went to how did i get infected in the first place page..picked up privacyfirewall...spyware blaster(doent work with comodo icedragon..so i might have to revert to plain firefox)....and winpatrol..istalled and restarted... want me to continue with icedragon or go back to firefox.. i'm waiting and listening..lol
testing for neocore
- Thread starter gerawolf
- Start date
Good security software choices, I currently use, or have used, them all, and approve of all of them :)
You could try Pale Moon, SpywareBlaster works with that.
You could always give the Dragon/SB devs a nudge and ask them to consider co-operating to make them work together (if Dragon uses the same profile that Firefox does, perhaps SB works with it 'silently' anyway, not sure about that - another reason to nudge the devs or search the Comodo forums?).
You could try Pale Moon, SpywareBlaster works with that.
You could always give the Dragon/SB devs a nudge and ask them to consider co-operating to make them work together (if Dragon uses the same profile that Firefox does, perhaps SB works with it 'silently' anyway, not sure about that - another reason to nudge the devs or search the Comodo forums?).
Oops! My apologies, I never noticed the DV crash dump was posted.
-- Edit, I also just read the driver that verifier detected in violation may have been/be a trojan, so if that has already been taken care of, ignore the Mionet recommendation.
Right, so it's of the DRIVER_VERIFIER_DETECTED_VIOLATION (c4) bug check.
This is the general bug check code for fatal errors found by Driver Verifier.
We can see that ndisrd.sys (Mionet driver/WinpkFilter high performance packet filtering framework) called into nt!VerifierKeAcquireSpinLockAtDpcLevel.
If a driver is running at IRQL <= APC_LEVEL, it should call KeAcquireSpinLock to have IRQL raised by that routine. KeAcquireSpinLockAtDpcLevel assumes the caller is already running at IRQL >= DISPATCH_LEVEL, so no raise is necessary. What appears (or is likely) ocurring here is ndisrd.sys is holding a spin lock, but is also at the same time trying to call a routine(s) that hold(s) pageable data. Drivers themselves can call certain support routines that access pageable data if/and only if their calls occur while executing at an IRQL strictly less than DISPATCH_LEVEL.
BugCheck C4, {40, 0, fffff9800a3d8c60, 0}
^^ Our 1st parameter bug check = 0x40. 0x40 = Acquiring a spinlock at IRQL DISPATCH_LEVEL.
Overall, this is causing corruption and then you get your bugcheck. Verifier caught ndisrd.sys doing this, and that's why it's mentioned.
1. Uninstall whatever software you have installed related to MioNet (if you do) - MioNet| Your personal private network for PC remote access, webcam access software, backup, and file sharing
2. PROCESS_NAME: NetSvcHelp.exe
^^ Asus Network Service Help (sometimes known as Asus Network iControl). I'd remove this ASAP. If you cannot find it standalone to uninstall, it's probably bundled with Asus' AI Suite which I see you have installed.
3. RTCore64.sys is listed and loaded which is the RivaTuner/EVGA Precision/MSI Afterburner driver (known to cause BSOD's). Uninstall ASAP, please.
Regards,
Patrick
-- Edit, I also just read the driver that verifier detected in violation may have been/be a trojan, so if that has already been taken care of, ignore the Mionet recommendation.
Right, so it's of the DRIVER_VERIFIER_DETECTED_VIOLATION (c4) bug check.
This is the general bug check code for fatal errors found by Driver Verifier.
Code:
0: kd> kv
Child-SP RetAddr : Args to Child : Call Site
fffff880`09f827c8 fffff800`03d504ec : 00000000`000000c4 00000000`00000040 00000000`00000000 fffff980`0a3d8c60 : nt!KeBugCheckEx
fffff880`09f827d0 fffff800`03d612bf : 00000000`00000002 fffffa80`069a03e8 00000000`00000000 fffff800`03d5e69b : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`09f82810 fffff880`03f57726 : fffffa80`0ad41bc0 fffff980`0a3d8c10 fffffa80`0a41c450 fffff880`09f828d8 : [COLOR=#4b0082]nt!VerifierKeAcquireSpinLockAtDpcLevel+0xa0[/COLOR]
fffff880`09f82870 fffffa80`0ad41bc0 : fffff980`0a3d8c10 fffffa80`0a41c450 fffff880`09f828d8 00000000`00000000 : [COLOR=#ff0000]ndisrd+0x2726[/COLOR]
fffff880`09f82878 fffff980`0a3d8c10 : fffffa80`0a41c450 fffff880`09f828d8 00000000`00000000 fffff880`03f58ba9 : 0xfffffa80`0ad41bc0
fffff880`09f82880 fffffa80`0a41c450 : fffff880`09f828d8 00000000`00000000 fffff880`03f58ba9 00000000`00010001 : 0xfffff980`0a3d8c10
fffff880`09f82888 fffff880`09f828d8 : 00000000`00000000 fffff880`03f58ba9 00000000`00010001 fffffa80`0ad41bc0 : 0xfffffa80`0a41c450
fffff880`09f82890 00000000`00000000 : fffff880`03f58ba9 00000000`00010001 fffffa80`0ad41bc0 00000000`00000000 : 0xfffff880`09f828d8We can see that ndisrd.sys (Mionet driver/WinpkFilter high performance packet filtering framework) called into nt!VerifierKeAcquireSpinLockAtDpcLevel.
If a driver is running at IRQL <= APC_LEVEL, it should call KeAcquireSpinLock to have IRQL raised by that routine. KeAcquireSpinLockAtDpcLevel assumes the caller is already running at IRQL >= DISPATCH_LEVEL, so no raise is necessary. What appears (or is likely) ocurring here is ndisrd.sys is holding a spin lock, but is also at the same time trying to call a routine(s) that hold(s) pageable data. Drivers themselves can call certain support routines that access pageable data if/and only if their calls occur while executing at an IRQL strictly less than DISPATCH_LEVEL.
BugCheck C4, {40, 0, fffff9800a3d8c60, 0}
^^ Our 1st parameter bug check = 0x40. 0x40 = Acquiring a spinlock at IRQL DISPATCH_LEVEL.
Overall, this is causing corruption and then you get your bugcheck. Verifier caught ndisrd.sys doing this, and that's why it's mentioned.
1. Uninstall whatever software you have installed related to MioNet (if you do) - MioNet| Your personal private network for PC remote access, webcam access software, backup, and file sharing
2. PROCESS_NAME: NetSvcHelp.exe
^^ Asus Network Service Help (sometimes known as Asus Network iControl). I'd remove this ASAP. If you cannot find it standalone to uninstall, it's probably bundled with Asus' AI Suite which I see you have installed.
3. RTCore64.sys is listed and loaded which is the RivaTuner/EVGA Precision/MSI Afterburner driver (known to cause BSOD's). Uninstall ASAP, please.
Regards,
Patrick
Patrick, thanks for the great analysis and follow-up work :thumbsup2:
Gerawolf, as I mentioned earlier, Notepad really shouldn't be hanging on a stable, modern Windows OS, yet there were a number of those logged in your Windows Error Reports over the previous few days with a history of that (and a lot more besides) going back for months. I'd still like to see new logs after 2 days of normal Windows usage.
I still suspect that part of your problems/errors logged are down to your apparent reliance on Registry 'cleaners' and suchlike, as we discussed on Steam. Registry entries incorrectly 'fixed' by either CCleaner or Glary Utilities or any other such tool, are not going to be replaced, except by a clean Windows install.
Whether or not the current game crashes are related to any such 'fixes', I cannot tell; the aim is to get a stable Windows running, check for any residual damage/differences post -cleanup and then we'll look deeper into the gaming issues, Steam permissions etc., and try to work out the fix for those.
<Sorry, I thought I'd posted this hours ago - I was called away>
Gerawolf, as I mentioned earlier, Notepad really shouldn't be hanging on a stable, modern Windows OS, yet there were a number of those logged in your Windows Error Reports over the previous few days with a history of that (and a lot more besides) going back for months. I'd still like to see new logs after 2 days of normal Windows usage.
I still suspect that part of your problems/errors logged are down to your apparent reliance on Registry 'cleaners' and suchlike, as we discussed on Steam. Registry entries incorrectly 'fixed' by either CCleaner or Glary Utilities or any other such tool, are not going to be replaced, except by a clean Windows install.
Whether or not the current game crashes are related to any such 'fixes', I cannot tell; the aim is to get a stable Windows running, check for any residual damage/differences post -cleanup and then we'll look deeper into the gaming issues, Steam permissions etc., and try to work out the fix for those.
<Sorry, I thought I'd posted this hours ago - I was called away>
I often keep my rig running, 3-7+ days up time isn't so uncommon (4.25 days currently); if I do feel like I've hammered it - multitasking whilst gaming, using more than ~80% of the RAM for hours on end - then I'm more likely to reboot to refresh Windows. I did make a point of building a reasonably efficient PC though, with a game loaded but in the background, ~2GB used by my browser and still being used, it might only be pulling 80 Watts from the wall. on full idle, nothing loaded, that would reduce to ~40W.
For the purposes of collecting new logs, it would be good to get 2 reboots in during a 2 day period.
For the purposes of collecting new logs, it would be good to get 2 reboots in during a 2 day period.
thought of why notebook hangs for me a lot,opening files in steam folders looking for setting to fix what might need tweaking..like this in pinball fx2 PTSData.cache.pxp
instead of searching online for something to crack it, so for my hangs its opening stuff that should not nor need not be opened that most case too large for note pad to read
does that help? i only do it when i have an older game and i need to change the settings for my resolution to work....hdmi scaling messes things up sometimes
instead of searching online for something to crack it, so for my hangs its opening stuff that should not nor need not be opened that most case too large for note pad to read
does that help? i only do it when i have an older game and i need to change the settings for my resolution to work....hdmi scaling messes things up sometimes
Trying to catchup, gonna be a busy weekend here. In another topic you stated "my firewall asked me if i wanted to allow van helsing."
Assuming this is Windows' own firewall, dig right into the firewall settings, advanced included, while VH is closed, and remove all instances of VH from incoming and outgoing. Close everything down, reboot and wait about 10 minutes for Windows to be fully 'awake' and then start Steam and VH - you should get a new popup from the firewall for VH - allow it and see if it plays.
This is what it took for me to get VH to work again (I'd already removed incorrect run as Admin, etc from the properties of various Steam.VH .exes) a few months ago after a bad download/install. The 'bad' firewall entries (for me) may have been from the change-over of netcode/routing/servers for the game, about a month previous to that.
Assuming this is Windows' own firewall, dig right into the firewall settings, advanced included, while VH is closed, and remove all instances of VH from incoming and outgoing. Close everything down, reboot and wait about 10 minutes for Windows to be fully 'awake' and then start Steam and VH - you should get a new popup from the firewall for VH - allow it and see if it plays.
This is what it took for me to get VH to work again (I'd already removed incorrect run as Admin, etc from the properties of various Steam.VH .exes) a few months ago after a bad download/install. The 'bad' firewall entries (for me) may have been from the change-over of netcode/routing/servers for the game, about a month previous to that.
no it was not windows...it was privatefirewall 7.0 recommeded from this forum "how did i get infected in the first place" page...i thought it was supposed to ask if i wanted to allow "game"..i click allow i thought it wasnt supposed to ask again..did i do something wrong?
on vh exe compatibilty tab of properties unchecked all boxes..hit apply....done
removed applications for vh from privatewall 7.0
rebooting now...gonna go eat something...be back in as few....
ps.. did my editing on both steam forums make my thought typing style easier to understand?
removed applications for vh from privatewall 7.0
rebooting now...gonna go eat something...be back in as few....
ps.. did my editing on both steam forums make my thought typing style easier to understand?