[Akarhys]

My PC crashes randomly while I play online games. Ever time it is a major crash as the ever popular Blue Screen of Death appears with the error message: STOP 0x000000D1 IRQL_NOT_LESS_OR_EQUAL, the .sys file that is cause is a file called gHidpnp.sys.

Below is the Vista Problem report for the event:

Product
Windows

Problem
Shut down unexpectedly

Date
23/02/2008 12:01

Status
Not Reported

Problem signature
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 2057

Files that help describe the problem (some files may no longer be available)
Mini022308-01.dmp
sysdata.xml
Version.txt

Extra information about the problem
BCCode: d1
BCP1: FFFFF98015AD4CD0
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF980036427FE
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1


Verison text:

Windows NT Version 6.0 Build: 6000
Product (0x3): Windows Vista (TM) Home Premium
Edition: HomePremium
BuildString: 6000.16584.amd64fre.vista_gdr.071023-1545
Flavor: Multiprocessor Free
Architecture: X64
LCID: 1033

After some investigation with event viewer if found this file in C:\Windows\System32\drivers. Having looked on Prevx.com (http://www.prevx.com/filenames/X5154...PNP%2ESYS.html) I've found the following info about it and its is according to them malware file.

The filename GHIDPNP.SYS was first seen on Nov 13 2007 in NETHERLANDS. It has also been seen in the following geographical regions of the Prevx community:

• GERMANY on Nov 28 2007
• The EUROPEAN UNION on Nov 13 2007

The filename GHIDPNP.SYS refers to many versions of an object. They share a common file size of 16,384 bytes. These files have no vendor, product or version information specified in the file header.

GHIDPNP.SYS has been seen to perform the following behavior(s):GHIDPNP.SYS has been the subject of the following behavior(s):

• Created as a new Background Service on the machine

GHIDPNP.SYS can also use the following file names:

• 83585039.SVD
• 76469032.SVD
• 14717296.SYS

I've run thought all the pre-post steps and haven't found anything but here are the logs.

Anit-virus scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/24/2008 at 12:14 PM

Application Version : 3.9.1008

Core Rules Database Version : 3408
Trace Rules Database Version: 1400

Scan type : Complete Scan
Total Scan Time : 01:29:58

Memory items scanned : 365
Memory threats detected : 0
Registry items scanned : 6568
Registry threats detected : 0
File items scanned : 105877
File threats detected : 0

Onlie scanner:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2898 (20080223)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=647d25ee6f7396488584033c46f2b72e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-02-24 02:35:46
# local_time=2008-02-24 02:35:46 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=6.0.6000 NT
# scanned=516678
# found=0
# scan_time=2580

HiJack/Sniper Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:45, on 24/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10326 bytes

I'm now at a lost as what to do because the STOP crash keeps happening. I hope if posted all the right info and if need will post more because this problem is driving me nuts.

[evilfantasy]

Hijackthis is not compatible with 64bit systems so I can't make a good determination on the log. But from what I can see this isn't a malware problem. It's a hardware problem so I will move this to the hardware forum.

http://support.microsoft.com/kb/810980

[philthomas]

This error often occurs as a result of a bad or faulty driver.

Have you installed or upgraded any drivers prior to this happening ? ...... if so try rolling back or uninstalling it/them and see if you lose the problem.

[Akarhys]

i've updated my gfx card drivers, wireless mouse, keyboard and network adapter and will see if this sorts the problem. As it randomly happens i'll let you know what goes on.

[blacky]

I have the same problem, but it is happening when processor activity reachs maximum (ususlly screen should just freeze in a few moments) and when is my usb mouse pluged - genius ergo 525v. I have licensed Vista... When I uninstalled the mouse, blue screen stopped appearing. But, additional buttons stoped working as well...that don´t please to me.

[winifred42]

Hi
I have had this problem before and it turned out to be the RAM so try changing or cleaning the RAM and see if you still get this problem.

[matthewforu]

Even i was facing the same probelm few days back.

[kanoakavirus]

http://support.microsoft.com/kb/810980

[blacky]

Originally Posted by kanoakavirus http://support.microsoft.com/kb/810980

but I use Genius mouse ?!

[Rexdey]

HI, I'm new around here, but I've got the exact same problem, and what's more suspicious, I also use the ergo 520 genius mouse...

[blacky]

I have recently installed chipset I (linked down), and problem reduced...but it still happens sometimes (in a few days)...

IT IS FOR VISTA ONLY
<link removed> chipset/chipset_v8.6.0.1008_2008.zip

[blacky]

I have recently installed chipset (down link), and problemm reduced (happens in few days)...

<link removed>

[evilfantasy]

Links are both 404.

Just post the link to the download page and not the file as we won't allow unknown files to be posted as live links.