TechSpot

BSOD on xp when running p2p

By ellipsis
Feb 2, 2006
Topic Status:
Not open for further replies.
  1. I don't know what's going on... here's some minidumps...

    thanks in advance for any help
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Most of your minidumps are crashing at SYMTDI.SYS. Symantec/Norton Network Dispatch Driver.

    Download The free AVG antivirus programme, and the free Zonealarm firewall from HERE and HERE

    Disconnect from the internet, and uninstall your Symantec/Norton security product from add remove programmes in your control panel. Please note. You may have to uninstall it in several pieces from add remove programmes.

    Once it`s completely uninstalled reboot your computer. Install the zonealarm programme, followed by the AVG programme, and reboot your computer.

    Reconnect to the internet, and download the latest updates for AVG.

    See how your system runs, and please let us know.

    Regards Howard :wave: :wave:
  3. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    Thanks, got rid of Norton AV, using AVG and ZoneAlarm... but it just happened again. any other suggestions? Here's my latest minidump.

    Thanks :)
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You`re not going to believe this.

    Your minidump crashes at vsdatant.sys. This is Zonealarm firewall.

    Download the free Kerio firewall from HERE

    Disconnect from the net, and uninstall Zonealarm. reboot your computer, and install the Kerio firewall.

    Make sure that the inbuilt Windows firewall isn`t activated.

    Let us know how you get on.

    Regards Howard :)
  5. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    hmmm... worked for awhile, did it again just now. here's the latest dump.

    thanks for helping me out with this, it's really annoying. i'm glad i finally found a board where people actually reply. :)
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    There`s something very strange going on here. I feel like pulling my hair out. Well I would if I had any lol.

    Your minidump crashes at fwdrv.sys. You kerio firewall driver.

    It has a bugcheck of D1.

    0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL

    The system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.

    Just in case you`ve got a ram/pagefile/hard drive problem. Go HERE and follow the instructions. the page file instructions can be found in reply #11 of the above link.

    Regards Howard :)
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Is this only happening when you run p2p software?

    Have you tried running a different p2p programme.

    Just a thought.

    Regards Howard :)
  8. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    this usually happens with p2p... it's happened every single time except maybe like twice it happened when i wasn't running any p2p. and yeah, i've tried probably every one of the popular p2p programs out there, right now it's happening with shareaza, azureus, and emule (only one at a time ever, of course). just got your last last message, i'm on the defrag part right now... after i set the new pagefile i'll run something overnight and let you know how it's running tomorrow.

    thanks a ton for the help so far :)
  9. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    alright, all i did was the pagefile thing, and it's been running fine overnight.
    i usually get the BSOD overnight, but not all the time... i think my record on time with p2p on is like 3 days, so if everything's fine i'll let you know in a couple days how everything's running.

    thanks!
  10. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    so... i was going to post about how everything was running fine today when it did it again. it didn't do a minidump this time, apparently, but it said it was due to tcpip.sys. i know a little bit about tcp/ip, but i have no idea why it's doing this. thanks for any help :)
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

     
  12. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    had another BSOD right after I posted that, the whole error said tcpip.sys at address BAE6F5C8 base at BAE6C000, Datestamp 4294cc20
    i have no idea if that will help at all...
    the capacitors look normal, and i scanned for some adware
    here's my hijackthis log and that other thing log

    also... my pc's taking forever to boot up now, i get this black screen with grey lines at the bottom, like a status bar or something, but it takes maybe 5 minutes to do it

    thanks for the help
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I notice that Ewido has removed quite a lot of malware from your computer.

    Boot into safe mode.

    Turn off system restore.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system".

    Go to add remove programme in your control panel, and uninstall anything to do with(if there).

    C:\Program Files\Chaos Software\Chaos 6\alarm.exe

    Close control panel.

    Open your task manager, by pressing the ctrl/alt/delete keys together.

    Click on the processes tab, and end process for(if there).

    alarm.exe

    Close task manager.

    Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000

    O4 - HKLM\..\Run: [\\Summer\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "\\Summer\EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on Summer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P41 "Auto EPSON Stylus CX4800 Series on Summer" /O28 "\\SUMMER\EPSON Stylus CX4800" /M "Stylus CX4800"

    O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119980554421
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    Fix the following 017 entries, if they don`t belong to your ISP.


    O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1


    Now click on the fix checked button.

    Close HJT.

    Locate, and delete the following bold files(if there).

    C:\Program Files\Chaos Software\Chaos 6\alarm.exe

    Reboot into normal mode, and turn system restore back on.

    See if that helps any.

    Regards Howard :)
  14. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    alright, everything seems to be working good now, EXCEPT... right before the windows logo when i boot up, i get that black screen with the grey bars at the bottom for about 4 minutes.
    after it boots into windows, everything runs fine... it's just that black loading screen that's pissing me off.

    thanks for all the help so far :)
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Try doing a Windows repair, as per this thread HERE. It may help.

    Regards Howard :)
  16. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    tried it... still happens... i think it *might* be cause by SP2, but not quite sure.

    also, windows DOES load, it just takes longer than it should. it's not really a problems since i don't reboot often (every 2 or 3 days), but it's really damn annoying.
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Please would you post a fesh HJT log. Thanks.

    Regards Howard :)
  18. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    here ya go :)
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I don`t know how you`ve managed it, but you`ve got your computer infected again.

    Boot in Safe Mode.

    Turn off system restore.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system".

    Open your task manager, and click on the processes tab. End process for(if there).

    winsysupd10.exe
    VCClient.exe
    VCMain.exe

    Close task manager.

    Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe

    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    Fix all 016 DPF entries no matter what they are.

    Only fix the 017 entries below, if they don`t belong to your ISP.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47796BDB-FB18-40AA-9A56-15A5DAE988DE}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB92A78-E44D-4F59-AACC-40B9E9121E4E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1

    O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\enrsl1971.dll (file missing)

    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\gzedit.dll (file missing)

    Now click on the fix checked button.

    Close HJT.

    Locate, and delete the following bold files(if there).

    C:\windows\winsysupd10.exe
    C:\Program Files\Common Files\VCClient\VCClient.exe
    C:\Program Files\Common Files\VCClient\VCMain.exe

    Reboot into normal mode, and turn system restore back on.

    Post a fresh HJT log.

    Regards Howard :)
  20. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    here's a fresh one.
    it's still booting slow, didn't know if i should tell ya :p

    thanks :)
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean. Please try and keep it that way.

    As to why your computer is booting up slowly, I`m afraid I don`t really know.

    At least you`re not getting BSOD`s now, and your system isn`t full of spyware.

    Click start/run, and type msconfig into the run box and press the enter key.

    Click on the startup tab. you will see a list of programmes etc, that start when you start your computer. Disable any you don`t need, by unticking the little box next to the programmes entry. When done clik apply/ok, and reboot your computer.

    Once your computer has rebooted, you will see a window that says you have used msconfig to make changes etc. Tick the box that says not to run msconfig the next time you start your computer, and click ok.

    If that doesn`t help. I`m out of ideas.

    Regards Howard :)
  22. ellipsis

    ellipsis TS Rookie Topic Starter Posts: 18

    well, thanks a ton for what you've helped me with so far. :) the BSODs were definitely a billion times more annoying than a slow bootup.

    thanks again! :) :) :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.