Solved Malware problem maybe more?

[billyd]

OTL Extras logfile created on: 5/18/2012 3:51:28 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\William\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.12% Memory free
6.21 Gb Paging File | 4.99 Gb Available in Paging File | 80.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 41.77 Gb Free Space | 29.65% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0890EA9F-6379-42ED-83FE-252307EB25C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{19B1F53A-4C2B-4B05-A8F9-C01C57374912}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3FA29CAE-30C3-48CC-888F-0528C6DAFB4F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{78B30951-9219-4D6D-ADDC-D45F272DB43D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{825DFAD3-92C2-4E80-9C04-2935A41F4E42}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A622C1C9-7AD5-4AE3-8BB5-CAF1F8A7B4DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A93B931E-A9D1-429C-8BBA-AA544C8F3B84}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CF12188E-6551-43C6-A6DD-D2F20C5ECA7B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EB37A1DC-E0E4-48F1-95A9-76426126E514}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F264D194-6520-4551-BF81-84C41C8AC897}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{33DC7EE8-2F4A-4A23-93CF-A19377FD548D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{626D6EB2-D438-4AFD-9318-250A2408CDBC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{689C5BBF-3BE2-4612-8682-0E5F6015808B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{6E66C14B-51A4-4B75-9D24-2E70DA64396F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{944DA429-F871-4212-B4AA-9AD910270FBF}" = protocol=6 | dir=in | app=c:\windows\system32\dlbacoms.exe |
"{B8580AB8-8A18-4F3A-BD2D-5510F0592E93}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6F18879-72E8-41C0-8DFF-A420B945FFAA}" = protocol=17 | dir=in | app=c:\windows\system32\dlbacoms.exe |
"TCP Query User{D4C11919-9DB6-412B-B04F-C1A940265583}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
"UDP Query User{A154D613-702A-402A-9B02-E684127B99DA}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65C0F43C-5F3B-4AB5-BFC9-ABA1C8F4AA7D}" = TurboTax 2011 wohiper
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B5FDFDC4-F992-4E44-BF59-A693FA2CFD14}" = Turbo Tourney 2012
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AirXonix_is1" = AirXonix version 1.40
"AnyDVD" = AnyDVD
"Ball Breaker 3D" = Ball Breaker 3D
"BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
"BFGC" = Big Fish Games: Game Manager
"BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
"BFG-Sherlock Holmes and the Hound of the Baskervilles" = Sherlock Holmes and the Hound of the Baskervilles
"BFG-Temple of Life - The legend of Four Elements Collector's Edition" = Temple of Life: The Legend of Four Elements Collector's Edition
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"Defraggler" = Defraggler
"DivX Setup" = DivX Setup
"DVDFab 8 Qt RePack DMT_is1" = DVDFab 8.1.5.9 (20/01/2012) Qt
"DX-Ball 2 v1.25" = DX-Ball 2 v1.25
"Elven Mists" = Elven Mists
"Foxit Reader_is1" = Foxit Reader 5.1
"FrostWire 5" = FrostWire 5.3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"QuickPar" = QuickPar 0.9
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"TeamViewer 4" = TeamViewer 4
"Treasure Island 2" = Treasure Island 2
"TurboTax 2011" = TurboTax 2011
"UKGplayer" = SCREENSEVEN GAME CENTER
"WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.7.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wonderlines" = Wonderlines

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1815498000-2833343681-1250068786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[billyd]

computer seems to be runnung much better so far thanks!

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk9AF1.tmp -- (netbt)
  DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\98925466.sys -- (70080763)
  IE - HKU\S-1-5-21-1815498000-2833343681-1250068786-1000\..\URLSearchHook: - No CLSID value found
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O3 - HKU\S-1-5-21-1815498000-2833343681-1250068786-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  @Alternate Data Stream - 921 bytes -> C:\Users\William\Desktop\Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty
  @Alternate Data Stream - 921 bytes -> C:\Users\William\Desktop\#1Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty
  @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:025DF3DE
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:E6C6EB3B
  @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:3B454A5C
  @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:206470A5
  @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AFC732F7
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

• Disable your Antivirus program.
• Checkmark I have read and accepted the license terms.
• Click on Run Check button.
• Quick scan (recommended) option will come pre-checked. Don't change it.
• Click on Start button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.

 

[billyd]

All processes killed
========== OTL ==========
Service netbt stopped successfully!
Service netbt deleted successfully!
File system32\drivers\tsk9AF1.tmp not found.
Service 70080763 stopped successfully!
Service 70080763 deleted successfully!
File system32\drivers\98925466.sys not found.
Registry value HKEY_USERS\S-1-5-21-1815498000-2833343681-1250068786-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1815498000-2833343681-1250068786-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
ADS C:\Users\William\Desktop\Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty deleted successfully.
ADS C:\Users\William\Desktop\#1Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:025DF3DE deleted successfully.
ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
ADS C:\ProgramData\TEMP:3B454A5C deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:AFC732F7 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: William
->Temp folder emptied: 2206878 bytes
->Temporary Internet Files folder emptied: 1374369833 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43808800 bytes
->Google Chrome cache emptied: 10998590 bytes
->Flash cache emptied: 36242 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 44544 bytes
Windows Temp folder emptied: 8940 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 178439637 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 740 bytes
RecycleBin emptied: 6431195945 bytes

Total Files Cleaned = 7,669.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05192012_122015
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

 

[billyd]

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Smart Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

 

[billyd]

Farbar Service Scanner Version: 17-05-2012
Ran by William (administrator) on 19-05-2012 at 12:36:34
Running from "C:\Users\William\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 21:12] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

[billyd]

the F-Secure Online Scanner doesn't seem to start ? after accepting terms and clicking run check it just sits there thinking?

thanks bill

 

[Broni]

Try different browser.

 

[billyd]

[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Sunday, May 20, 2012 00:54:00 - 00:58:54[/FONT]

Computer name: WILLIAM-PC
Scanning type: Quick scan
Target: System
[FONT=Arial]No malware found[/FONT]


[FONT=Arial]Statistics[/FONT]

Scanned:

• Files: 4173
• System: 4173
• Not scanned: 0

Actions:

• Disinfected: 0
• Renamed: 0
• Deleted: 0
• Not cleaned: 0
• Submitted: 0

[FONT=Arial]Options[/FONT]

Scanning engines:

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[billyd]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: William
->Temp folder emptied: 175428034 bytes
->Temporary Internet Files folder emptied: 179993438 bytes
->Java cache emptied: 29632 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 35042759 bytes
->Flash cache emptied: 4953 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1180 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 372.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05202012_132321
Files\Folders moved on Reboot...
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN3ZEZVF\bizo_multi[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EE10DR7\918[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EE10DR7\net[2].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H3HAAE5\PugTracker[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\dpsync[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\dpsync[2].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\dpsync[3].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\partner[1].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\partner[2].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\partner[3].htm moved successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0Z0JQAEY\up[1].htm moved successfully.
Registry entries deleted on Reboot...

 

[billyd]

computer seems pretty good ! the only other problem I was having before was system crashes ! they started happening around 3/1/2012 Right after I in stalled panda antivirus! happened quite a bit for about a month . slowed down after that ! changed to eset smart security , & still was getting one intermitently! had one a couple days ago in the middle of our cleaning process? do you think this was being caused by the malware or another problem? if I can figure out how to post one of the mini dumps I can if you want


anyways thanks for all your help so far

 

[Broni]

Let's see...

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

[billyd]

it shows 31 crashes since early april you want the last one ?

 

[Broni]

I want all of them.

 

[billyd]

==================================================
Dump File : Mini051912-01.dmp
Crash Time : 5/19/2012 2:39:38 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x76a00000
Parameter 3 : 0xc080333c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+94980
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+94980
Stack Address 1 : ntkrnlpa.exe+9312c
Stack Address 2 : ntkrnlpa.exe+218b0f
Stack Address 3 : ntkrnlpa.exe+218f97
Computer Name :
Full Path : C:\Windows\Minidump\Mini051912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051712-01.dmp
Crash Time : 5/17/2012 5:54:48 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a2a9156
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+9d156
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : tcpip.sys+9d156
Stack Address 2 : tcpip.sys+a498c
Stack Address 3 : tcpip.sys+72018
Computer Name :
Full Path : C:\Windows\Minidump\Mini051712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051312-02.dmp
Crash Time : 5/13/2012 2:20:51 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x889de008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5dae0
Stack Address 3 : ntkrnlpa.exe+2326ac
Computer Name :
Full Path : C:\Windows\Minidump\Mini051312-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051312-01.dmp
Crash Time : 5/13/2012 12:55:56 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x94995773
Parameter 3 : 0x81c1aaa8
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+c5773
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+c5773
Stack Address 1 : win32k.sys+12048b
Stack Address 2 : win32k.sys+12055e
Stack Address 3 : win32k.sys+7c46c
Computer Name :
Full Path : C:\Windows\Minidump\Mini051312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051212-02.dmp
Crash Time : 5/12/2012 9:13:16 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x94985773
Parameter 3 : 0xac4f4aa8
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+c5773
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+c5773
Stack Address 1 : win32k.sys+12048b
Stack Address 2 : win32k.sys+12055e
Stack Address 3 : win32k.sys+7c46c
Computer Name :
Full Path : C:\Windows\Minidump\Mini051212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051212-01.dmp
Crash Time : 5/12/2012 3:56:46 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x912af008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5dae0
Stack Address 3 : ntkrnlpa.exe+2326ac
Computer Name :
Full Path : C:\Windows\Minidump\Mini051212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051112-01.dmp
Crash Time : 5/11/2012 11:46:12 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xb0800000
Parameter 2 : 0x00000000
Parameter 3 : 0x86d287f0
Parameter 4 : 0x00000002
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98339
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98339
Stack Address 1 : ntkrnlpa.exe+4dd94
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini051112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051012-02.dmp
Crash Time : 5/10/2012 4:43:56 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xb9dc1000
Parameter 2 : 0x00000000
Parameter 3 : 0x86da97f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini051012-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051012-01.dmp
Crash Time : 5/10/2012 4:05:00 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a1bccf0
Caused By Driver : NETIO.SYS
Caused By Address : NETIO.SYS+8cf0
File Description : Network I/O Subsystem
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : NETIO.SYS+8cf0
Stack Address 2 : tcpip.sys+2deb2
Stack Address 3 : tcpip.sys+5c5cc
Computer Name :
Full Path : C:\Windows\Minidump\Mini051012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050912-01.dmp
Crash Time : 5/9/2012 9:58:04 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x8ded0008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326dc
Computer Name :
Full Path : C:\Windows\Minidump\Mini050912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050812-02.dmp
Crash Time : 5/8/2012 4:11:56 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xc055f000
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8229c199
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+83199
Stack Address 2 : ntkrnlpa.exe+82baf
Stack Address 3 : ntkrnlpa.exe+825e6
Computer Name :
Full Path : C:\Windows\Minidump\Mini050812-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050812-01.dmp
Crash Time : 5/8/2012 2:40:40 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x948f56b3
Parameter 3 : 0xb0b61a20
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+c56b3
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+c56b3
Stack Address 1 : win32k.sys+ab4dd
Stack Address 2 : win32k.sys+ab5a4
Stack Address 3 : win32k.sys+1202e2
Computer Name :
Full Path : C:\Windows\Minidump\Mini050812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050712-01.dmp
Crash Time : 5/7/2012 6:42:46 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x818b8008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326dc
Computer Name :
Full Path : C:\Windows\Minidump\Mini050712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050612-01.dmp
Crash Time : 5/6/2012 8:45:04 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00004000
Parameter 2 : 0x86b9b670
Parameter 3 : 0xffffffff
Parameter 4 : 0x0023dfed
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+b67ee
Stack Address 2 : ntkrnlpa.exe+84a6f
Stack Address 3 : ntkrnlpa.exe+83fc3
Computer Name :
Full Path : C:\Windows\Minidump\Mini050612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050512-03.dmp
Crash Time : 5/5/2012 11:56:42 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00041287
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : ntkrnlpa.exe+62133
Stack Address 3 : ntkrnlpa.exe+635c6
Computer Name :
Full Path : C:\Windows\Minidump\Mini050512-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050512-02.dmp
Crash Time : 5/5/2012 6:04:04 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x000c0859
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+10350
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : Ntfs.sys+10350
Stack Address 2 : Ntfs.sys+e9a8
Stack Address 3 : ntkrnlpa.exe+44976
Computer Name :
Full Path : C:\Windows\Minidump\Mini050512-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050512-01.dmp
Crash Time : 5/5/2012 12:19:11 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a7b7cf0
Caused By Driver : NETIO.SYS
Caused By Address : NETIO.SYS+8cf0
File Description : Network I/O Subsystem
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : NETIO.SYS+8cf0
Stack Address 2 : tcpip.sys+2deb2
Stack Address 3 : tcpip.sys+5c5cc
Computer Name :
Full Path : C:\Windows\Minidump\Mini050512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050112-01.dmp
Crash Time : 5/1/2012 1:30:14 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x80d83000
Parameter 2 : 0x00000000
Parameter 3 : 0x8743b7f0
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+b22f
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini050112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini043012-02.dmp
Crash Time : 4/30/2012 7:03:15 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x813f7008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326dc
Computer Name :
Full Path : C:\Windows\Minidump\Mini043012-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini043012-01.dmp
Crash Time : 4/30/2012 1:46:56 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x17c00000
Parameter 3 : 0xc081e4f4
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+949c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+949c0
Stack Address 1 : ntkrnlpa.exe+9316c
Stack Address 2 : ntkrnlpa.exe+218b3a
Stack Address 3 : ntkrnlpa.exe+1f5467
Computer Name :
Full Path : C:\Windows\Minidump\Mini043012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042812-01.dmp
Crash Time : 4/28/2012 4:53:20 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xac678000
Parameter 2 : 0x00000000
Parameter 3 : 0x872a07f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini042812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042612-01.dmp
Crash Time : 4/26/2012 7:11:06 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xb9f49000
Parameter 2 : 0x00000000
Parameter 3 : 0x873017f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini042612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042412-03.dmp
Crash Time : 4/24/2012 5:15:09 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xc31e7000
Parameter 2 : 0x00000000
Parameter 3 : 0x872d77f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini042412-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042412-02.dmp
Crash Time : 4/24/2012 3:48:31 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x23200000
Parameter 3 : 0xc084da8c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+949c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+949c0
Stack Address 1 : ntkrnlpa.exe+9316c
Stack Address 2 : ntkrnlpa.exe+218b3a
Stack Address 3 : ntkrnlpa.exe+1f5467
Computer Name :
Full Path : C:\Windows\Minidump\Mini042412-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042412-01.dmp
Crash Time : 4/24/2012 12:01:38 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xfe009dd8
Parameter 2 : 0x00000000
Parameter 3 : 0x822f300c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : ntkrnlpa.exe+ee00c
Stack Address 3 : win32k.sys+c8105
Computer Name :
Full Path : C:\Windows\Minidump\Mini042412-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041512-01.dmp
Crash Time : 4/15/2012 11:24:39 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xa86ac000
Parameter 2 : 0x00000000
Parameter 3 : 0x8206f536
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+770c
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : ntkrnlpa.exe+64536
Stack Address 3 : ntkrnlpa.exe+335f4
Computer Name :
Full Path : C:\Windows\Minidump\Mini041512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041212-02.dmp
Crash Time : 4/12/2012 5:56:44 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xc0804d18
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8209adab
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+60dab
Stack Address 2 : ntkrnlpa.exe+5fc45
Stack Address 3 : ntkrnlpa.exe+7a995
Computer Name :
Full Path : C:\Windows\Minidump\Mini041212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041212-01.dmp
Crash Time : 4/12/2012 2:52:35 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x0f800000
Parameter 3 : 0xc08286b0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+949c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+949c0
Stack Address 1 : ntkrnlpa.exe+9316c
Stack Address 2 : ntkrnlpa.exe+218b3a
Stack Address 3 : ntkrnlpa.exe+1f5467
Computer Name :
Full Path : C:\Windows\Minidump\Mini041212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041012-01.dmp
Crash Time : 4/10/2012 4:06:12 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00004000
Parameter 2 : 0x85da6808
Parameter 3 : 0x80000000
Parameter 4 : 0x0023dfed
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+b67ee
Stack Address 2 : ntkrnlpa.exe+84a6f
Stack Address 3 : ntkrnlpa.exe+83fc3
Computer Name :
Full Path : C:\Windows\Minidump\Mini041012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini040912-02.dmp
Crash Time : 4/9/2012 9:00:29 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0xb4637d4c
Parameter 2 : 0x00000000
Parameter 3 : 0x00000008
Parameter 4 : 0xb4637d4c
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini040912-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini040912-01.dmp
Crash Time : 4/9/2012 12:44:39 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0xa78d5008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+22e5f5
Stack Address 3 : ntkrnlpa.exe+22e457
Computer Name :
Full Path : C:\Windows\Minidump\Mini040912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

 

[billyd]

looks like most were caused by "ntkrnlpa.exe"

 

[Broni]

had one a couple days ago in the middle of our cleaning process

ntkrnlpa.exe is a system file so it's very inconclusive.
Some tools we used are rather powerful so BSOD may happen.

I'll keep this topic open.
Post back if you get some more BSODs. Hopefully not

For now I'll mark this topic as resolved.

 

[billyd]

ok had a crash today I can start a new thread but here's what I got from the bsod view program!

==================================================
Dump File : Mini052112-01.dmp
Crash Time : 5/21/2012 1:31:04 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a29e156
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+9d156
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : tcpip.sys+9d156
Stack Address 2 : tcpip.sys+a498c
Stack Address 3 : tcpip.sys+72018
Computer Name :
Full Path : C:\Windows\Minidump\Mini052112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

 

[Broni]

We'll need at least 2-3 more BSODs to see if there is any pattern there.

 

[billyd]

another today

==================================================
Dump File : Mini052212-01.dmp
Crash Time : 5/22/2012 11:39:41 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a2ac156
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+9d156
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : tcpip.sys+9d156
Stack Address 2 : tcpip.sys+a498c
Stack Address 3 : tcpip.sys+72018
Computer Name :
Full Path : C:\Windows\Minidump\Mini052212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

 

[Broni]

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Use the following settings:

• Click the NONE button
• Under Custom Scans/Fixes paste:

/md5start
tcpip.sys
/md5stop

• Finally hit Run Scan and wait for the log to open.
• Please post the content of the log into your next reply.

 

[billyd]

OTL logfile created on: 5/22/2012 4:20:11 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\William\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 45.76% Memory free
6.20 Gb Paging File | 4.38 Gb Available in Paging File | 70.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 45.68 Gb Free Space | 32.43% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2011/12/16 13:38:35 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2011/12/16 13:38:32 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2011/12/16 13:38:36 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2011/12/16 13:04:18 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2011/12/16 13:04:18 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2011/12/16 13:38:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2011/12/16 13:38:32 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/04/05 13:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010/04/05 16:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\ERDNT\cache\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2011/12/16 13:38:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
< End of report >

 

[Broni]

We'll replace tcpip.sys file with some other healthy copy and we'll see how it goes.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Windows\System32\drivers\tcpip.sys|C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys /replace
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

 

[billyd]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\tcpip.sys with C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: William
->Temp folder emptied: 18680411 bytes
->Temporary Internet Files folder emptied: 75809092 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 103679735 bytes
->Flash cache emptied: 13954 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 470387 bytes
RecycleBin emptied: 2023750855 bytes

Total Files Cleaned = 2,119.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05222012_173046
Files\Folders moved on Reboot...
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\aclk[1].htm not found!
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\page-3[2].htm not found!
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\up[1].htm not found!
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC2HMXEF\data_sync[1].htm not found!
Registry entries deleted on Reboot...