Since the BSOD comes 30-45 seconds after logging in, I imagined the Zonelabs A/V might be catching something as it started up. In SAFE mode, I set the ZLclient to not be enabled in start up, but it BSODed. Same when I turned off both Truevector and ZoneAlarm, too. Ran Malwarebytes in SAFE mode. It found "Crypt.disabled" and I ran Malwarebytes again after that clean. XP came up and posted "serious" error recovery windows asking if I wanted to send reports to Microsoft...I said yes and it tried but the dump records were corrupt and it failed to send them. Somehow, it finally did another BSOD...I think something I did tried to start Crypt Services again. So, I went into SAFE and in MSCONFIG disabled system services. Similar recovery error messages and corrupt MS dump send messages. Left the system up until it finally hibernated. Used MSCONFIG to isolate the Crypto Service...if I DISABLE the Crypto Service (in Services) it will come up again. In the lamed reboot, I ran MalwareBytes DEEP scan and it finished and hibernated. Restarted, logged in and it had found "Disabled.Crypt" again...blasted that and before rebooting, tried enabling all the NON-MS services in MSCONFIG (selective restart). BSOD and the "System has recovered from a serious error..." and the corrupted error reports again. MalwareByes again found Disabled.Crypt.
In SAFE mode I ran SFC (MS System Files Checker to restore unsigned or changed system files) and it completed without asking for the CD or reporting any "bad" files. With Crypt Service DISABLED, the Selective boot let me realize that Zone Alarm was looking like it started, but actually the user interface was hung starting up. This was because Crypto Services were disabled, of course. I uninstalled Zone Alarm and reinstalled Zone Alarm. On reboot the Crypto Service had been set back to MANUAL startup and it started and BSODed again.
HOWEVER, if I can get the selective boot to get up without starting Crypt Services (with them set to DISABLED in the Services panel), it seems like whatever is killing Zone Alarm is bypassed...whatever it is seems like it is being started under the "SVCHOST.EXE" process at the reboot when Crypt Services aren't DISABLED. Also, though, it appears that something else might be able to kick it off and cause the BSOD after it has been running a while, but I don't know what.
I've downloaded and run a huge bunch of scan tools...MalwareBytes, SuperAntiSpyware, EmsiSoftEmergencyKit, SpywareBlaster, HitmanPro and more without catching this sleazy bug and am ALMOST willing to give up and reformat and install XP and the bazillion updates and applications all over again.
Is anyone willing to guide this very, very weary Internet victim in ONE LAST DITCH EFFORT?
Thanks for reading this...and for your help should you feel like you've got a clue from this saga.
Edited by hamluis, 28 June 2011 - 05:36 PM.
Moved from XP to Malware Removal Logs.