I don't know what's going on... here's some minidumps...

thanks in advance for any help

Attached Files

Minidump.zip (67.0 KB, 2 views)

Hello and welcome to Techspot.

Most of your minidumps are crashing at SYMTDI.SYS. Symantec/Norton Network Dispatch Driver.

Download The free AVG antivirus programme, and the free Zonealarm firewall from HERE and HERE

Disconnect from the internet, and uninstall your Symantec/Norton security product from add remove programmes in your control panel. Please note. You may have to uninstall it in several pieces from add remove programmes.

Once it`s completely uninstalled reboot your computer. Install the zonealarm programme, followed by the AVG programme, and reboot your computer.

Reconnect to the internet, and download the latest updates for AVG.

See how your system runs, and please let us know.

Regards Howard

Thanks, got rid of Norton AV, using AVG and ZoneAlarm... but it just happened again. any other suggestions? Here's my latest minidump.

Thanks

Attached Files

Mini020206-02.zip (7.2 KB, 2 views)

You`re not going to believe this.

Your minidump crashes at vsdatant.sys. This is Zonealarm firewall.

Download the free Kerio firewall from HERE

Disconnect from the net, and uninstall Zonealarm. reboot your computer, and install the Kerio firewall.

Make sure that the inbuilt Windows firewall isn`t activated.

Let us know how you get on.

Regards Howard

hmmm... worked for awhile, did it again just now. here's the latest dump.

thanks for helping me out with this, it's really annoying. i'm glad i finally found a board where people actually reply.

Attached Files

Mini020206-03.zip (6.9 KB, 1 views)

There`s something very strange going on here. I feel like pulling my hair out. Well I would if I had any lol.

Your minidump crashes at fwdrv.sys. You kerio firewall driver.

It has a bugcheck of D1.

0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL

The system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.

Just in case you`ve got a ram/pagefile/hard drive problem. Go HERE and follow the instructions. the page file instructions can be found in reply #11 of the above link.

Regards Howard

Is this only happening when you run p2p software?

Have you tried running a different p2p programme.

Just a thought.

Regards Howard

this usually happens with p2p... it's happened every single time except maybe like twice it happened when i wasn't running any p2p. and yeah, i've tried probably every one of the popular p2p programs out there, right now it's happening with shareaza, azureus, and emule (only one at a time ever, of course). just got your last last message, i'm on the defrag part right now... after i set the new pagefile i'll run something overnight and let you know how it's running tomorrow.

thanks a ton for the help so far

alright, all i did was the pagefile thing, and it's been running fine overnight.
i usually get the BSOD overnight, but not all the time... i think my record on time with p2p on is like 3 days, so if everything's fine i'll let you know in a couple days how everything's running.

thanks!

so... i was going to post about how everything was running fine today when it did it again. it didn't do a minidump this time, apparently, but it said it was due to tcpip.sys. i know a little bit about tcp/ip, but i have no idea why it's doing this. thanks for any help

So this is the first BSOD you`ve had in a while eh?

Has the system run fine since?

A couple of things I`d like you to try.

Take a look at your mobo for bulging, or leaking capacitors. See HERE for further info.

Also, go and read both these threads by RBS. Follow all the instructions exactly.

How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

Then see. How to post your Hijackthis log-file as an ATTACHMENT.

Regards Howard

had another BSOD right after I posted that, the whole error said tcpip.sys at address BAE6F5C8 base at BAE6C000, Datestamp 4294cc20
i have no idea if that will help at all...
the capacitors look normal, and i scanned for some adware
here's my hijackthis log and that other thing log

also... my pc's taking forever to boot up now, i get this black screen with grey lines at the bottom, like a status bar or something, but it takes maybe 5 minutes to do it

thanks for the help

Attached Files

	Scan report_20060209.txt.zip (3.1 KB, 1 views)
	hijackthis.txt (8.6 KB, 2 views)

I notice that Ewido has removed quite a lot of malware from your computer.

Boot into safe mode.

Turn off system restore.

In Windows Explorer, turn on "Show all files and folders, including hidden and system".

Go to add remove programme in your control panel, and uninstall anything to do with(if there).

C:\Program Files\Chaos Software\Chaos 6\alarm.exe

Close control panel.

Open your task manager, by pressing the ctrl/alt/delete keys together.

Click on the processes tab, and end process for(if there).

alarm.exe

Close task manager.

Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000

O4 - HKLM\..\Run: [\\Summer\EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "\\Summer\EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on Summer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P41 "Auto EPSON Stylus CX4800 Series on Summer" /O28 "\\SUMMER\EPSON Stylus CX4800" /M "Stylus CX4800"

O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubles.../usbaptest.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119980554421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab

Fix the following 017 entries, if they don`t belong to your ISP.


O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1


Now click on the fix checked button.

Close HJT.

Locate, and delete the following bold files(if there).

C:\Program Files\Chaos Software\Chaos 6\alarm.exe

Reboot into normal mode, and turn system restore back on.

See if that helps any.

Regards Howard

alright, everything seems to be working good now, EXCEPT... right before the windows logo when i boot up, i get that black screen with the grey bars at the bottom for about 4 minutes.
after it boots into windows, everything runs fine... it's just that black loading screen that's pissing me off.

thanks for all the help so far

Try doing a Windows repair, as per this thread HERE. It may help.

Regards Howard

tried it... still happens... i think it *might* be cause by SP2, but not quite sure.

also, windows DOES load, it just takes longer than it should. it's not really a problems since i don't reboot often (every 2 or 3 days), but it's really damn annoying.

Please would you post a fesh HJT log. Thanks.

Regards Howard

here ya go

Attached Files

hijackthis022206.txt (8.6 KB, 1 views)

I don`t know how you`ve managed it, but you`ve got your computer infected again.

Boot in Safe Mode.

Turn off system restore.

In Windows Explorer, turn on "Show all files and folders, including hidden and system".

Open your task manager, and click on the processes tab. End process for(if there).

winsysupd10.exe
VCClient.exe
VCMain.exe

Close task manager.

Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to( if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

Fix all 016 DPF entries no matter what they are.

Only fix the 017 entries below, if they don`t belong to your ISP.

O17 - HKLM\System\CCS\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{47796BDB-FB18-40AA-9A56-15A5DAE988DE}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB92A78-E44D-4F59-AACC-40B9E9121E4E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35381D-4AAF-4E8F-A5F9-CF0E48D382B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0635EAD9-A37D-42E3-9F9F-F399B557BBB9}: NameServer = 192.168.1.1

O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\enrsl1971.dll (file missing)

O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\gzedit.dll (file missing)

Now click on the fix checked button.

Close HJT.

Locate, and delete the following bold files(if there).

C:\windows\winsysupd10.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe

Reboot into normal mode, and turn system restore back on.

Post a fresh HJT log.

Regards Howard

here's a fresh one.
it's still booting slow, didn't know if i should tell ya

thanks

Attached Files

hijackthis022206b.txt (5.9 KB, 1 views)