NPDRIVER.SYS causes intermittent Blue Screen shutdown

Posted on 2006-04-06
Last Modified: 2008-01-09
Windows XP Pro SP2 fully updated
Norton Internet Security 2006 fully updated

About 1 in every 4-5 times that I boot, immediately after logon, when user software is loading, I get a blue screen that says that my computer has been shut down to prevent etc.... and the listed driver is npdriver.sys.  This is the Norton Protection Center driver.  The Web has several postings about this and other errors associated with NPDRIVER.SYS.  Several postings say that the driver is sometimes infected, especially in /SYSTEM32 locations.  Symantec's Online Chat suggestion is to uninstall and then reinstall Norton Internet Security 2006, because the file may be corrupted.  I can do this, but I'm not certain it would solve the problem.  Plus I've spent a substantial amont of time fixing "corrupted" Symantec files this way.  And I'm not certain that I would not be letting a virus or trojan remain active on my machine.  I've done a NIS full system scan, a Symantec online scan, a Windows Live OneCare scan, a Security Task Manager scan, and a BlackLight beta rootkit scanner.  Nothing turns up.  Just uninstall and reinstall, or is there a better solution?
Question by:TollandRCR
    LVL 32

    Accepted Solution

    I don't see any harm in an uninstall and then a reinstall. To be sure, you should first do an uninstall, then make sure that the file npdriver.sys has actually been removed from the C: drive, then reinstall.

    If this fixes the problem, well and good.

    You are correct that Norton will not catch every malware on your system. In addition to what you've already tried, I would suggest that you install Windows Defender from

    Also, scan your machine with RootkitRevealer:
    and just to be sure, run HiJackThis from:
    You can post the log back to that same web site and click "Analyze" at the bottom to get the results analyzed.

    Also, from a command prompt, type:

     > netstat -ab

    to see what ports are open and by which programs.

    If you pass all these tests you can be reasonably sure you don't have malware but post back if anything seems suspicious..

    Author Comment

    My system checked clean after running each of the tools that r-k suggested.  So I uninstalled BOTH Norton Internet Security 2006 and Norton SystemWorks 2006 (having learned in the past that both must usually be reinstalled), ran Symantec's removal tool (to purge the system of anything remaining after a normal uninstall), ran Microsoft's Windows Install Cleanup tool, and reinstalled the software.  No blue screens (yet).  The Chat desk at Symantec was probably right: the NPDRIVER.SYS file had been corrupted but not infected.  This is about the fourth time that a Symantec file has become "corrupted" on this machine, requiring a complete uninstall and reinstall.  If I ever figure out how these files are being corrupted, I'll post a comment.  Any ideas on this would be welcome.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (, the Zone Advisor for the Virus and …
    I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now