Malware problem maybe more?

==================================================
Dump File : Mini051912-01.dmp
Crash Time : 5/19/2012 2:39:38 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x76a00000
Parameter 3 : 0xc080333c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+94980
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+94980
Stack Address 1 : ntkrnlpa.exe+9312c
Stack Address 2 : ntkrnlpa.exe+218b0f
Stack Address 3 : ntkrnlpa.exe+218f97
Computer Name :
Full Path : C:\Windows\Minidump\Mini051912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051712-01.dmp
Crash Time : 5/17/2012 5:54:48 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a2a9156
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+9d156
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : tcpip.sys+9d156
Stack Address 2 : tcpip.sys+a498c
Stack Address 3 : tcpip.sys+72018
Computer Name :
Full Path : C:\Windows\Minidump\Mini051712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051312-02.dmp
Crash Time : 5/13/2012 2:20:51 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x889de008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5dae0
Stack Address 3 : ntkrnlpa.exe+2326ac
Computer Name :
Full Path : C:\Windows\Minidump\Mini051312-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051312-01.dmp
Crash Time : 5/13/2012 12:55:56 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x94995773
Parameter 3 : 0x81c1aaa8
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+c5773
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+c5773
Stack Address 1 : win32k.sys+12048b
Stack Address 2 : win32k.sys+12055e
Stack Address 3 : win32k.sys+7c46c
Computer Name :
Full Path : C:\Windows\Minidump\Mini051312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051212-02.dmp
Crash Time : 5/12/2012 9:13:16 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x94985773
Parameter 3 : 0xac4f4aa8
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+c5773
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+c5773
Stack Address 1 : win32k.sys+12048b
Stack Address 2 : win32k.sys+12055e
Stack Address 3 : win32k.sys+7c46c
Computer Name :
Full Path : C:\Windows\Minidump\Mini051212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051212-01.dmp
Crash Time : 5/12/2012 3:56:46 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x912af008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5dae0
Stack Address 3 : ntkrnlpa.exe+2326ac
Computer Name :
Full Path : C:\Windows\Minidump\Mini051212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051112-01.dmp
Crash Time : 5/11/2012 11:46:12 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xb0800000
Parameter 2 : 0x00000000
Parameter 3 : 0x86d287f0
Parameter 4 : 0x00000002
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98339
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98339
Stack Address 1 : ntkrnlpa.exe+4dd94
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini051112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051012-02.dmp
Crash Time : 5/10/2012 4:43:56 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xb9dc1000
Parameter 2 : 0x00000000
Parameter 3 : 0x86da97f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini051012-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini051012-01.dmp
Crash Time : 5/10/2012 4:05:00 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a1bccf0
Caused By Driver : NETIO.SYS
Caused By Address : NETIO.SYS+8cf0
File Description : Network I/O Subsystem
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : NETIO.SYS+8cf0
Stack Address 2 : tcpip.sys+2deb2
Stack Address 3 : tcpip.sys+5c5cc
Computer Name :
Full Path : C:\Windows\Minidump\Mini051012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050912-01.dmp
Crash Time : 5/9/2012 9:58:04 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x8ded0008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326dc
Computer Name :
Full Path : C:\Windows\Minidump\Mini050912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050812-02.dmp
Crash Time : 5/8/2012 4:11:56 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xc055f000
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8229c199
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+83199
Stack Address 2 : ntkrnlpa.exe+82baf
Stack Address 3 : ntkrnlpa.exe+825e6
Computer Name :
Full Path : C:\Windows\Minidump\Mini050812-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050812-01.dmp
Crash Time : 5/8/2012 2:40:40 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x948f56b3
Parameter 3 : 0xb0b61a20
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+c56b3
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+c56b3
Stack Address 1 : win32k.sys+ab4dd
Stack Address 2 : win32k.sys+ab5a4
Stack Address 3 : win32k.sys+1202e2
Computer Name :
Full Path : C:\Windows\Minidump\Mini050812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050712-01.dmp
Crash Time : 5/7/2012 6:42:46 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x818b8008
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+5205
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326dc
Computer Name :
Full Path : C:\Windows\Minidump\Mini050712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050612-01.dmp
Crash Time : 5/6/2012 8:45:04 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00004000
Parameter 2 : 0x86b9b670
Parameter 3 : 0xffffffff
Parameter 4 : 0x0023dfed
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+b67ee
Stack Address 2 : ntkrnlpa.exe+84a6f
Stack Address 3 : ntkrnlpa.exe+83fc3
Computer Name :
Full Path : C:\Windows\Minidump\Mini050612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050512-03.dmp
Crash Time : 5/5/2012 11:56:42 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00041287
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : ntkrnlpa.exe+62133
Stack Address 3 : ntkrnlpa.exe+635c6
Computer Name :
Full Path : C:\Windows\Minidump\Mini050512-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050512-02.dmp
Crash Time : 5/5/2012 6:04:04 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x000c0859
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+10350
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : Ntfs.sys+10350
Stack Address 2 : Ntfs.sys+e9a8
Stack Address 3 : ntkrnlpa.exe+44976
Computer Name :
Full Path : C:\Windows\Minidump\Mini050512-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050512-01.dmp
Crash Time : 5/5/2012 12:19:11 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a7b7cf0
Caused By Driver : NETIO.SYS
Caused By Address : NETIO.SYS+8cf0
File Description : Network I/O Subsystem
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22377 (vistasp2_ldr.100405-0403)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : NETIO.SYS+8cf0
Stack Address 2 : tcpip.sys+2deb2
Stack Address 3 : tcpip.sys+5c5cc
Computer Name :
Full Path : C:\Windows\Minidump\Mini050512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini050112-01.dmp
Crash Time : 5/1/2012 1:30:14 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x80d83000
Parameter 2 : 0x00000000
Parameter 3 : 0x8743b7f0
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+b22f
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini050112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini043012-02.dmp
Crash Time : 4/30/2012 7:03:15 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0x813f7008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+5db20
Stack Address 3 : ntkrnlpa.exe+2326dc
Computer Name :
Full Path : C:\Windows\Minidump\Mini043012-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini043012-01.dmp
Crash Time : 4/30/2012 1:46:56 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x17c00000
Parameter 3 : 0xc081e4f4
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+949c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+949c0
Stack Address 1 : ntkrnlpa.exe+9316c
Stack Address 2 : ntkrnlpa.exe+218b3a
Stack Address 3 : ntkrnlpa.exe+1f5467
Computer Name :
Full Path : C:\Windows\Minidump\Mini043012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042812-01.dmp
Crash Time : 4/28/2012 4:53:20 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xac678000
Parameter 2 : 0x00000000
Parameter 3 : 0x872a07f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini042812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042612-01.dmp
Crash Time : 4/26/2012 7:11:06 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xb9f49000
Parameter 2 : 0x00000000
Parameter 3 : 0x873017f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini042612-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042412-03.dmp
Crash Time : 4/24/2012 5:15:09 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xc31e7000
Parameter 2 : 0x00000000
Parameter 3 : 0x872d77f0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini042412-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042412-02.dmp
Crash Time : 4/24/2012 3:48:31 AM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x23200000
Parameter 3 : 0xc084da8c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+949c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+949c0
Stack Address 1 : ntkrnlpa.exe+9316c
Stack Address 2 : ntkrnlpa.exe+218b3a
Stack Address 3 : ntkrnlpa.exe+1f5467
Computer Name :
Full Path : C:\Windows\Minidump\Mini042412-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini042412-01.dmp
Crash Time : 4/24/2012 12:01:38 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xfe009dd8
Parameter 2 : 0x00000000
Parameter 3 : 0x822f300c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : ntkrnlpa.exe+ee00c
Stack Address 3 : win32k.sys+c8105
Computer Name :
Full Path : C:\Windows\Minidump\Mini042412-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041512-01.dmp
Crash Time : 4/15/2012 11:24:39 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xa86ac000
Parameter 2 : 0x00000000
Parameter 3 : 0x8206f536
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+770c
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : ntkrnlpa.exe+64536
Stack Address 3 : ntkrnlpa.exe+335f4
Computer Name :
Full Path : C:\Windows\Minidump\Mini041512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041212-02.dmp
Crash Time : 4/12/2012 5:56:44 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xc0804d18
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8209adab
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+60dab
Stack Address 2 : ntkrnlpa.exe+5fc45
Stack Address 3 : ntkrnlpa.exe+7a995
Computer Name :
Full Path : C:\Windows\Minidump\Mini041212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041212-01.dmp
Crash Time : 4/12/2012 2:52:35 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00003452
Parameter 2 : 0x0f800000
Parameter 3 : 0xc08286b0
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+949c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+949c0
Stack Address 1 : ntkrnlpa.exe+9316c
Stack Address 2 : ntkrnlpa.exe+218b3a
Stack Address 3 : ntkrnlpa.exe+1f5467
Computer Name :
Full Path : C:\Windows\Minidump\Mini041212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini041012-01.dmp
Crash Time : 4/10/2012 4:06:12 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00004000
Parameter 2 : 0x85da6808
Parameter 3 : 0x80000000
Parameter 4 : 0x0023dfed
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+b67ee
Stack Address 2 : ntkrnlpa.exe+84a6f
Stack Address 3 : ntkrnlpa.exe+83fc3
Computer Name :
Full Path : C:\Windows\Minidump\Mini041012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini040912-02.dmp
Crash Time : 4/9/2012 9:00:29 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0xb4637d4c
Parameter 2 : 0x00000000
Parameter 3 : 0x00000008
Parameter 4 : 0xb4637d4c
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini040912-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================
==================================================
Dump File : Mini040912-01.dmp
Crash Time : 4/9/2012 12:44:39 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x0000110b
Parameter 3 : 0x00000000
Parameter 4 : 0xa78d5008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+ed184
Stack Address 2 : ntkrnlpa.exe+22e5f5
Stack Address 3 : ntkrnlpa.exe+22e457
Computer Name :
Full Path : C:\Windows\Minidump\Mini040912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

looks like most were caused by "ntkrnlpa.exe"

ok had a crash today I can start a new thread but here's what I got from the bsod view program!

==================================================
Dump File : Mini052112-01.dmp
Crash Time : 5/21/2012 1:31:04 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a29e156
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+9d156
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : tcpip.sys+9d156
Stack Address 2 : tcpip.sys+a498c
Stack Address 3 : tcpip.sys+72018
Computer Name :
Full Path : C:\Windows\Minidump\Mini052112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

another today

==================================================
Dump File : Mini052212-01.dmp
Crash Time : 5/22/2012 11:39:41 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x00000014
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8a2ac156
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+9d156
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.22828 (vistasp2_ldr.120329-0337)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : tcpip.sys+9d156
Stack Address 2 : tcpip.sys+a498c
Stack Address 3 : tcpip.sys+72018
Computer Name :
Full Path : C:\Windows\Minidump\Mini052212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

OTL logfile created on: 5/22/2012 4:20:11 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\William\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 45.76% Memory free
6.20 Gb Paging File | 4.38 Gb Available in Paging File | 70.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 45.68 Gb Free Space | 32.43% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2011/12/16 13:38:35 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2011/12/16 13:38:32 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2011/12/16 13:38:36 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2011/12/16 13:04:18 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2011/12/16 13:04:18 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2011/12/16 13:38:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2011/12/16 13:38:32 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/04/05 13:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010/04/05 16:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\ERDNT\cache\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2011/12/16 13:38:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
< End of report >

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\tcpip.sys with C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: William
->Temp folder emptied: 18680411 bytes
->Temporary Internet Files folder emptied: 75809092 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 103679735 bytes
->Flash cache emptied: 13954 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 470387 bytes
RecycleBin emptied: 2023750855 bytes

Total Files Cleaned = 2,119.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: William
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05222012_173046
Files\Folders moved on Reboot...
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\aclk[1].htm not found!
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\page-3[2].htm not found!
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG2DLQMU\up[1].htm not found!
File\Folder C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC2HMXEF\data_sync[1].htm not found!
Registry entries deleted on Reboot...

OTL logfile created on: 5/23/2012 2:39:06 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\William\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.76% Memory free
6.20 Gb Paging File | 4.71 Gb Available in Paging File | 75.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 60.72 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.75 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2011/12/16 13:38:35 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2011/12/16 13:38:32 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2011/12/16 13:38:36 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2011/12/16 13:04:18 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2011/12/16 13:04:18 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2011/12/16 13:38:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2011/12/16 13:38:32 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/04/05 13:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010/04/05 16:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\ERDNT\cache\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2011/12/16 13:38:34 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
< End of report >

BlitzBlank 1.0.0.32
File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys", destinationFile = "\??\c:\windows\system32\drivers\tcpip.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022
CopyFile: ZwCreateFile failed: status = c0000022

ComboFix 12-05-25.02 - William 05/25/2012 7:05.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1789 [GMT -4:00]
Running from: c:\users\William\Desktop\ComboFix.exe
Command switches used :: c:\users\William\Desktop\CFScript.txt.lnk
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\William\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\odysseyIM4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_sandboxu
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-23 17:28 . 2012-05-23 17:28 -------- d-----w- c:\program files\DellTPad
2012-05-23 17:27 . 2007-06-25 23:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
2012-05-23 17:27 . 2007-06-25 22:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-05-23 17:27 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-05-22 21:30 . 2012-05-22 21:30 -------- d-----w- C:\_OTL
2012-05-22 19:31 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFAD140-3E3B-4CB2-BCF6-996F166D51C8}\mpengine.dll
2012-05-20 19:26 . 2012-05-20 19:26 -------- d-----w- c:\program files\NirSoft
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\users\William\AppData\Local\Secunia PSI
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\program files\Secunia
2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\WOT
2012-05-20 04:54 . 2012-05-20 04:54 -------- d-----w- c:\users\William\AppData\Roaming\f-secure
2012-05-20 04:53 . 2012-05-20 04:53 -------- d-----w- c:\programdata\F-Secure
2012-05-20 04:38 . 2012-05-20 04:38 -------- d-----w- c:\windows\Sun
2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\found.001
2012-05-16 08:07 . 2012-05-16 08:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 23:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 23:46 . 2012-05-13 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 17:41 . 2012-05-13 17:41 -------- d-----w- c:\users\William\AppData\Local\ESET
2012-05-13 17:30 . 2012-05-13 17:30 -------- d-----w- c:\program files\Windows Resource Kits
2012-05-12 23:11 . 2012-05-12 23:11 -------- d-----w- c:\program files\ESET
2012-05-11 01:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 22:42 . 2012-05-05 22:43 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 08:08 . 2011-12-23 05:19 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-05 16:58 . 2012-04-04 17:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 16:58 . 2011-12-23 00:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 18:42 . 2012-04-03 18:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-03 18:42 . 2012-04-03 18:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 18:42 . 2012-04-03 18:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-03-28 16:09 . 2012-03-20 23:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11 . 2012-04-12 07:13 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:13 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:13 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:13 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 07:14 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:14 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 19:19 . 2012-02-25 19:19 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se2Bunic
ofcpfwsvc
upsmonservice
nmservice
atkkeyboardservice
SE2Bmdfl
SE2Dbus
omsad
tmtdi
wscsvc
wm
UNDPX2A
sdcoreservice
EIO_XP
ErrDev
qfcoresvc
mcdetect.exe
pelusblf
DS1410D
CTMFLT
EMATCORE
CVirtA
mssqlserverolapservice
pgpsdkservice
PTDCVsp
dsNcAdpt
sisnic
btnetfilter
nimcdfxk
MTC0001_ESB
SprintRcAppSvc
pcx1unic
RDID1027
pwkntmon
axsaki
mwagent
oracle_load_balancer_60_server-forms6ip9
rslinxng
mysql
teefer
atixsaudio
adminserver
mvserver
spmd
bc_filter
atiavaiw
UimBus
sisperf
imapiservice
s716mdm
rt2500usb
ppped
tfsnboio
dlartl_n
vstor2-ws60
iPassPeriodicUpdateService
speakerphone
ZDPNDIS5
ISAMSvc
plsremotesvc
smartwiservice
mcdbus
se45mgmt
ccflic0
webdriveservice
wlluc48b
webrootenterpriseclientservice
imagesrv
flashcom
ssm_bus
olapserver
wintab32
a016mgmt
MRV6X32P
EACSvrMngr
sglogplayer
AcronisOSSReinstallSvc
atdisk
bantext
nwlnkspx
PBADRV
oraclewebassistant
sonytvc
intelroam
papyjoy
tfsnudf
U3sHlpDr
npapimon
comhost
SetupSys
pdlnatcm
iPassP
perc2
statusagent
ATWPKT2
AdobeActiveFileMonitor6.0
WD_FireWire_HID
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
hclinetd
i81x
SWUMX51
MQAC
UsbserFilt
dlbu_device
szkg
incdsrv
acrotray
rootmodem
nwlnknb
avgems
datasvr
NETw4v32
cfgwzsvc
tvtfilter
USB_NDIS_51
s125mdfl
tng-dtmg
vproeventmonitor
wmconnectcds
redbook
DivisCTS
NWSAP
macformatservice
sit_flt
EL2000
ssfs0509
procexp90
iksyssec
starwindservice
mnsframework
bwcsrv
aolservice
crauto
nvax
mctskshd.exe
ICAM5USB
LC7981
razerusb
EagleNT
elockservice
xfilt
ageremodemaudio
MA8032U
fshttps
slabbus
useraccess7
ctljystk
acermemusagecheckservice
NVR0Dev
rnadirectory
netmdsb
nm
bc_pat_f
MREMP50
W700mdm
oraclemtsrecoveryservice
pduip6000dmemcrdmgr
roxwatch
svv
SMCB000
vncdrv
tapeware
Angel2
qkbfiltr
persfw
cpucoolserver
elnkservice
btwusb
STV680m
msftpsvc
mxnic
ikhfile
opcenum
trioservice
cebdaldr
winpppoverethernet
lpx
TOSHIBASoftModem
mssql$sqlexpress
Hotkey
NITaggerService
dlcj_device
slabser
openldap-slapd
diskeeper
WinVd32
rchost
w800mdm
NTIDrvr
dlcc_device
server
SE26mgmt
z800mgmt
emitray
aspi32
S3GIGP
tgsrvc_smartagent
beatjamupnpmusicserver
iaimfp1
Slntamr
defwatch
sis315
queuemgr
penrendezvous
lktimesync
bthpan
ATMsg
ino_flpy
cvslock
dtsrvc
noipducservice
WaveFDE
ntcharge
se45nd5
rfcomm
tavsvc
SABSVC
screadspool
GTSCSER
mysqlinventime
modemcsa
timounter
NETw3v32
ma_cmidi_installerservice
getPlusHelper
nimxdfk
tdimsys
bdselfpr
PD0620VID
PGPdisk
SimpTcp
mfeavfk
AVerTV
SPFDRV
btwhid
pcradminserver
audstub
mlkkbdntdriver
WBHWDOCT
lvprcsrv
uleadburninghelper
mwstick
vsdatant
hibernation
lmab_device
rppkt
mcsysmon
UWProSys
s217nd5
CX88AUD
pdlnshay
monfilt
lxcj_device
ntpr_nic_service2
a016mdm
iAimTV5
zpsc
haspnt
Jukebox
VAIOMediaPlatform-MusicServer-HTTP
FETNDIS
scsk4
outpostfirewall
backupexecalertserver
nmwcdc
pavdrv
slee_503_service
HIDSwvd
ssm_mdm
LVRS
sifilter
viaagp1
ood2000
STV680
CnxTrLan
win32sl
s116mdm
cwcwdm
Pctspk
jaguar
ROB_A
Appn
hwpsgt
AVCSTRM
spcsutilityservice
nvstor32
mfesmfk
roxupnpserver
avg7rsw
SWNC5E00
DNE
ovsecurityserver
p2k
ADIDTSFiltService
wuolservice
ggsemc
winpowerrmi
GoToAssist
DgiVecp
cccredmgr
srvdpi
db2das00
spbbcsvc
vcommmgr
SNP2STD
NIPALK
hpqddsvc
harmony
sshrmd
GT890x
winpower
Slpsvdr
oracle_load_balancer_60_client-forms6ip9
APLMp50
TMKEmu
HPFECP20
pcidump
ftsata2
UVCFTR
nbservice
license
oracleorahomehttpserver
DirectUpdate
PGPsdkDriver
retroexplauncher
nfmservice
tng-dts
SE2Eobex
wampmysqld
s217mdm
dlcf_device
rimvserport
TNaviSrv
el90xbc
RESMGR
SDdriver
pdlnsx25
gameenum
wdica
AR5523
picturetaker
Evian
btwavdt
rnadiagnosticsservice
cusrvc
Via4in1
freepops
nimcrpcsu
dmio
TuneUp.Defrag
iPassPeriodicUpdateApp
prism_a02
IFPUSB
bt3cser
transarcafsdaemon
k750mdfl
USB_RNDIS
SRTSP
ifxtcs
VICESYS
PTDCBus
tcsd_win32.exe
pml
ScFBPNT3
UxTuneUp
vc5secs
tbhsd
stacsv
licensemanagersocket
avgarcln
tosrfnds
ql1280
s3ssavage
hmonitor
wlluc48
tmmbd
cbidf
zebrbus
dvd_2K
vsapint
w200bus
awhost32
filechecker
NsTrcNT
hsf_dp
trackcam4
arcltsrv
dladresm
WUSB54GPV4SRV
us30service
vvoice
inotask
inorpc
VNUSB
lxrjd31d
Ncrc710
rca
s125obex
NxSysMon
VX3000
srescan
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
isapisearch
lockmgr
nvcap
ss_mdfl
SRS_SSCFilter
klif
DCamUSBSQTECH
se26unic
mks_scan
s7otranx
SED133x
ibmcicstransactiongateway
s7oppitx
LKbdFlt2
3comtftp
UMPass
U81xobex
U2SP
co_mon
atierecord
qbfcservice
tosrfsnd
openvpnservice
AmdLLD
freebsd
atkdisplf
se58unic
RMCAST
mcnasvc
cdr4_2k
avg7updsvc
cvsnt
k750mdm
s616unic
artourservice
symmpi
iastor
aclient
BTSLBCSP
askernel
acprfmgrsvc
https-admserv61
splitter
SaiU040B
proxyhostservice
USB_RNDIS_XP
nmsaccess
mfehidk
snmptrapdservice
digictrl
emupia
rimusb
array_utility_service4,0,1,3
gearaspiwdm
eskerlicensecontrol
lxbs_device
nimdbgk
CTMSHD
ihcservice
pavreport
ATKFUSService
iomdisk
se59mdfl
pnkbstrb
lp6nds35
syntp
SWMX00
se2Bnd5
e1express
w800mdfl
entech
T6963C
hnmsvc
VCAM
purgeieservice
XFX_program
smcservice
ldlcserv
PQNTDrv
iviaspi
enxpsvc
DniVad
acedrv07
Subsonic
iwebmsg
qmofiltr
agrsrvce
SunkFilt39
TcUsb
MA_CMIDI
trcboot
smsmdd
iam
a016mdfl
db2ntsecserver
ec2007service
sqlagent$sony_mediamgr
soma
tvs
ipsraidn
kservice
Bcim
amon
axinstsv
btwrchid
bdfsdrv
SE2Dmdfl
MTsensor
maya70docserver
ctdvda2k
wg111nd5
nchssvad
SaiNtSub
cpqarray
gv3
UpdateCenterService
MobilePreInstallerService
SQLWriter
iap
usb20l
s716nd5
FireTDI
pdframe
HSFHWICH
yukonwxp
lvpopflt
vzcdbsvc
NVTCP
SE27mdm
atalk
SunkFilt
NVENET
ctmmfilt
cicssfs.scmmc223
ifxspmgtsrv
se44nd5
agentsrv
ATMsrvc
nsengine
s117obex
aswrdr
z800obex
mwspollserver
lxbu_device
rtl8139
se44bus
USB11LDR
ramaint
pfc
athr
se59nd5
sentinel
ser2pl
websenselogserver
ltck000c
ZuneWlanCfgSvc
k750mgmt
Nsynas32
uclauncherservice
ossrv
sprtsvc_smartagent
autocomplete
sbhooksvc
USBCamera
TestHandler
adiloader
elotouchscreen
cwafrmiregistry
W55U01
tvicport
aec
ino_fltr
CTEDSPFX.DLL
U81xmdm
HFACSVC
imaservice
tmactmon
MpFilter
bthusb
symids
ASMMAP
atchksrv
AKSIFDH
GV600_4
nvmpu401
ASNDIS5
omniusbl
papycpu2
cpuz132
HECI
tsdhd
protexislicensing
slapd-data52
tandpl
dxdebug
scanwscs
ntrtscan
mod7700
TVALG
oracle_load_balancer_60_client-forms6ip14
telnet
mapserver6.3
incdfs
eamon
GTPTSER
atmeltpm
vetmsgnt
nvsmu
RSAFAL
alertmanager
sysmonlog
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 07:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\NOD9D7D.tmp 847872 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\dlbacoms.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\msiexec.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 07:25:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 11:25
.
Pre-Run: 62,952,001,536 bytes free
Post-Run: 63,107,092,480 bytes free
.
- - End Of File - - 8575A95A9CAD471FC66C2E932665130E

the latest BSOD

==================================================
Dump File : Mini052512-01.dmp
Crash Time : 5/25/2012 10:37:53 AM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001904aa
Parameter 2 : 0xa852b950
Parameter 3 : 0xa852b64c
Parameter 4 : 0x8a423feb
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+16feb
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdabf
Stack Address 1 : Ntfs.sys+19fff
Stack Address 2 : Ntfs.sys+27637
Stack Address 3 : Ntfs.sys+27a7e
Computer Name :
Full Path : C:\Windows\Minidump\Mini052512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,176
==================================================

ComboFix 12-05-25.02 - William 05/25/2012 15:03:10.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1757 [GMT -4:00]
Running from: c:\users\William\Desktop\ComboFix.exe
Command switches used :: c:\users\William\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys --> c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 19:11 . 2012-05-25 19:11 -------- d-----w- c:\users\William\AppData\Local\temp
2012-05-25 19:11 . 2012-05-25 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 14:35 . 2012-05-25 14:35 -------- d-----w- C:\found.002
2012-05-23 17:28 . 2012-05-23 17:28 -------- d-----w- c:\program files\DellTPad
2012-05-23 17:27 . 2007-06-25 23:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
2012-05-23 17:27 . 2007-06-25 22:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-05-23 17:27 . 2006-11-02 12:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-05-22 21:30 . 2012-05-22 21:30 -------- d-----w- C:\_OTL
2012-05-20 19:26 . 2012-05-20 19:26 -------- d-----w- c:\program files\NirSoft
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\users\William\AppData\Local\Secunia PSI
2012-05-20 17:52 . 2012-05-20 17:52 -------- d-----w- c:\program files\Secunia
2012-05-20 17:48 . 2012-05-20 17:48 -------- d-----w- c:\program files\WOT
2012-05-20 04:54 . 2012-05-20 04:54 -------- d-----w- c:\users\William\AppData\Roaming\f-secure
2012-05-20 04:53 . 2012-05-20 04:53 -------- d-----w- c:\programdata\F-Secure
2012-05-20 04:38 . 2012-05-20 04:38 -------- d-----w- c:\windows\Sun
2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\found.001
2012-05-16 08:07 . 2012-05-16 08:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 23:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 23:46 . 2012-05-13 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 17:41 . 2012-05-13 17:41 -------- d-----w- c:\users\William\AppData\Local\ESET
2012-05-13 17:30 . 2012-05-13 17:30 -------- d-----w- c:\program files\Windows Resource Kits
2012-05-12 23:11 . 2012-05-12 23:11 -------- d-----w- c:\program files\ESET
2012-05-11 01:11 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:11 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:11 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 22:42 . 2012-05-05 22:43 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 08:08 . 2011-12-23 05:19 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-08 16:40 . 2012-05-22 19:31 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFAD140-3E3B-4CB2-BCF6-996F166D51C8}\mpengine.dll
2012-05-05 16:58 . 2012-04-04 17:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 16:58 . 2011-12-23 00:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 18:42 . 2012-04-03 18:42 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-03 18:42 . 2012-04-03 18:42 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 18:42 . 2012-04-03 18:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-03-28 16:09 . 2012-03-20 23:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 15:11 . 2012-04-12 07:13 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:13 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:13 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:13 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 07:14 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:14 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 19:19 . 2012-02-25 19:19 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Turbo Tourney 2012 Scheduler.lnk]
backup=c:\windows\pss\Turbo Tourney 2012 Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se2Bunic
ofcpfwsvc
upsmonservice
nmservice
atkkeyboardservice
SE2Bmdfl
SE2Dbus
omsad
tmtdi
wscsvc
wm
UNDPX2A
sdcoreservice
EIO_XP
ErrDev
qfcoresvc
mcdetect.exe
pelusblf
DS1410D
CTMFLT
EMATCORE
CVirtA
mssqlserverolapservice
pgpsdkservice
PTDCVsp
dsNcAdpt
sisnic
btnetfilter
nimcdfxk
MTC0001_ESB
SprintRcAppSvc
pcx1unic
RDID1027
pwkntmon
axsaki
mwagent
oracle_load_balancer_60_server-forms6ip9
rslinxng
mysql
teefer
atixsaudio
adminserver
mvserver
spmd
bc_filter
atiavaiw
UimBus
sisperf
imapiservice
s716mdm
rt2500usb
ppped
tfsnboio
dlartl_n
vstor2-ws60
iPassPeriodicUpdateService
speakerphone
ZDPNDIS5
ISAMSvc
plsremotesvc
smartwiservice
mcdbus
se45mgmt
ccflic0
webdriveservice
wlluc48b
webrootenterpriseclientservice
imagesrv
flashcom
ssm_bus
olapserver
wintab32
a016mgmt
MRV6X32P
EACSvrMngr
sglogplayer
AcronisOSSReinstallSvc
atdisk
bantext
nwlnkspx
PBADRV
oraclewebassistant
sonytvc
intelroam
papyjoy
tfsnudf
U3sHlpDr
npapimon
comhost
SetupSys
pdlnatcm
iPassP
perc2
statusagent
ATWPKT2
AdobeActiveFileMonitor6.0
WD_FireWire_HID
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
hclinetd
i81x
SWUMX51
MQAC
UsbserFilt
dlbu_device
szkg
incdsrv
acrotray
rootmodem
nwlnknb
avgems
datasvr
NETw4v32
cfgwzsvc
tvtfilter
USB_NDIS_51
s125mdfl
tng-dtmg
vproeventmonitor
wmconnectcds
redbook
DivisCTS
NWSAP
macformatservice
sit_flt
EL2000
ssfs0509
procexp90
iksyssec
starwindservice
mnsframework
bwcsrv
aolservice
crauto
nvax
mctskshd.exe
ICAM5USB
LC7981
razerusb
EagleNT
elockservice
xfilt
ageremodemaudio
MA8032U
fshttps
slabbus
useraccess7
ctljystk
acermemusagecheckservice
NVR0Dev
rnadirectory
netmdsb
nm
bc_pat_f
MREMP50
W700mdm
oraclemtsrecoveryservice
pduip6000dmemcrdmgr
roxwatch
svv
SMCB000
vncdrv
tapeware
Angel2
qkbfiltr
persfw
cpucoolserver
elnkservice
btwusb
STV680m
msftpsvc
mxnic
ikhfile
opcenum
trioservice
cebdaldr
winpppoverethernet
lpx
TOSHIBASoftModem
mssql$sqlexpress
Hotkey
NITaggerService
dlcj_device
slabser
openldap-slapd
diskeeper
WinVd32
rchost
w800mdm
NTIDrvr
dlcc_device
server
SE26mgmt
z800mgmt
emitray
aspi32
S3GIGP
tgsrvc_smartagent
beatjamupnpmusicserver
iaimfp1
Slntamr
defwatch
sis315
queuemgr
penrendezvous
lktimesync
bthpan
ATMsg
ino_flpy
cvslock
dtsrvc
noipducservice
WaveFDE
ntcharge
se45nd5
rfcomm
tavsvc
SABSVC
screadspool
GTSCSER
mysqlinventime
modemcsa
timounter
NETw3v32
ma_cmidi_installerservice
getPlusHelper
nimxdfk
tdimsys
bdselfpr
PD0620VID
PGPdisk
SimpTcp
mfeavfk
AVerTV
SPFDRV
btwhid
pcradminserver
audstub
mlkkbdntdriver
WBHWDOCT
lvprcsrv
uleadburninghelper
mwstick
vsdatant
hibernation
lmab_device
rppkt
mcsysmon
UWProSys
s217nd5
CX88AUD
pdlnshay
monfilt
lxcj_device
ntpr_nic_service2
a016mdm
iAimTV5
zpsc
haspnt
Jukebox
VAIOMediaPlatform-MusicServer-HTTP
FETNDIS
scsk4
outpostfirewall
backupexecalertserver
nmwcdc
pavdrv
slee_503_service
HIDSwvd
ssm_mdm
LVRS
sifilter
viaagp1
ood2000
STV680
CnxTrLan
win32sl
s116mdm
cwcwdm
Pctspk
jaguar
ROB_A
Appn
hwpsgt
AVCSTRM
spcsutilityservice
nvstor32
mfesmfk
roxupnpserver
avg7rsw
SWNC5E00
DNE
ovsecurityserver
p2k
ADIDTSFiltService
wuolservice
ggsemc
winpowerrmi
GoToAssist
DgiVecp
cccredmgr
srvdpi
db2das00
spbbcsvc
vcommmgr
SNP2STD
NIPALK
hpqddsvc
harmony
sshrmd
GT890x
winpower
Slpsvdr
oracle_load_balancer_60_client-forms6ip9
APLMp50
TMKEmu
HPFECP20
pcidump
ftsata2
UVCFTR
nbservice
license
oracleorahomehttpserver
DirectUpdate
PGPsdkDriver
retroexplauncher
nfmservice
tng-dts
SE2Eobex
wampmysqld
s217mdm
dlcf_device
rimvserport
TNaviSrv
el90xbc
RESMGR
SDdriver
pdlnsx25
gameenum
wdica
AR5523
picturetaker
Evian
btwavdt
rnadiagnosticsservice
cusrvc
Via4in1
freepops
nimcrpcsu
dmio
TuneUp.Defrag
iPassPeriodicUpdateApp
prism_a02
IFPUSB
bt3cser
transarcafsdaemon
k750mdfl
USB_RNDIS
SRTSP
ifxtcs
VICESYS
PTDCBus
tcsd_win32.exe
pml
ScFBPNT3
UxTuneUp
vc5secs
tbhsd
stacsv
licensemanagersocket
avgarcln
tosrfnds
ql1280
s3ssavage
hmonitor
wlluc48
tmmbd
cbidf
zebrbus
dvd_2K
vsapint
w200bus
awhost32
filechecker
NsTrcNT
hsf_dp
trackcam4
arcltsrv
dladresm
WUSB54GPV4SRV
us30service
vvoice
inotask
inorpc
VNUSB
lxrjd31d
Ncrc710
rca
s125obex
NxSysMon
VX3000
srescan
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
isapisearch
lockmgr
nvcap
ss_mdfl
SRS_SSCFilter
klif
DCamUSBSQTECH
se26unic
mks_scan
s7otranx
SED133x
ibmcicstransactiongateway
s7oppitx
LKbdFlt2
3comtftp
UMPass
U81xobex
U2SP
co_mon
atierecord
qbfcservice
tosrfsnd
openvpnservice
AmdLLD
freebsd
atkdisplf
se58unic
RMCAST
mcnasvc
cdr4_2k
avg7updsvc
cvsnt
k750mdm
s616unic
artourservice
symmpi
iastor
aclient
BTSLBCSP
askernel
acprfmgrsvc
https-admserv61
splitter
SaiU040B
proxyhostservice
USB_RNDIS_XP
nmsaccess
mfehidk
snmptrapdservice
digictrl
emupia
rimusb
array_utility_service4,0,1,3
gearaspiwdm
eskerlicensecontrol
lxbs_device
nimdbgk
CTMSHD
ihcservice
pavreport
ATKFUSService
iomdisk
se59mdfl
pnkbstrb
lp6nds35
syntp
SWMX00
se2Bnd5
e1express
w800mdfl
entech
T6963C
hnmsvc
VCAM
purgeieservice
XFX_program
smcservice
ldlcserv
PQNTDrv
iviaspi
enxpsvc
DniVad
acedrv07
Subsonic
iwebmsg
qmofiltr
agrsrvce
SunkFilt39
TcUsb
MA_CMIDI
trcboot
smsmdd
iam
a016mdfl
db2ntsecserver
ec2007service
sqlagent$sony_mediamgr
soma
tvs
ipsraidn
kservice
Bcim
amon
axinstsv
btwrchid
bdfsdrv
SE2Dmdfl
MTsensor
maya70docserver
ctdvda2k
wg111nd5
nchssvad
SaiNtSub
cpqarray
gv3
UpdateCenterService
MobilePreInstallerService
SQLWriter
iap
usb20l
s716nd5
FireTDI
pdframe
HSFHWICH
yukonwxp
lvpopflt
vzcdbsvc
NVTCP
SE27mdm
atalk
SunkFilt
NVENET
ctmmfilt
cicssfs.scmmc223
ifxspmgtsrv
se44nd5
agentsrv
ATMsrvc
nsengine
s117obex
aswrdr
z800obex
mwspollserver
lxbu_device
rtl8139
se44bus
USB11LDR
ramaint
pfc
athr
se59nd5
sentinel
ser2pl
websenselogserver
ltck000c
ZuneWlanCfgSvc
k750mgmt
Nsynas32
uclauncherservice
ossrv
sprtsvc_smartagent
autocomplete
sbhooksvc
USBCamera
TestHandler
adiloader
elotouchscreen
cwafrmiregistry
W55U01
tvicport
aec
ino_fltr
CTEDSPFX.DLL
U81xmdm
HFACSVC
imaservice
tmactmon
MpFilter
bthusb
symids
ASMMAP
atchksrv
AKSIFDH
GV600_4
nvmpu401
ASNDIS5
omniusbl
papycpu2
cpuz132
HECI
tsdhd
protexislicensing
slapd-data52
tandpl
dxdebug
scanwscs
ntrtscan
mod7700
TVALG
oracle_load_balancer_60_client-forms6ip14
telnet
mapserver6.3
incdfs
eamon
GTPTSER
atmeltpm
vetmsgnt
nvsmu
RSAFAL
alertmanager
sysmonlog
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:58]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-20 21:41]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000Core.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1815498000-2833343681-1250068786-1000UA.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 04:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 15:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:81,97,c7,74,c6,e0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,3b,da,52,c0,a4,82,4f,a1,90,3e,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\dlbacoms.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 15:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 19:23
ComboFix2.txt 2012-05-25 11:25
.
Pre-Run: 63,374,553,088 bytes free
Post-Run: 63,265,398,784 bytes free
.
- - End Of File - - 7AAFB187946B0A775A07405B77DD7FEA