Malware problem maybe more?

Solved
By billyd
May 13, 2012
  1. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    OTL Extras logfile created on: 5/18/2012 3:51:28 AM - Run 1
    OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\William\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.12% Memory free
    6.21 Gb Paging File | 4.99 Gb Available in Paging File | 80.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.85 Gb Total Space | 41.77 Gb Free Space | 29.65% Space Free | Partition Type: NTFS
    Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

    Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0890EA9F-6379-42ED-83FE-252307EB25C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{19B1F53A-4C2B-4B05-A8F9-C01C57374912}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3FA29CAE-30C3-48CC-888F-0528C6DAFB4F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
    "{78B30951-9219-4D6D-ADDC-D45F272DB43D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{825DFAD3-92C2-4E80-9C04-2935A41F4E42}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A622C1C9-7AD5-4AE3-8BB5-CAF1F8A7B4DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A93B931E-A9D1-429C-8BBA-AA544C8F3B84}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CF12188E-6551-43C6-A6DD-D2F20C5ECA7B}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{EB37A1DC-E0E4-48F1-95A9-76426126E514}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F264D194-6520-4551-BF81-84C41C8AC897}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
    "{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
    "{33DC7EE8-2F4A-4A23-93CF-A19377FD548D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
    "{626D6EB2-D438-4AFD-9318-250A2408CDBC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{689C5BBF-3BE2-4612-8682-0E5F6015808B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
    "{6E66C14B-51A4-4B75-9D24-2E70DA64396F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{944DA429-F871-4212-B4AA-9AD910270FBF}" = protocol=6 | dir=in | app=c:\windows\system32\dlbacoms.exe |
    "{B8580AB8-8A18-4F3A-BD2D-5510F0592E93}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F6F18879-72E8-41C0-8DFF-A420B945FFAA}" = protocol=17 | dir=in | app=c:\windows\system32\dlbacoms.exe |
    "TCP Query User{D4C11919-9DB6-412B-B04F-C1A940265583}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
    "UDP Query User{A154D613-702A-402A-9B02-E684127B99DA}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
    "{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
    "{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65C0F43C-5F3B-4AB5-BFC9-ABA1C8F4AA7D}" = TurboTax 2011 wohiper
    "{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B5FDFDC4-F992-4E44-BF59-A693FA2CFD14}" = Turbo Tourney 2012
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AirXonix_is1" = AirXonix version 1.40
    "AnyDVD" = AnyDVD
    "Ball Breaker 3D" = Ball Breaker 3D
    "BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
    "BFG-Sherlock Holmes and the Hound of the Baskervilles" = Sherlock Holmes and the Hound of the Baskervilles
    "BFG-Temple of Life - The legend of Four Elements Collector's Edition" = Temple of Life: The Legend of Four Elements Collector's Edition
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CCleaner" = CCleaner
    "CleanUp!" = CleanUp!
    "CloneDVD2" = CloneDVD2
    "Defraggler" = Defraggler
    "DivX Setup" = DivX Setup
    "DVDFab 8 Qt RePack DMT_is1" = DVDFab 8.1.5.9 (20/01/2012) Qt
    "DX-Ball 2 v1.25" = DX-Ball 2 v1.25
    "Elven Mists" = Elven Mists
    "Foxit Reader_is1" = Foxit Reader 5.1
    "FrostWire 5" = FrostWire 5.3.2
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ImgBurn" = ImgBurn
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Standard)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "QuickPar" = QuickPar 0.9
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "TeamViewer 4" = TeamViewer 4
    "Treasure Island 2" = Treasure Island 2
    "TurboTax 2011" = TurboTax 2011
    "UKGplayer" = SCREENSEVEN GAME CENTER
    "WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.7.5
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Wonderlines" = Wonderlines

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1815498000-2833343681-1250068786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  2. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    computer seems to be runnung much better so far thanks!
  3. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk9AF1.tmp -- (netbt)
      DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\98925466.sys -- (70080763)
      IE - HKU\S-1-5-21-1815498000-2833343681-1250068786-1000\..\URLSearchHook: - No CLSID value found
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-1815498000-2833343681-1250068786-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      @Alternate Data Stream - 921 bytes -> C:\Users\William\Desktop\Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty
      @Alternate Data Stream - 921 bytes -> C:\Users\William\Desktop\#1Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty
      @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:025DF3DE
      @Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:E6C6EB3B
      @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:3B454A5C
      @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:206470A5
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AFC732F7
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  4. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    All processes killed
    ========== OTL ==========
    Service netbt stopped successfully!
    Service netbt deleted successfully!
    File system32\drivers\tsk9AF1.tmp not found.
    Service 70080763 stopped successfully!
    Service 70080763 deleted successfully!
    File system32\drivers\98925466.sys not found.
    Registry value HKEY_USERS\S-1-5-21-1815498000-2833343681-1250068786-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1815498000-2833343681-1250068786-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    ADS C:\Users\William\Desktop\Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty deleted successfully.
    ADS C:\Users\William\Desktop\#1Panda Security #PS# - Case number_ 03349629.eml:OECustomProperty deleted successfully.
    ADS C:\ProgramData\TEMP:025DF3DE deleted successfully.
    ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
    ADS C:\ProgramData\TEMP:3B454A5C deleted successfully.
    ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
    ADS C:\ProgramData\TEMP:AFC732F7 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: William
    ->Temp folder emptied: 2206878 bytes
    ->Temporary Internet Files folder emptied: 1374369833 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43808800 bytes
    ->Google Chrome cache emptied: 10998590 bytes
    ->Flash cache emptied: 36242 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 44544 bytes
    Windows Temp folder emptied: 8940 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 178439637 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 740 bytes
    RecycleBin emptied: 6431195945 bytes

    Total Files Cleaned = 7,669.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: William
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: William
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.43.0 log created on 05192012_122015
    Files\Folders moved on Reboot...
    Registry entries deleted on Reboot...
  5. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Smart Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner
    Java(TM) 6 Update 31
    Adobe Flash Player 11.2.202.235
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
  6. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Farbar Service Scanner Version: 17-05-2012
    Ran by William (administrator) on 19-05-2012 at 12:36:34
    Running from "C:\Users\William\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-05-10 21:12] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  7. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    the F-Secure Online Scanner doesn't seem to start ? after accepting terms and clicking run check it just sits there thinking?

    thanks bill
  8. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Try different browser.
  9. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    Scanning Report

    Sunday, May 20, 2012 00:54:00 - 00:58:54

    Computer name: WILLIAM-PC
    Scanning type: Quick scan
    Target: System
    No malware found


    Statistics

    Scanned:
    • Files: 4173
    • System: 4173
    • Not scanned: 0
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Options

    Scanning engines:
  10. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  11. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: William
    ->Temp folder emptied: 175428034 bytes
    ->Temporary Internet Files folder emptied: 179993438 bytes
    ->Java cache emptied: 29632 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 35042759 bytes
    ->Flash cache emptied: 4953 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1180 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 372.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: William
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: William
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.43.0 log created on 05202012_132321
    Files\Folders moved on Reboot...
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN3ZEZVF\bizo_multi[1].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EE10DR7\918[1].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EE10DR7\net[2].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H3HAAE5\PugTracker[1].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\dpsync[1].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\dpsync[2].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\dpsync[3].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\partner[1].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\partner[2].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57MS0C3J\partner[3].htm moved successfully.
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0Z0JQAEY\up[1].htm moved successfully.
    Registry entries deleted on Reboot...
     
  12. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    computer seems pretty good ! the only other problem I was having before was system crashes ! they started happening around 3/1/2012 Right after I in stalled panda antivirus! happened quite a bit for about a month . slowed down after that ! changed to eset smart security , & still was getting one intermitently! had one a couple days ago in the middle of our cleaning process? do you think this was being caused by the malware or another problem? if I can figure out how to post one of the mini dumps I can if you want:)


    anyways thanks for all your help so far :D
  13. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Let's see...

    Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
  14. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    it shows 31 crashes since early april you want the last one ?
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    I want all of them.
  16. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    ==================================================
    Dump File : Mini051912-01.dmp
    Crash Time : 5/19/2012 2:39:38 AM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00003452
    Parameter 2 : 0x76a00000
    Parameter 3 : 0xc080333c
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+94980
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+94980
    Stack Address 1 : ntkrnlpa.exe+9312c
    Stack Address 2 : ntkrnlpa.exe+218b0f
    Stack Address 3 : ntkrnlpa.exe+218f97
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051912-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051712-01.dmp
    Crash Time : 5/17/2012 5:54:48 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000014
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8a2a9156
    Caused By Driver : tcpip.sys
    Caused By Address : tcpip.sys+9d156
    File Description : TCP/IP Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4df99
    Stack Address 1 : tcpip.sys+9d156
    Stack Address 2 : tcpip.sys+a498c
    Stack Address 3 : tcpip.sys+72018
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051712-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051312-02.dmp
    Crash Time : 5/13/2012 2:20:51 PM
    Bug Check String : BAD_POOL_CALLER
    Bug Check Code : 0x000000c2
    Parameter 1 : 0x00000007
    Parameter 2 : 0x0000110b
    Parameter 3 : 0x00000000
    Parameter 4 : 0x889de008
    Caused By Driver : fltmgr.sys
    Caused By Address : fltmgr.sys+5205
    File Description : Microsoft Filesystem Filter Manager
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdabf
    Stack Address 1 : ntkrnlpa.exe+ed184
    Stack Address 2 : ntkrnlpa.exe+5dae0
    Stack Address 3 : ntkrnlpa.exe+2326ac
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051312-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051312-01.dmp
    Crash Time : 5/13/2012 12:55:56 PM
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x94995773
    Parameter 3 : 0x81c1aaa8
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+c5773
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : win32k.sys+c5773
    Stack Address 1 : win32k.sys+12048b
    Stack Address 2 : win32k.sys+12055e
    Stack Address 3 : win32k.sys+7c46c
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051312-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051212-02.dmp
    Crash Time : 5/12/2012 9:13:16 PM
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x94985773
    Parameter 3 : 0xac4f4aa8
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+c5773
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : win32k.sys+c5773
    Stack Address 1 : win32k.sys+12048b
    Stack Address 2 : win32k.sys+12055e
    Stack Address 3 : win32k.sys+7c46c
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051212-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051212-01.dmp
    Crash Time : 5/12/2012 3:56:46 AM
    Bug Check String : BAD_POOL_CALLER
    Bug Check Code : 0x000000c2
    Parameter 1 : 0x00000007
    Parameter 2 : 0x0000110b
    Parameter 3 : 0x00000000
    Parameter 4 : 0x912af008
    Caused By Driver : fltmgr.sys
    Caused By Address : fltmgr.sys+5205
    File Description : Microsoft Filesystem Filter Manager
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdabf
    Stack Address 1 : ntkrnlpa.exe+ed184
    Stack Address 2 : ntkrnlpa.exe+5dae0
    Stack Address 3 : ntkrnlpa.exe+2326ac
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051212-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051112-01.dmp
    Crash Time : 5/11/2012 11:46:12 AM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xb0800000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x86d287f0
    Parameter 4 : 0x00000002
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98339
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98339
    Stack Address 1 : ntkrnlpa.exe+4dd94
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051112-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051012-02.dmp
    Crash Time : 5/10/2012 4:43:56 AM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xb9dc1000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x86da97f0
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98379
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051012-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini051012-01.dmp
    Crash Time : 5/10/2012 4:05:00 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000014
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8a1bccf0
    Caused By Driver : NETIO.SYS
    Caused By Address : NETIO.SYS+8cf0
    File Description : Network I/O Subsystem
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4dfd9
    Stack Address 1 : NETIO.SYS+8cf0
    Stack Address 2 : tcpip.sys+2deb2
    Stack Address 3 : tcpip.sys+5c5cc
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini051012-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050912-01.dmp
    Crash Time : 5/9/2012 9:58:04 AM
    Bug Check String : BAD_POOL_CALLER
    Bug Check Code : 0x000000c2
    Parameter 1 : 0x00000007
    Parameter 2 : 0x0000110b
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8ded0008
    Caused By Driver : fltmgr.sys
    Caused By Address : fltmgr.sys+5205
    File Description : Microsoft Filesystem Filter Manager
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+ed184
    Stack Address 2 : ntkrnlpa.exe+5db20
    Stack Address 3 : ntkrnlpa.exe+2326dc
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050912-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050812-02.dmp
    Crash Time : 5/8/2012 4:11:56 PM
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 0xc055f000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8229c199
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+4dfd9
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4dfd9
    Stack Address 1 : ntkrnlpa.exe+83199
    Stack Address 2 : ntkrnlpa.exe+82baf
    Stack Address 3 : ntkrnlpa.exe+825e6
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050812-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050812-01.dmp
    Crash Time : 5/8/2012 2:40:40 PM
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x948f56b3
    Parameter 3 : 0xb0b61a20
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+c56b3
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : win32k.sys+c56b3
    Stack Address 1 : win32k.sys+ab4dd
    Stack Address 2 : win32k.sys+ab5a4
    Stack Address 3 : win32k.sys+1202e2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050812-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050712-01.dmp
    Crash Time : 5/7/2012 6:42:46 PM
    Bug Check String : BAD_POOL_CALLER
    Bug Check Code : 0x000000c2
    Parameter 1 : 0x00000007
    Parameter 2 : 0x0000110b
    Parameter 3 : 0x00000000
    Parameter 4 : 0x818b8008
    Caused By Driver : fltmgr.sys
    Caused By Address : fltmgr.sys+5205
    File Description : Microsoft Filesystem Filter Manager
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+ed184
    Stack Address 2 : ntkrnlpa.exe+5db20
    Stack Address 3 : ntkrnlpa.exe+2326dc
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050712-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050612-01.dmp
    Crash Time : 5/6/2012 8:45:04 AM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00004000
    Parameter 2 : 0x86b9b670
    Parameter 3 : 0xffffffff
    Parameter 4 : 0x0023dfed
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+cdb3f
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+b67ee
    Stack Address 2 : ntkrnlpa.exe+84a6f
    Stack Address 3 : ntkrnlpa.exe+83fc3
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050612-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050512-03.dmp
    Crash Time : 5/5/2012 11:56:42 PM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00041287
    Parameter 2 : 0x00000000
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 : ntkrnlpa.exe+62133
    Stack Address 3 : ntkrnlpa.exe+635c6
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050512-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050512-02.dmp
    Crash Time : 5/5/2012 6:04:04 PM
    Bug Check String : NTFS_FILE_SYSTEM
    Bug Check Code : 0x00000024
    Parameter 1 : 0x000c0859
    Parameter 2 : 0x00000000
    Parameter 3 : 0x00000000
    Parameter 4 : 0x00000000
    Caused By Driver : Ntfs.sys
    Caused By Address : Ntfs.sys+10350
    File Description : NT File System Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : Ntfs.sys+10350
    Stack Address 2 : Ntfs.sys+e9a8
    Stack Address 3 : ntkrnlpa.exe+44976
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050512-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050512-01.dmp
    Crash Time : 5/5/2012 12:19:11 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000014
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8a7b7cf0
    Caused By Driver : NETIO.SYS
    Caused By Address : NETIO.SYS+8cf0
    File Description : Network I/O Subsystem
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4dfd9
    Stack Address 1 : NETIO.SYS+8cf0
    Stack Address 2 : tcpip.sys+2deb2
    Stack Address 3 : tcpip.sys+5c5cc
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050512-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini050112-01.dmp
    Crash Time : 5/1/2012 1:30:14 AM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0x80d83000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x8743b7f0
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+b22f
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini050112-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini043012-02.dmp
    Crash Time : 4/30/2012 7:03:15 PM
    Bug Check String : BAD_POOL_CALLER
    Bug Check Code : 0x000000c2
    Parameter 1 : 0x00000007
    Parameter 2 : 0x0000110b
    Parameter 3 : 0x00000000
    Parameter 4 : 0x813f7008
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+cdb3f
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+ed184
    Stack Address 2 : ntkrnlpa.exe+5db20
    Stack Address 3 : ntkrnlpa.exe+2326dc
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini043012-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini043012-01.dmp
    Crash Time : 4/30/2012 1:46:56 AM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00003452
    Parameter 2 : 0x17c00000
    Parameter 3 : 0xc081e4f4
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+949c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+949c0
    Stack Address 1 : ntkrnlpa.exe+9316c
    Stack Address 2 : ntkrnlpa.exe+218b3a
    Stack Address 3 : ntkrnlpa.exe+1f5467
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini043012-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini042812-01.dmp
    Crash Time : 4/28/2012 4:53:20 AM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xac678000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x872a07f0
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98379
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini042812-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini042612-01.dmp
    Crash Time : 4/26/2012 7:11:06 AM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xb9f49000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x873017f0
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98379
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini042612-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini042412-03.dmp
    Crash Time : 4/24/2012 5:15:09 PM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xc31e7000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x872d77f0
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98379
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini042412-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini042412-02.dmp
    Crash Time : 4/24/2012 3:48:31 AM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00003452
    Parameter 2 : 0x23200000
    Parameter 3 : 0xc084da8c
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+949c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+949c0
    Stack Address 1 : ntkrnlpa.exe+9316c
    Stack Address 2 : ntkrnlpa.exe+218b3a
    Stack Address 3 : ntkrnlpa.exe+1f5467
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini042412-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini042412-01.dmp
    Crash Time : 4/24/2012 12:01:38 AM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xfe009dd8
    Parameter 2 : 0x00000000
    Parameter 3 : 0x822f300c
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98379
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 : ntkrnlpa.exe+ee00c
    Stack Address 3 : win32k.sys+c8105
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini042412-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini041512-01.dmp
    Crash Time : 4/15/2012 11:24:39 PM
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xa86ac000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x8206f536
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+770c
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98379
    Stack Address 1 : ntkrnlpa.exe+4ddd4
    Stack Address 2 : ntkrnlpa.exe+64536
    Stack Address 3 : ntkrnlpa.exe+335f4
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini041512-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini041212-02.dmp
    Crash Time : 4/12/2012 5:56:44 PM
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 0xc0804d18
    Parameter 2 : 0x00000000
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8209adab
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+4dfd9
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4dfd9
    Stack Address 1 : ntkrnlpa.exe+60dab
    Stack Address 2 : ntkrnlpa.exe+5fc45
    Stack Address 3 : ntkrnlpa.exe+7a995
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini041212-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini041212-01.dmp
    Crash Time : 4/12/2012 2:52:35 PM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00003452
    Parameter 2 : 0x0f800000
    Parameter 3 : 0xc08286b0
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+949c0
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+949c0
    Stack Address 1 : ntkrnlpa.exe+9316c
    Stack Address 2 : ntkrnlpa.exe+218b3a
    Stack Address 3 : ntkrnlpa.exe+1f5467
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini041212-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini041012-01.dmp
    Crash Time : 4/10/2012 4:06:12 PM
    Bug Check String : MEMORY_MANAGEMENT
    Bug Check Code : 0x0000001a
    Parameter 1 : 0x00004000
    Parameter 2 : 0x85da6808
    Parameter 3 : 0x80000000
    Parameter 4 : 0x0023dfed
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+cdb3f
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+b67ee
    Stack Address 2 : ntkrnlpa.exe+84a6f
    Stack Address 3 : ntkrnlpa.exe+83fc3
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini041012-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini040912-02.dmp
    Crash Time : 4/9/2012 9:00:29 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0xb4637d4c
    Parameter 2 : 0x00000000
    Parameter 3 : 0x00000008
    Parameter 4 : 0xb4637d4c
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+4dfd9
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4dfd9
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini040912-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
    ==================================================
    Dump File : Mini040912-01.dmp
    Crash Time : 4/9/2012 12:44:39 AM
    Bug Check String : BAD_POOL_CALLER
    Bug Check Code : 0x000000c2
    Parameter 1 : 0x00000007
    Parameter 2 : 0x0000110b
    Parameter 3 : 0x00000000
    Parameter 4 : 0xa78d5008
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+cdb3f
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+ed184
    Stack Address 2 : ntkrnlpa.exe+22e5f5
    Stack Address 3 : ntkrnlpa.exe+22e457
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini040912-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
  17. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    looks like most were caused by "ntkrnlpa.exe"
  18. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    ntkrnlpa.exe is a system file so it's very inconclusive.
    Some tools we used are rather powerful so BSOD may happen.

    I'll keep this topic open.
    Post back if you get some more BSODs. Hopefully not :)

    For now I'll mark this topic as resolved.
  19. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    ok had a crash today I can start a new thread but here's what I got from the bsod view program!

    ==================================================
    Dump File : Mini052112-01.dmp
    Crash Time : 5/21/2012 1:31:04 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000014
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8a29e156
    Caused By Driver : tcpip.sys
    Caused By Address : tcpip.sys+9d156
    File Description : TCP/IP Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4df99
    Stack Address 1 : tcpip.sys+9d156
    Stack Address 2 : tcpip.sys+a498c
    Stack Address 3 : tcpip.sys+72018
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052112-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
  20. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    We'll need at least 2-3 more BSODs to see if there is any pattern there.
  21. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    another today

    ==================================================
    Dump File : Mini052212-01.dmp
    Crash Time : 5/22/2012 11:39:41 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 0x00000014
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000000
    Parameter 4 : 0x8a2ac156
    Caused By Driver : tcpip.sys
    Caused By Address : tcpip.sys+9d156
    File Description : TCP/IP Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+4df99
    Stack Address 1 : tcpip.sys+9d156
    Stack Address 2 : tcpip.sys+a498c
    Stack Address 3 : tcpip.sys+72018
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052212-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139,176
    ==================================================
  22. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download OTL to your Desktop.

    Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Use the following settings:

    • Click the NONE button
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
    tcpip.sys
    /md5stop
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
  23. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    OTL logfile created on: 5/22/2012 4:20:11 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\William\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 45.76% Memory free
    6.20 Gb Paging File | 4.38 Gb Available in Paging File | 70.57% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.85 Gb Total Space | 45.68 Gb Free Space | 32.43% Space Free | Partition Type: NTFS
    Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

    Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < MD5 for: TCPIP.SYS >
    [2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
    [2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
    [2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
    [2011/12/16 13:38:35 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
    [2011/12/16 13:38:32 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
    [2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
    [2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
    [2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
    [2011/12/16 13:38:36 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
    [2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
    [2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
    [2011/12/16 13:04:18 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
    [2011/12/16 13:04:18 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
    [2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
    [2011/12/16 13:38:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
    [2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
    [2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
    [2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
    [2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
    [2011/12/16 13:38:32 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
    [2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
    [2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
    [2010/04/05 13:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
    [2010/04/05 16:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
    [2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
    [2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
    [2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\ERDNT\cache\tcpip.sys
    [2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
    [2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
    [2008/01/19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
    [2011/12/16 13:38:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    We'll replace tcpip.sys file with some other healthy copy and we'll see how it goes.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Windows\System32\drivers\tcpip.sys|C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys /replace
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  25. billyd

    billyd Newcomer, in training Topic Starter Posts: 60

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    Unable to replace file: C:\Windows\System32\drivers\tcpip.sys with C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys without a reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: William
    ->Temp folder emptied: 18680411 bytes
    ->Temporary Internet Files folder emptied: 75809092 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 103679735 bytes
    ->Flash cache emptied: 13954 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 470387 bytes
    RecycleBin emptied: 2023750855 bytes

    Total Files Cleaned = 2,119.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: William
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: William
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.43.1 log created on 05222012_173046
    Files\Folders moved on Reboot...
    C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\aclk[1].htm not found!
    File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\page-3[2].htm not found!
    File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\up[1].htm not found!
    File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC2HMXEF\data_sync[1].htm not found!
    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.