BSOD on xp when running p2p
- Thread starter ellipsis
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Most of your minidumps are crashing at SYMTDI.SYS. Symantec/Norton Network Dispatch Driver.
Download The free AVG antivirus programme, and the free Zonealarm firewall from HERE and HERE
Disconnect from the internet, and uninstall your Symantec/Norton security product from add remove programmes in your control panel. Please note. You may have to uninstall it in several pieces from add remove programmes.
Once it`s completely uninstalled reboot your computer. Install the zonealarm programme, followed by the AVG programme, and reboot your computer.
Reconnect to the internet, and download the latest updates for AVG.
See how your system runs, and please let us know.
Regards Howard :wave: :wave:
Most of your minidumps are crashing at SYMTDI.SYS. Symantec/Norton Network Dispatch Driver.
Download The free AVG antivirus programme, and the free Zonealarm firewall from HERE and HERE
Disconnect from the internet, and uninstall your Symantec/Norton security product from add remove programmes in your control panel. Please note. You may have to uninstall it in several pieces from add remove programmes.
Once it`s completely uninstalled reboot your computer. Install the zonealarm programme, followed by the AVG programme, and reboot your computer.
Reconnect to the internet, and download the latest updates for AVG.
See how your system runs, and please let us know.
Regards Howard :wave: :wave:
howard_hopkinso
Posts: 21,238 +17
You`re not going to believe this.
Your minidump crashes at vsdatant.sys. This is Zonealarm firewall.
Download the free Kerio firewall from HERE
Disconnect from the net, and uninstall Zonealarm. reboot your computer, and install the Kerio firewall.
Make sure that the inbuilt Windows firewall isn`t activated.
Let us know how you get on.
Regards Howard
Your minidump crashes at vsdatant.sys. This is Zonealarm firewall.
Download the free Kerio firewall from HERE
Disconnect from the net, and uninstall Zonealarm. reboot your computer, and install the Kerio firewall.
Make sure that the inbuilt Windows firewall isn`t activated.
Let us know how you get on.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
There`s something very strange going on here. I feel like pulling my hair out. Well I would if I had any lol.
Your minidump crashes at fwdrv.sys. You kerio firewall driver.
It has a bugcheck of D1.
0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL
The system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.
Just in case you`ve got a ram/pagefile/hard drive problem. Go HERE and follow the instructions. the page file instructions can be found in reply #11 of the above link.
Regards Howard
Your minidump crashes at fwdrv.sys. You kerio firewall driver.
It has a bugcheck of D1.
0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL
The system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.
Just in case you`ve got a ram/pagefile/hard drive problem. Go HERE and follow the instructions. the page file instructions can be found in reply #11 of the above link.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Is this only happening when you run p2p software?
Have you tried running a different p2p programme.
Just a thought.
Regards Howard
Have you tried running a different p2p programme.
Just a thought.
Regards Howard
this usually happens with p2p... it's happened every single time except maybe like twice it happened when i wasn't running any p2p. and yeah, i've tried probably every one of the popular p2p programs out there, right now it's happening with shareaza, azureus, and emule (only one at a time ever, of course). just got your last last message, i'm on the defrag part right now... after i set the new pagefile i'll run something overnight and let you know how it's running tomorrow.
thanks a ton for the help so far
thanks a ton for the help so far
alright, all i did was the pagefile thing, and it's been running fine overnight.
i usually get the BSOD overnight, but not all the time... i think my record on time with p2p on is like 3 days, so if everything's fine i'll let you know in a couple days how everything's running.
thanks!
i usually get the BSOD overnight, but not all the time... i think my record on time with p2p on is like 3 days, so if everything's fine i'll let you know in a couple days how everything's running.
thanks!
howard_hopkinso
Posts: 21,238 +17
So this is the first BSOD you`ve had in a while eh?
Has the system run fine since?
A couple of things I`d like you to try.
Take a look at your mobo for bulging, or leaking capacitors. See HERE for further info.
Also, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Then see. How to post your Hijackthis log-file as an ATTACHMENT.
Regards Howard
Has the system run fine since?
A couple of things I`d like you to try.
Take a look at your mobo for bulging, or leaking capacitors. See HERE for further info.
Also, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Then see. How to post your Hijackthis log-file as an ATTACHMENT.
Regards Howard
had another BSOD right after I posted that, the whole error said tcpip.sys at address BAE6F5C8 base at BAE6C000, Datestamp 4294cc20
i have no idea if that will help at all...
the capacitors look normal, and i scanned for some adware
here's my hijackthis log and that other thing log
also... my pc's taking forever to boot up now, i get this black screen with grey lines at the bottom, like a status bar or something, but it takes maybe 5 minutes to do it
thanks for the help
i have no idea if that will help at all...
the capacitors look normal, and i scanned for some adware
here's my hijackthis log and that other thing log
also... my pc's taking forever to boot up now, i get this black screen with grey lines at the bottom, like a status bar or something, but it takes maybe 5 minutes to do it
thanks for the help
howard_hopkinso
Posts: 21,238 +17
I notice that Ewido has removed quite a lot of malware from your computer.
Boot into safe mode.
Turn off system restore.
In Windows Explorer, turn on "Show all files and folders, including hidden and system".
Go to add remove programme in your control panel, and uninstall anything to do with(if there).
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
Close control panel.
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
alarm.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000
O4 - HKLM\..\Run: [\\Summer\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "\\Summer\EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on Summer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P41 "Auto EPSON Stylus CX4800 Series on Summer" /O28 "\\SUMMER\EPSON Stylus CX4800" /M "Stylus CX4800"
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119980554421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Fix the following 017 entries, if they don`t belong to your ISP.
O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
Reboot into normal mode, and turn system restore back on.
See if that helps any.
Regards Howard
Boot into safe mode.
Turn off system restore.
In Windows Explorer, turn on "Show all files and folders, including hidden and system".
Go to add remove programme in your control panel, and uninstall anything to do with(if there).
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
Close control panel.
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
alarm.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000
O4 - HKLM\..\Run: [\\Summer\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "\\Summer\EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on Summer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P41 "Auto EPSON Stylus CX4800 Series on Summer" /O28 "\\SUMMER\EPSON Stylus CX4800" /M "Stylus CX4800"
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119980554421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Fix the following 017 entries, if they don`t belong to your ISP.
O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
Reboot into normal mode, and turn system restore back on.
See if that helps any.
Regards Howard
alright, everything seems to be working good now, EXCEPT... right before the windows logo when i boot up, i get that black screen with the grey bars at the bottom for about 4 minutes.
after it boots into windows, everything runs fine... it's just that black loading screen that's pissing me off.
thanks for all the help so far
after it boots into windows, everything runs fine... it's just that black loading screen that's pissing me off.
thanks for all the help so far
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
Please would you post a fesh HJT log. Thanks.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
I don`t know how you`ve managed it, but you`ve got your computer infected again.
Boot in Safe Mode.
Turn off system restore.
In Windows Explorer, turn on "Show all files and folders, including hidden and system".
Open your task manager, and click on the processes tab. End process for(if there).
winsysupd10.exe
VCClient.exe
VCMain.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
Fix all 016 DPF entries no matter what they are.
Only fix the 017 entries below, if they don`t belong to your ISP.
O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{47796BDB-FB18-40AA-9A56-15A5DAE988DE}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB92A78-E44D-4F59-AACC-40B9E9121E4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\enrsl1971.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\gzedit.dll (file missing)
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\windows\winsysupd10.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
Reboot into normal mode, and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Boot in Safe Mode.
Turn off system restore.
In Windows Explorer, turn on "Show all files and folders, including hidden and system".
Open your task manager, and click on the processes tab. End process for(if there).
winsysupd10.exe
VCClient.exe
VCMain.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
Fix all 016 DPF entries no matter what they are.
Only fix the 017 entries below, if they don`t belong to your ISP.
O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{47796BDB-FB18-40AA-9A56-15A5DAE988DE}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB92A78-E44D-4F59-AACC-40B9E9121E4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\enrsl1971.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\gzedit.dll (file missing)
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\windows\winsysupd10.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
Reboot into normal mode, and turn system restore back on.
Post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Your HJT log is now clean. Please try and keep it that way.
As to why your computer is booting up slowly, I`m afraid I don`t really know.
At least you`re not getting BSOD`s now, and your system isn`t full of spyware.
Click start/run, and type msconfig into the run box and press the enter key.
Click on the startup tab. you will see a list of programmes etc, that start when you start your computer. Disable any you don`t need, by unticking the little box next to the programmes entry. When done clik apply/ok, and reboot your computer.
Once your computer has rebooted, you will see a window that says you have used msconfig to make changes etc. Tick the box that says not to run msconfig the next time you start your computer, and click ok.
If that doesn`t help. I`m out of ideas.
Regards Howard
As to why your computer is booting up slowly, I`m afraid I don`t really know.
At least you`re not getting BSOD`s now, and your system isn`t full of spyware.
Click start/run, and type msconfig into the run box and press the enter key.
Click on the startup tab. you will see a list of programmes etc, that start when you start your computer. Disable any you don`t need, by unticking the little box next to the programmes entry. When done clik apply/ok, and reboot your computer.
Once your computer has rebooted, you will see a window that says you have used msconfig to make changes etc. Tick the box that says not to run msconfig the next time you start your computer, and click ok.
If that doesn`t help. I`m out of ideas.
Regards Howard
- Status
Latest posts
-
What should i do?- bruno167573 replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Lew Zealand replied
