRestorePoints]
  

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.

NEXT...

OTL Clean-Up:

• Reopen on your desktop.
• Click on
• You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

• Windows 7

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

• Mozilla Firefox
• Opera
• Chrome

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
• Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

• Simple and easy ways to keep your computer safe.
• Hardening Windows Security - Part 1 & Part 2.
• Your Guide To Staying Safe Online.
• Use Task Manager to close pop-up messages to safely exit malware attacks.
• How to Secure Your Web Browser.

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.

[Tommie]

Thanks a lot! I think I am good now. The topic can be closed.

Cheers,

Thomas

[Render]

Okie Dokie.

[Render]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.