Page 2 of 3 First 123 Last
  1. #21

    Re: testing for neocore

    went to how did i get infected in the first place page..picked up privacyfirewall...spyware blaster(doent work with comodo icedragon..so i might have to revert to plain firefox)....and winpatrol..istalled and restarted... want me to continue with icedragon or go back to firefox.. i'm waiting and listening..lol


    • Ad Bot

      advertising
      Beep.

        
       

  2. #22
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    741
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    Good security software choices, I currently use, or have used, them all, and approve of all of them :)

    You could try Pale Moon, SpywareBlaster works with that.

    You could always give the Dragon/SB devs a nudge and ask them to consider co-operating to make them work together (if Dragon uses the same profile that Firefox does, perhaps SB works with it 'silently' anyway, not sure about that - another reason to nudge the devs or search the Comodo forums?).

  3. #23

    Re: testing for neocore

    Oops! My apologies, I never noticed the DV crash dump was posted.

    -- Edit, I also just read the driver that verifier detected in violation may have been/be a trojan, so if that has already been taken care of, ignore the Mionet recommendation.


    Right, so it's of the DRIVER_VERIFIER_DETECTED_VIOLATION (c4) bug check.

    This is the general bug check code for fatal errors found by Driver Verifier.

    Code:
    0: kd> kv
    Child-SP          RetAddr           : Args to Child                                                           : Call Site
    fffff880`09f827c8 fffff800`03d504ec : 00000000`000000c4 00000000`00000040 00000000`00000000 fffff980`0a3d8c60 : nt!KeBugCheckEx
    fffff880`09f827d0 fffff800`03d612bf : 00000000`00000002 fffffa80`069a03e8 00000000`00000000 fffff800`03d5e69b : nt!VerifierBugCheckIfAppropriate+0x3c
    fffff880`09f82810 fffff880`03f57726 : fffffa80`0ad41bc0 fffff980`0a3d8c10 fffffa80`0a41c450 fffff880`09f828d8 : nt!VerifierKeAcquireSpinLockAtDpcLevel+0xa0
    fffff880`09f82870 fffffa80`0ad41bc0 : fffff980`0a3d8c10 fffffa80`0a41c450 fffff880`09f828d8 00000000`00000000 : ndisrd+0x2726
    fffff880`09f82878 fffff980`0a3d8c10 : fffffa80`0a41c450 fffff880`09f828d8 00000000`00000000 fffff880`03f58ba9 : 0xfffffa80`0ad41bc0
    fffff880`09f82880 fffffa80`0a41c450 : fffff880`09f828d8 00000000`00000000 fffff880`03f58ba9 00000000`00010001 : 0xfffff980`0a3d8c10
    fffff880`09f82888 fffff880`09f828d8 : 00000000`00000000 fffff880`03f58ba9 00000000`00010001 fffffa80`0ad41bc0 : 0xfffffa80`0a41c450
    fffff880`09f82890 00000000`00000000 : fffff880`03f58ba9 00000000`00010001 fffffa80`0ad41bc0 00000000`00000000 : 0xfffff880`09f828d8
    We can see that ndisrd.sys (Mionet driver/WinpkFilter high performance packet filtering framework) called into nt!VerifierKeAcquireSpinLockAtDpcLevel.

    If a driver is running at IRQL <= APC_LEVEL, it should call KeAcquireSpinLock to have IRQL raised by that routine. KeAcquireSpinLockAtDpcLevel assumes the caller is already running at IRQL >= DISPATCH_LEVEL, so no raise is necessary. What appears (or is likely) ocurring here is ndisrd.sys is holding a spin lock, but is also at the same time trying to call a routine(s) that hold(s) pageable data. Drivers themselves can call certain support routines that access pageable data if/and only if their calls occur while executing at an IRQL strictly less than DISPATCH_LEVEL.

    BugCheck C4, {40, 0, fffff9800a3d8c60, 0}

    ^^ Our 1st parameter bug check = 0x40. 0x40 = Acquiring a spinlock at IRQL DISPATCH_LEVEL.

    Overall, this is causing corruption and then you get your bugcheck. Verifier caught ndisrd.sys doing this, and that's why it's mentioned.



    1. Uninstall whatever software you have installed related to MioNet (if you do) - MioNet| Your personal private network for PC remote access, webcam access software, backup, and file sharing

    2. PROCESS_NAME: NetSvcHelp.exe

    ^^ Asus Network Service Help (sometimes known as Asus Network iControl). I'd remove this ASAP. If you cannot find it standalone to uninstall, it's probably bundled with Asus' AI Suite which I see you have installed.

    3. RTCore64.sys is listed and loaded which is the RivaTuner/EVGA Precision/MSI Afterburner driver (known to cause BSOD's). Uninstall ASAP, please.

    Regards,

    Patrick

  4. #24

    Re: testing for neocore

    not part of mionet..network i control removed..also unistalled asus remote control based on could be related to number 1....rivatuner unistalled..wish me to unistall after burner as well?

  5. #25

    Re: testing for neocore

    Yes, please. Great work

    Regards,

    Patrick

  6. #26

    Re: testing for neocore

    removed asus suite 2,and msi kombustor and afterburner...next?...not sure where to find that ndisrd.sys


  7. #27

    Re: testing for neocore

    1. Create a Restore Point - Windows 7 - START | type create | select "Create a Restore Point"

    2. Navigate to C:\Windows\System32\Drivers

    Once there, find ndisrd.sys and rename it to ndisrd.old.

    and then restart.

    Regards,

    Patrick

  8. #28

    Re: testing for neocore

    done..want me run verifier again?

  9. #29

    Re: testing for neocore

    Nope, that's good for now. Keep us updated.

    Regards,

    Patrick

  10. #30

    Re: testing for neocore

    van helsing still doesnt run

  11. #31

    Re: testing for neocore

    Well, for that, you'll want to make a new thread. This thread is for your BSOD's, which hopefully have been solved as you have not mentioned a crash yet.

    Regards,

    Patrick

  12. #32
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    741
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    Patrick, thanks for the great analysis and follow-up work

    Gerawolf, as I mentioned earlier, Notepad really shouldn't be hanging on a stable, modern Windows OS, yet there were a number of those logged in your Windows Error Reports over the previous few days with a history of that (and a lot more besides) going back for months. I'd still like to see new logs after 2 days of normal Windows usage.

    I still suspect that part of your problems/errors logged are down to your apparent reliance on Registry 'cleaners' and suchlike, as we discussed on Steam. Registry entries incorrectly 'fixed' by either CCleaner or Glary Utilities or any other such tool, are not going to be replaced, except by a clean Windows install.

    Whether or not the current game crashes are related to any such 'fixes', I cannot tell; the aim is to get a stable Windows running, check for any residual damage/differences post -cleanup and then we'll look deeper into the gaming issues, Steam permissions etc., and try to work out the fix for those.

    <Sorry, I thought I'd posted this hours ago - I was called away>

  13. #33

    Re: testing for neocore

    np i was busy too.. does hit hurt that my computer normally is never shut off?

  14. #34
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    741
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    I often keep my rig running, 3-7+ days up time isn't so uncommon (4.25 days currently); if I do feel like I've hammered it - multitasking whilst gaming, using more than ~80% of the RAM for hours on end - then I'm more likely to reboot to refresh Windows. I did make a point of building a reasonably efficient PC though, with a game loaded but in the background, ~2GB used by my browser and still being used, it might only be pulling 80 Watts from the wall. on full idle, nothing loaded, that would reduce to ~40W.

    For the purposes of collecting new logs, it would be good to get 2 reboots in during a 2 day period.

  15. #35

    Re: testing for neocore

    kk will reboot in a few hrs..

  16. #36

    Re: testing for neocore

    thought of why notebook hangs for me a lot,opening files in steam folders looking for setting to fix what might need tweaking..like this in pinball fx2 PTSData.cache.pxp

    instead of searching online for something to crack it, so for my hangs its opening stuff that should not nor need not be opened that most case too large for note pad to read

    does that help? i only do it when i have an older game and i need to change the settings for my resolution to work....hdmi scaling messes things up sometimes

  17. #37

    Re: testing for neocore

    btw i thought of that..turning off dpi scaling as part of properties on van helsing exes.. you have to turn it off for post apocalypptic mayhem to work... anywy for van helsing nope that didnt help

  18. #38
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    741
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    Trying to catchup, gonna be a busy weekend here. In another topic you stated "my firewall asked me if i wanted to allow van helsing."

    Assuming this is Windows' own firewall, dig right into the firewall settings, advanced included, while VH is closed, and remove all instances of VH from incoming and outgoing. Close everything down, reboot and wait about 10 minutes for Windows to be fully 'awake' and then start Steam and VH - you should get a new popup from the firewall for VH - allow it and see if it plays.

    This is what it took for me to get VH to work again (I'd already removed incorrect run as Admin, etc from the properties of various Steam.VH .exes) a few months ago after a bad download/install. The 'bad' firewall entries (for me) may have been from the change-over of netcode/routing/servers for the game, about a month previous to that.

  19. #39

    Re: testing for neocore

    Quote Originally Posted by satrow View Post
    In another topic you stated "my firewall asked me if i wanted to allow van helsing."

    Assuming this is Windows' own firewall, dig right into the firewall settings, advanced included, while VH is closed, and remove all instances of VH from incoming and outgoing. Close everything down, reboot and wait about 10 minutes for Windows to be fully 'awake' and then start Steam and VH - you should get a new popup from the firewall for VH - allow it and see if it plays.
    no it was not windows...it was privatefirewall 7.0 recommeded from this forum "how did i get infected in the first place" page...i thought it was supposed to ask if i wanted to allow "game"..i click allow i thought it wasnt supposed to ask again..did i do something wrong?

  20. #40

    Re: testing for neocore

    on vh exe compatibilty tab of properties unchecked all boxes..hit apply....done

    removed applications for vh from privatewall 7.0

    rebooting now...gonna go eat something...be back in as few....

    ps.. did my editing on both steam forums make my thought typing style easier to understand?

Page 2 of 3 First 123 Last

Log in

Log in