I need some input here...
Been working with a lady for over a month who is experiencing BSOD's on her Vista(factory installed computer. Computer specs are the following;
Model # a1510y
HP Pavilion desk top computer, Direct X version 10.0
vista home basic 32 bit
H/P intel R Pentium R 4
CPU 3.00 GHz 2.99 GHz
Mem. 1.75 GB


Under display: ATI RADEON XPRESS 1100 series
ATI Technologies Inc. Driver version 8.383.0.0

Undr system devices: ATI PCI express 3G10 filter driver

Microsoft Syst. Mgmt. Bios Driver, Version 6.0.0000.16386
Total available graphics memory 895 MB,
Dedicated Video Memory 256 MB
System Video Memory O MB
Shared System Memory 639 MB

21" Flat screen Acer Monitor (Acer driver is NOT loaded. Shows Generic PnP Monitor in Device Manager


AVG 7.5 antivirus, AVG anti spyware, Spybot SD, SpywareBlaster, Win. Defender/firewall.
I.E. 7 dial up.

Now these blue screens have NO message on them, blue screen then shut down. Happens most often when she is waiting for picture on websites to load, but have also happened at random times also. Believe she is always online when they happen however. Had her disable automatic reboot during blue screen to see if a message could be seen, none available.

She has checked Event Viewer...millions of times almost and here are the most prevalent error notations;
Log Name: System
Source: IPRIP
Event ID: 29031
IPRIP was unable to add a route to the system route table. The data is the error code.

Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 3/8/2008 10:10:38 PM
Event ID: 4621
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object


Log Name: System
Source: Tcpip
Event ID: 4227
Description:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

Multiple listings like this after Blue Screens also;
Log Name: ACEEventLog
Source: ACEEventLogSource
Event ID: 0
Task Category: None
Level: Information
Calling _iDEM_PP.GetPowerplayFeatureSettings method failed and the result is: 0
Error Called by: ATI.ACE.CLI.Aspect.PowerPlayDPPE.Graphics.Runtime. RT_PowerPlayDPPE::Check processID:03068 threadIDCLIRuntime ; domainNameCLI.EXE ; assemblyNameCLI.Aspect.PowerPlayDPPE.Graphics.Ru ntime, Version=2.0.2488.36842, Culture=neutral, PublicKeyToken=90ba9c70f846762e

Log Name: ACEEventLog
Source: ACEEventLogSource
Event ID: 0
Task Category: None
Level: Information

Thus far she has done the following..Generally followed PP's "Read Me before..etc." thread, including HJT log. Nothing found.

Checked and made sure video drivers were up to date, deleted and reinstalled her dial-up connection. Windows updates are also current.

I am at a loss really. These began shortly AFTER the computer warranty was up...of course. She added more RAM thinking maybe memory was the problem but it made no difference whatsoever.

So?:bow:

Try to disable and uninstall the network adapter via bios and windows to see if that changes anything.

Boy, don't know if I can get her to attempt this...took instructions multiple times to get the Event Viewer info from her.
How about just via Device Manager?

I'm with cauz. It sounds like a network card/adapter error. You should be able to disable it via device manager and see if that helps. It might even be a bad modem (yes I know its new, but it's still possible).

Had her get start up list via HJT and have attached. Is that Enumerating Winsock LSP files normal or correct?
There are NONE showing in HJT log.

The ones I really wonder about are the two pnrpnsp.dll entries. All I can find about this is that it is part of the Advanced Networking Pack is only for computers that are running Windows XP with SP1
Why would these be on a Vista computer? I find no mention of this whatsoever in anything having to do with Vista, unless I am not looking in the right place.

Also an item in the HJT log which I failed to notice before is O13 - Gopher Prefix:
From all I could find there are fewer than 100 Gopher servers now and Gopher support was actually discontinued for Internet Explorer back in June of 2002. Though you can use Gopher with IE7 by doing a registry edit. This lady would NOT have done this...took days, as I said before, to have her figure out how to use and copy entries in the Event Viewer. In IE7 Gopher support was removed on the WinINET level. Now you know me, had no clue what this was but when I found the info WinInet limits the number of simultaneous connections that it makes to a single HTTP server. If you exceed this limit, the requests block until one of the current connections has completed.
a "light went off" BECAUSE several of her entries in her event viewer logs are this, as noted above;
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint.
Am I wrong to think this stuff may be part of her problem? Or have I just gone "daffier" ?

In trying to find a solution for this lady's problems one thing I learned about it is this...this problem right now seems pretty much limited to people using Vista.

Now some people may all ready know all this or understand it but this explanation is for those who don't...(like me until I began working on this and YES, I still might not quite get it but here goes)

First here is what it involved...Internet Protocol...to put it as simply as possible...our internet "addresses" represented by numbers...we all have one, we don't see it, but we do. Currently the Internet Protocol most in use is version 4.... hence IPv4. I am not going into the actual numbers involved...in the billions...but with wide use of these IPv4 addresses today there is fear that we will run out of them. So this pushed towards development of IPv6 which really is in the early stages of development. But will give many, many more IP addresses.

The problem this lady and others have involves IPv6 and the transition technologies needed for it at this time in order to transition between it and IPv4. IPv6 support is provided for in XP with SP1 and SP2, Windows Vista, Windows Server 2008, Windows Server 2003 but I think the problem comes with the fact that in Windows Vista and Windows Server 2008 come with an integrated IPv4 and IPv6 implementation known as the Next Generation TCP/IP stack and the very items which showed all of the errors on her machine...Tunneling, ISATAP, 6to4, Teredo seem to come automatically enabled on Vista (as I said I could be wrong but could find nothing to state otherwise) but they do not allow for the fact that, especially people on dial-up, for NOW, do not need these enabled. Her dial-up uses IPv4, as do most of them still today, and her machine was attempting to use these integration items that it had no use for at this time, but WERE enabled and so it would freeze, shut down, disconnect because they didn't work since there really was no integration needed but the computer was attempting this integration. The solution I found in multiple places, finally, was to disable all noted in blue of the above . This is what we did on her machine along with her ethernet card, which was also enabled. Thus far she has been surfing along fine, without freezes, blue screens, or disconnects. We DID NOT remove any of them, just turned them off and then disabled them. If she needs them later she can just go back in and re-enable them.

This is a complaint I have with Vista, it is fancy and sleek...but with major flaws and now the SP1 update which is "supposed" to address, among other things, this very issue (so obviously it IS a problem for many), has been pushed back and won't be released to the general public until later. You can get ahold of Beta (test) versions but that is never something I recommend.

Cool. I was getting to the networking issues, but you caught it and found the issue... In network device manager, should only need TCP/IP to get online, client for ms networks etc all un-necesarry for browsing the net. Did you find these in "services" or device manager, or network configuration etc..? maybe write a brief procedural path to the culprits...

Am working on step by step of what we did to find and correct all. Will post it later...took nearly two solid weeks to find what HOPEFULLY IS the answer.

Now sorry but this will repeat some of my post above but have no idea of any other way to post all this;

Lady had been having "blue screens" for several months...of course right AFTER warranty ran out. Running Vista, AVG 7.5 antivirus, AVG anti spyware, Spybot SD, SpywareBlaster, Win. Defender/firewall.
I.E. 7 dial up. She added 1GB of RAM thinking maybe not enough RAM was the cause. Blue screens generally happened when waiting for a photo to come up on photo page. Occasionally while original Norton anti-virus was updating. She remove Norton knowing it is a resource hog and installed AVG Free.
Had her run as many steps of PP's sticky as she could...online scans would cause the "blue screen" however so we stopped that. Ran all of her anti-spy programs, her AVG program, and then an HJT scan...all done off-line without difficulty which should have given me a clue...I am dense and didn't figure that out THEN. Really nothing showed anything, except out of date Java. Uninstalled old version, installed new version and computer seemed ok for couple days and then again blue screen. Had her do checkdisk/fix, nothing changed and only a couple fixes needed. Blue screens continued...WHEN ONLINE only...still didn't catch on! In fact she didn't mention it either. No message on the screen however, it would show screen and then reboot. Had her disable auto reboot during blue screen but it still did not display any message. Also had her update video card. Still had the same difficulties. Finally had her use Event Viewer and give me errors showing before or during time of blue screens. They all were pretty much what is shown below.

Source: IPRIP
IPRIP was unable to add a route to the system route table.

Source: Tcpip
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint.
She ran the Dell Diagnostic Tool
Dell Diagnostic Tool Info
Microsoft ISATAP Adapter, is reporting "tv_ConfigMgrErr31
Microsoft 6to4 Adapter, is reporting "tv_ConfigMgrErr31
Teredo Tunneling Pseudo Interface error, though can't find now what the wording of the error was...I have "tons" of saved files on this problem!

Then had her go to Device Manager and these items all showed errors;

Network adapters: shown are SIX , 6TO4 Adapter listings.
isatap, (FB4F3505-C1CB-4F2E-8604-90D580B8BAE3} , shown 5 times..
The isatap when right clicked says, 'this device is not working properly because Windows cannot load the drivers required for this service.
It is enabled.

6TO4 right click says same as above, enabled...not working properly etc.
Teredo Tunneling Pseudo Interface enabled...not working properly.

She then ran the Vista Reliability and Performance Diagnostic check
The basic system checks showed "passed"........with the exception of Hardware Device and Driver Checks, which 'failed'
Microsoft ISATAP Adapter, is reporting "tv_ConfigMgrErr31
Microsoft 6to4 Adapter, is reporting "tv_ConfigMgrErr31
Teredo Tunneling Pseudo Interface failed

First site I found said that the excessive number of 6TO4 Adapters and ISATAP Adapters were due to the fact that the devices were not working properly so with each reboot the system would try to install a new one. All those showing errors (there would always be at least one NOT showing an error) should be removed, which she did. BUT with each reboot a new one would be added...because of course they were not working properly. Finally on the site which gave me the solution the first step was to Uninstall those with errors but NOT reboot but THEN disable those without errors and THEN reboot. These were the ones I had her disable;
Microsoft ISATAP Adapter
Microsoft 6to4 Adapter,
Teredo Tunneling Pseudo Interface
NONE of these are needed with dial-up. Those using dial-up and Vista seemed to be the ones having the problems.
After disabling all, she rebooted and no more blue screens.I finally found the solution by searching for those exact errors. Even that took awhile, blue screen problem for Vista was listed on countless websites but no solutions. Then I began searching using terms, Vista, Blue Screens, dial-up and adding one of those items above. Soon found answer on about three sites, all led to one link but now for the life of me I cannot find it, but on all of the three other sites the poster reported success using fix given.

I would suggest somebody on dial-up experiencing the same problems first of course be sure the computer is clean of viruses, malware, etc.
But THEN check the Device Manager for those three devices showing a problem. Uninstall the extras which will show the Yellow Exclamation point indicating a problem. THEN disable those devices and she also disabled NIC card since she is using dial-up.
So far so good. We are keeping our fingers crossed that this will be the final solution.

We cheered too soon....she got another blue screen on Tuesday night while viewing small images on google 'images' which happened at 9:18 PM...note the times on these errors...
Here are the errors;
Log Name: System
Source: EventLog
Date: 3/18/2008 9:20:21 PM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Sharons-PC
Description:
The previous system shutdown at 9:18:54 PM on 3/18/2008 was unexpected.

Next one;
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 3/18/2008 9:21:14 PM
Event ID: 5032
Task Category: Other System Events
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Sharons-PC
Description:
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2

And this one;
Log Name: System
Source: IPRIP
Date: 3/18/2008 9:26:33 PM
Event ID: 29031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Sharons-PC
Description:
IPRIP was unable to add a route to the system route table. The data is the error code


There were NO errors noted up to 4 hours prior to this happening. The one noted then was also that IPRIP error.
She had no warning, just the blue screen and shut down.
Ok folks I am totally at a loss here! Noted everything we did in my above post...have no clue what else to do...:confused::confused:

Since I had not done this before we ran combofix....
ComboFix 08-03-20.2 - Sharon 2008-03-20 19:16:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.984 [GMT -5:00]
Running from: C:\Users\Sharon\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

No new files created in this timespan



.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-20 21:53 2,260 ----a-w C:\Users\Sharon\AppData\Roaming\wklnhst.dat
2008-03-20 13:00 --------- d-----w C:\ProgramData\avg7
2008-03-16 14:28 --------- d---a-w C:\ProgramData\TEMP
2008-03-16 14:28 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-13 13:41 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 12:24 --------- d-----w C:\Program Files\Windows Mail
2008-03-06 00:57 --------- d-----w C:\Program Files\Java
2008-03-06 00:03 --------- d-----w C:\Program Files\Common Files\Java
2008-03-03 21:52 --------- d-----w C:\Program Files\CleanUp!
2008-03-01 04:39 --------- d-----w C:\Users\Sharon\AppData\Roaming\WinBatch
2008-02-29 12:46 --------- d-----w C:\Program Files\Trend Micro
2008-02-23 23:03 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-13 16:16 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 16:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 16:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 16:16 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 16:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 16:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 15:51 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 15:49 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 15:49 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 15:49 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 15:49 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 15:49 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 15:49 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 15:49 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 15:49 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 15:47 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 15:47 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 15:47 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 15:47 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 15:47 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 15:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-09 01:46 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-09 01:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 12:50 --------- d-----w C:\Users\Sharon\AppData\Roaming\Grisoft
2008-02-01 12:48 --------- d-----w C:\ProgramData\Grisoft
2008-01-31 17:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 11:42 --------- d-----w C:\Program Files\Google
2007-08-29 11:31 174 --sha-w C:\Program Files\desktop.ini
2007-04-02 22:25 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-01-30 20:34 171448]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 20:15 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-10 18:02 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 08:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 10:16 65536]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 20:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 06:52 4702208 C:\Windows\RtHDVCpl.exe]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2006-11-08 02:52 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 22:37 579072]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 18:52 849280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:04 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-05-21 18:29 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1925650744-2817293247-260502016-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{12BF8921-9B8D-466C-B0F1-643B65412963}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{24B9FCBD-B393-4379-B8BE-A58A16430EA2}"= Profile=Private|C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{52E05E6F-F5DE-4E4E-8392-832B1C19FB76}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{1CB6A675-5CBB-4160-944B-30E70D88D9E0}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9B4C4B1C-3BBE-4F28-9CA5-B464E55596A4}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0D1ED38A-DA50-43E6-84C9-FDC60A2B9DB1}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F34996C1-9727-455D-BEA6-8BA77EE0F3D0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A7228EED-0CCF-4702-B47D-B98B611AC286}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1F6B5D47-348D-455F-AA1B-9AD9DED45919}"= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F715E5F2-8AFE-49D4-B436-01B9D38330D9}"= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A65FCD18-131C-4A43-BB86-3BDE718AEB0E}"= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C9D63C3B-D14B-494C-B8A1-61FDFA4A3227}"= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{7E4B6C7F-850B-4B0B-9AC9-521566071239}"= Disabled:C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{FFCD0C8F-7AD1-40DA-A2FE-290ADF04CFC6}"= Disabled:UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{F68D33E1-C4DF-40C4-B135-B37517A4B8D1}"= Disabled:TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A11176A8-BA04-47E7-8BFB-26C30F27B29F}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C738BFDC-A81B-49F6-9519-3E9E1E625198}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2B97359F-79AE-40F0-8CCC-710BCA227ADD}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{AD1FBD97-05C0-4788-9858-2FD3C20AFDCD}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{78F86F2C-E662-437C-8C40-01BFE2B7116E}"= UDP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{6EE75342-707C-4038-A91E-77DC82DCFFC8}"= TCP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{B0459409-B99C-40A7-904E-D6A10580EAF9}"= UDP:C:\Program Files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault
"{2F520A35-D8BC-4C37-9399-2DDD9AECFBD5}"= TCP:C:\Program Files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=ipri p:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%Syst emRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-11-03 10:29]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2007-08-07 06:26]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2007-06-13 20:28]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:41]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 20:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{48bf4476-cead-11dc-9f1f-e25ab51505b4}]
\shell\AutoRun\command - H:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 00:10:55 C:\Windows\Tasks\User_Feed_Synchronization-{4A322068-0DD0-40F9-A585-52DB6EEF200B}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://www.gmer.net/)
Rootkit scan 2008-03-20 19:21:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\hp\kbd\kbd.exe
.
************************************************** ************************
.
Completion time: 2008-03-20 19:23:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 00:23:29

The earthlink listings we assume are ones put in place when she had computer in a shop, he used earthlink.

HELP!!!!!!!
Blue screens continue. Have pretty much determined these are not however, BSOD's, but REBOOTING of the computer.
No errors showing in event log at time of shutdown. Always about 30 minutes prior to these though are Warnings showing in event viewer which state;
Tcpip 4227
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Then right after this happens these will show in event viewer;
Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: Sharons-PC
Description:
Audit events have been dropped by the transport. The real time backup file was corrupt due to improper shutdown.

This only happens online. 99% of the time while trying to view a photo of some kind...google images, photo on websites, etc.
Had her turn off Windows Defender and things worked for awhile. Only because I had problems with Defender seeming to slow things on my computer. Found several threads last night concerning Vista Firewall and dial-up...so today had her temporarily turn off Vista Firewall.
Her dial-up is terrible so think culprit probably lies there but I am at a total loss now. Everything relating to connections other than dial up on the computer are turned off. I am at a total loss. HELP!!!!!

Honestly Judy, I"m not sure what else to tell you.

At this point, it's starting to sound like something possibly hardware related. What exactly I can't say. Could be a bad modem, bad integrated graphics, bad chipset/mobo...I don't know. But it looks like you've covered EVERYTHING in regards to software.......wait a second.

Is there ANYWHERE that you can turn of graphics acceleration?

Not sure on Vista. Will have her check. Can't find anywhere that this is available with Vista. Most places seem to say this is disabled on Vista...?
Here is info on her ISP Configuration...anything here look out of order? She is NOT networked to any other computer. She is on crappy dial up, phone lines have not even gone to fiber optic yet. It was suggested by somebody she try wireless but I have no or very little knowledge about this except my daughter uses it on her work laptop. Another suggestion was some sort of connection using her cellphone, which is top of the line but don't know if this can be done AND she says she cannot use her cellphone inside her house because connection is so bad.

ISP configurations...
under properties/networking

(checked) IT protocol version 4 TCP/IPV4
(unchecked) It prot. vers. 8 TCP/IPV6
(unchecked) File and Printer Sharing for MS networks
(checked) QoS Packet Scheduler
(checked) Client for MS Networks

Modem PCI Soft Data Fax Modem with Smart CP (COM3)
...................
(unchecked) under settings isp Automatically detect settings.
.....
Misc. (Incoming POP3/Outgoing SMTP servers)
Internet options/connections

ck'd: Always dial my default connection (current dialup isp)
rest unchecked...........
.....
Auto config...No checks at all.......on that page. eg Auto detect /proxy server.... nothing is checked .
.........
Advanced dial up...
Try to connect: 10 times
Redial : 5 sec.

Never disconnect if idle.
................
Under network and sharing:
PPPconnections:
Enable LCP checked
Enable software compression checked
Negotiate multi link for single link connections UNchecked
....
Under security same sector
Typical Recommended settings is checked..

No other checks...no advanced etc...

Interactive logon and scripting...no checks here either.
...............................................
Internet settings.
Internet...Med/High

Intranet Med Low

Feeds: none allowed.

Any ideas anyone?

Wanted to bring all up to date on this for one reason anyway...those of us helping her...there are three of us, one with Vista and two of us with XP, two of us on cable hook-ups, me and the Vista guy and the other XP on dial-up...all have come to the conclusion the initial problem really and truly starts with Vista and it's default connection set up which really assumes a high speed connection will be used. It is almost as if dial-up is in there only as an afterthought. The other problem is the Vista Firewall.

She is connected to the internet via dial-up, on an antiquated rural phone system...cables are still the old copper cables, not been updated to fiber optic and from what she has been able to find out, no plans in the near future to do so either. She has ONE telephone line coming into the house so when she connects to the internet she takes the ONE telephone cable from the telephone and plugs it into the computer. When she goes offline then she removes the plug from the computer and plugs the phone back in!
Here are her system specs;
Model # a1510y
HP Pavilion desk top computer, Direct X version 10.0
H/P intel R Pentium R 4
CPU 3.00 GHz 2.99 GHz
vista home basic 32 bit
22"flat screen monitor
2 GB RAM
ATI RADEON XPRESS 1100 series
ATI Technologies Inc. Driver version 8.383.0.0
All drivers and software are totally up to date...we checked them all because most people, here and the rest of us working on this, felt it to be probably a graphics issue of some kind but we have really ruled this out.
Ran Windows Memory diagnostic tool..NO issues found
Ran checkdisk/fix...nothing found or fixed.

At one time she had Norton Anti-virus but when it expired she uninstalled it and installed AVG Anti-virus, Vista Firewall, Windows Defender, Spybot, SpywareBlaster.
She had done all scans possible, online were next to impossible because blue screens would occur. All other scans came up clean. HJT showed some minor fixes needed which were done.
I had her disable all automatic updates with the exception of her AVG Anti-virus.
Blue screens she thought originally were BSOD's but then had her turn off the Automatically Restart option so she could actually see errors on the blue screen...none showed, just stayed blue and they were not the deep royal blue normally seen with these but the blue restart screen. We decided these were NOT BSOD's but shut down/restarts.

Took a look at here event viewer and virtually ALL the errors shown were from these sources, nothing else showed anywhere, maybe a couple noting her Graphics card, but driver update seemed to fix that as it had not shown since in any errors;
Source: IPRIP
Source: TCP/IP .
Source: ISATAP Adapter
Source: 6TO4 Adapter
Source: Realtek RTL8139/810x Family Fast Ethernet NIC
Source: 6TO4 Adapter
Source: Teredo Tunneling Pseudo-Interface

The three of us working on this problem for her searched for days, checked so many sites that I cannot tell you now exactly where we found this info, though it is listed on MANY sites;

The problem she and others have to do with IPv6 and the transition technologies needed for it at this time in order to transition between it and IPv4. IPv6 support is provided for in XP with SP1 and SP2, Windows Vista, Windows Server 2008, Windows Server 2003. The problem comes with the fact that in Windows Vista and Windows Server 2008 support an integrated IPv4 and IPv6 implementation known as the Next Generation TCP/IP stack and the very items which showed errors on her machine...Tunneling, ISATAP, 6to4, Teredo seem to come automatically enabled on Vista (as I said I could be wrong) but they do not allow for the fact that people on dial-up, for NOW, do not need these enabled. Her dial-up uses IPv4, as do most of them still today, and her machine was attempting to use this software that it had no use for at this time and so it would freeze, shut down, disconnect. The solution found in multiple places, finally, was to do exactly as was recommended here...disable all this stuff. We had her disable all of the above ALONG with the LAN connection which was enabled by DEFAULT on Vista Machine, or by the tech she had look at and update the machine the first week of Jan this year and then maybe forgot to disable. At any rate had her disable it also.

She sailed along for several days and then again another shut down/restart. This time was another TCP/IP error, but that was the ONLY one.
Did more searching and found multiple posts...somewhere...concerning this error, Vista Dial up AND the Vista Firewall. Recommendations, turn off the Vista Firewall. Go with no firewall for several days and see the results. The reason we found for this is the following;

Almost the entire Vista system is built on the supposition that all users are going to be using high speed internet...many of these settings come on the OS all ready enabled, we have all ready found that out and disabled those which only apply to high speed.

Vista Firewall applies a different security profile depending on the type of set up you work with. For example, selecting home as your location applies the private profile to your firewall settings. It also comes preset with "umpteen" rules all ready set up. Messing with those can be a pain in the backside UNLESS you know what you are doing, frankly I didin't and she certainly didn't. Changing one of those rules incorrectly can make a mess of things, at least from all I have been able to find. One rule I have found noted on many sites while trying to find correct configurations is the fact that the way this outbound setting is set it CAN cause problems with dial up so recommendation was disable. So in addition to the other items to disable we had her turn this off too. Also had her turn off Windows Defender too as had found several posts noting Vista people with dial up having problems with it running in the back ground.

Then had her run combofix, frankly for the heck of it, didn't think it would show much. Didn't really except for remainders of some Norton stuff and had her run Norton removal tool and all of that is gone now.
Had her do all of this on March 19th. Both firewall and defender are turned off still...will comment on that later.
She sailed along pretty good until March 28 when she had one more shutdown/restart. No info whatsoever in event log other than it happened unexpectedly.

Somebody suggested maybe an auto update from MS could have brought much of this on....so we began to look at those which she got just before these shutdowns...all of those were installed by the tech she had look the machine over since she is on dial up and updates took so long, plus this is when she wanted to go from Norton to AVG and asked him to do that and do any updates since he uses a high speed connection....
Anyway, her first shutdown/restart occurred on January 16, 2008.
The day after she brought the computer home...with all that LAN stuff still enabled by either Vista default or the tech and 3 days after he installed the following updates which myself and the other two guys thoroughly researched and comments added are OURS;

KB942615>>>multiple problems noted with this update...difficulty surfing, IE crashes. Uninstalls corrected problems

KB942624>>>for people that work binary and it is how the trace the message packets they send and receive it has to do with working with Servers You DO NOT do this.

KB935509>>>doesn't apply to her version of Vista

KB941644>>>mainly for those on DSL. If she is lucky enough ever to get DSL then she can easily reinstall it.

KB943411>>>thus far not many problems with it but huge numbers had problems even installing it and decided not to do so and are doing fine without it. So there is some sort of problem with it.

KB943078>>>this has to do with the Vista Sidebar. Supposedly makes it more secure.Not needed and remember, Sidebar can be a resource hog for those on dial-up and should be turned off.

We had her uninstall all of the above. Her Vista firewall and Windows Defender background scanning are also turned off (decided to hold off on having her turn these back on mainly because she IS using only one phone line, either on the computer or on the phone but never left in the computer) and thus far she has not had anymore shutdown/restarts. She is viewing graphics without difficulty and generally surfing around, using multiple tabs in IE 7 and having no problems....fingers crossed here.
All her spybot, defender and AVG scans are clean.
Any suggestions? Especially concerning firewall and Windows Defender?
Judy