A friend asked me to repear its little windows server NEC 5800express GT110b 2008R2 64b with xeon intel x3040. NEC guys changed the MoBo and the proc but the issue remains. In the beginning there was BSOD stop 0xd1 driver_irql_not_less_or_equal saying about storport.sys. Now, no more dumps are generated. The first dump files looked with BlueScreenViewer also show storport.sys and also ntoskrnl.exe
The box boots from a SSD SATA 60GB RAID1 on MoBo and has also a 300GB SAS RAID1 for data on a LSI HBA PCI-e 4x.
After removing/replacing all possible hardware (but the SSD boot RAID, no such expensive part in my tool box) I suspect some malware there in because sfc reports no violation. Because I digged a search in the computer for ntoskrnl.exe, I found ?strange? file size timestamped (*) from the day the issue began so I searched google with "winsxs replaced ntoskrnl.exe x86 with amd64", ... and I found your forum
5430kb c:\windows\system32\ntoskrnl.exe (same size as AMD above, I found this ...bizarre)
Signatures and certificates seems OK
and I found several elder ntoskrnl.exe in various winsxs subfolders.
OK, now I downloaded OTL and I have questions with it: does the computer need to be linked to the Internet to do an update of OTL? (I'd rather not like to plug an infected machine in my home network). I DL'd it with my PC and burnt a CDRW to move it to the server.
Then I ran the tool. It was running when I found the settings where not the same as on your nice Cleaning Guide topic, so I wanted to close it to relaunch, I could not so I tree-killed it with task manager, then set the same options as on the guide (just added All Users) and relaunch, but no log opened in the end in notepad. Instead I found an Extras.txt on the desktop (in the lap-lunch-time, the said PC hanged as usual). A bit puzzled with the help of the erratic machine I clicked the "Purge tool" button which opened an OTL.txt file I close (not saved, it didn't ask) then postponed the reboot... later the machine reboot.
At the moment I still need to test the SSD hardware with a NEC a cool guy (can't do a fresh install in another disk because of some unclear OEM BIOS reason since we replaced the MoBo I can't neither update the already up to date bios with its OEM release), so I'd like to get your help to dig my guess about a malware.
Sorry for this long preamble, although I think it is well in the direction of the Guide, isn't it? So, before I post OTL log, here are my questions:
need Internet link to update?
need exact same settings before I run quick scan as the ones shown in the guide?
howto remove personnal data out of the log (my friend's business name and machine name and so on)?
And now, cool for the night, a new BSOD stop 0xf4 0x3 0xfffffa8007bc9a10 The machine won't log no more minidumps as blue screens now alway end with "Initializing disk for crash dump..."