BSOD - "DRIVER_IRQL_NOT_LESS_OR_EQUAL" - "tcpip.sys"

  1. 01-01-2012  #1
    Gryffy
    Gryffy is offline Junior Member

    BSOD - "DRIVER_IRQL_NOT_LESS_OR_EQUAL" - "tcpip.sys"

    The other day the dreaded BSOD had reared it's ugly head for the first time since I built this computer. "DRIVER_IRQL_NOT_LESS_OR_EQUAL" pointing to "tcpip.sys" as a problem. This has happened 3 times in the past 72 hours or so, all at random times, once when i had the computer locked and wasn't even in front of it.


    MBAM

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.01.01.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    David :: GRYFFY [administrator]

    Protection: Disabled

    1/1/2012 7:15:40 AM
    mbam-log-2012-01-01 (07-15-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 205386
    Time elapsed: 6 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER:

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-01-01 07:37:58
    Windows 6.1.7601 Service Pack 1
    Running: 8qr1d2iu.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0011f608242b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0011f608242b@001f5d491551 0x51 0xA5 0x59 0xDF ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0011f608242b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0011f608242b@001f5d491551 0x51 0xA5 0x59 0xDF ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1A87F0CE-66C6-152E-CA39-1BF48DD1EE82}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1A87F0CE-66C6-152E-CA39-1BF48DD1EE82}@abkiomeaodokemgcibmlkonfgimineiefa 0x6A 0x61 0x65 0x6B ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1A87F0CE-66C6-152E-CA39-1BF48DD1EE82}@bbihicmbioplhlapkbjjelfanalcghcjkcaa 0x6A 0x61 0x65 0x6B ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1A87F0CE-66C6-152E-CA39-1BF48DD1EE82}@bbihicmbioplhlapkbjjelfanalcghcjkcba 0x6A 0x61 0x6E 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1A87F0CE-66C6-152E-CA39-1BF48DD1EE82}@abkiomeaodokemgcibmlkonfgimineieea 0x6A 0x61 0x6E 0x6A ...

    ---- EOF - GMER 1.0.15 ----

    [B]aswMBR:[B\]

    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-01 07:40:58
    -----------------------------
    07:40:58.985 OS Version: Windows x64 6.1.7601 Service Pack 1
    07:40:58.985 Number of processors: 4 586 0x403
    07:40:58.986 ComputerName: GRYFFY UserName: David
    07:40:59.361 Initialize success
    07:41:45.000 AVAST engine defs: 12010100
    07:42:55.629 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000074
    07:42:55.634 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
    07:42:55.645 Disk 0 MBR read successfully
    07:42:55.650 Disk 0 MBR scan
    07:42:55.658 Disk 0 Windows 7 default MBR code
    07:42:55.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    07:42:55.676 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 103207 MB offset 206848
    07:42:55.695 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 850559 MB offset 211574784
    07:42:55.706 Service scanning
    07:42:56.687 Modules scanning
    07:42:56.696 Disk 0 trace - called modules:
    07:42:56.706 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    07:42:56.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f4060]
    07:42:56.727 3 CLASSPNP.SYS[fffff880019c643f] -> nt!IofCallDriver -> [0xfffffa8004899ac0]
    07:42:56.738 5 amd_xata.sys[fffff880010c8b98] -> nt!IofCallDriver -> \Device\00000074[0xfffffa8004894890]
    07:42:57.241 AVAST engine scan C:\Windows
    07:42:58.707 AVAST engine scan C:\Windows\system32
    07:43:55.743 AVAST engine scan C:\Windows\system32\drivers
    07:44:01.836 AVAST engine scan C:\Users\David
    07:49:08.648 AVAST engine scan C:\ProgramData
    07:50:37.924 Scan finished successfully
    07:53:48.454 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
    07:53:48.459 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by David at 7:59:06 on 2012-01-01
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2369 [GMT -8:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\UnsignedThemesSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Users\David\AppData\Local\Wakoopa\Wakoopa.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    D:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe
    D:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
    D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    D:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = local
    mWinlogon: Userinit=userinit.exe,
    BHO: {128369B5-3B3B-0373-49DD-65FD405044AC} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    uRun: [Wakoopa] C:\Users\David\AppData\Local\Wakoopa\Wakoopa.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Driver Genius]
    mRun: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
    uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    mPolicies-system: DisableStartupSound = 1 (0x1)
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=se etoo&c=ce7afbe4aa0f4738f&browserVersion=7.0
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1 208.67.222.222
    TCP: Interfaces\{E75E3E61-482B-4550-BEC1-7DB6DE4015CC} : DhcpNameServer = 192.168.1.1 208.67.222.222
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    BHO-X64: {128369B5-3B3B-0373-49DD-65FD405044AC} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [Driver Genius]
    mRun-x64: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\febeprof.David\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={s earchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 0
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 9666
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.socks_port - 9050
    FF - prefs.js: network.proxy.ssl - localhost
    FF - prefs.js: network.proxy.ssl_port - 9666
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.21. 79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\febeprof.David\extensions\LogMeInClient@logm ein.com\plugins\npLMI64.dll
    FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\febeprof.David\extensions\LogMeInClient@logm ein.com\plugins\npRACtrl.dll
    FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npg oogletalk.dll
    FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npg tpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
    FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_ sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_ xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubaku p.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
    R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMO N.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
    R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\ eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
    R2 LMIGuardianSvc;LMIGuardianSvc;D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176]
    R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDrive r.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
    R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-30 652872]
    R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
    R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\ux patch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
    R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\driv ers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\driver s\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\driver s\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    R3 EUDISK;EASEUS Disk Enumerator;\??\C:\Windows\system32\drivers\eudisk. sys --> C:\Windows\system32\drivers\eudisk.sys [?]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio6 4.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
    R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn. sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V023 0Vfx.sys --> C:\Windows\system32\DRIVERS\V0230Vfx.sys [?]
    R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys --> C:\Windows\system32\DRIVERS\V0230VID.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMM ONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-24 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-24 79360]
    S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDF X.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\driv ers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTER FXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLF X.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    S3 EASEUS Agent;EASEUS Agent;D:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-7-6 56200]
    S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
    S3 MonitorFunction;Driver for Monitor;C:\Windows\system32\DRIVERS\TVMonitor.sys --> C:\Windows\system32\DRIVERS\TVMonitor.sys [?]
    S3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.s ys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
    S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominipor t.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 Secunia PSI Agent;Secunia PSI Agent;D:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
    S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
    S3 TeamViewer7;TeamViewer 7;D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 wod0205;WeOnlyDo Network Adapter 2.5;C:\Windows\system32\DRIVERS\wod0205.sys --> C:\Windows\system32\DRIVERS\wod0205.sys [?]
    S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-01 09:43:32 -------- d-----w- C:\Users\David\AppData\Local\{5C5782B7-0064-4E59-97CB-9B05DD450B85}
    2012-01-01 09:42:59 -------- d-----w- C:\Users\David\AppData\Local\{4E466361-D29F-4EBA-BB0C-D24A147724C6}
    2011-12-31 18:11:45 -------- d-----w- C:\Users\David\AppData\Local\{C5BDC501-038C-4953-892A-B5FC786BD273}
    2011-12-31 18:11:11 -------- d-----w- C:\Users\David\AppData\Local\{A86C07D9-7677-4103-8C27-58F61A8B00F3}
    2011-12-31 16:17:09 -------- d-----w- C:\Users\David\AppData\Local\{9539596F-A721-46B8-A829-A2DEA9F9760D}
    2011-12-30 21:44:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-30 18:03:58 -------- d-----w- C:\Users\David\AppData\Local\{0B90A004-4240-44CF-AC54-4585D650DAF2}
    2011-12-30 18:03:24 -------- d-----w- C:\Users\David\AppData\Local\{2AF0C019-F333-4EC8-A7A8-E51B43919737}
    2011-12-30 06:02:57 -------- d-----w- C:\Users\David\AppData\Local\{AE3D5153-E9F7-4C25-953E-12FD610FDD8B}
    2011-12-30 06:02:23 -------- d-----w- C:\Users\David\AppData\Local\{370FB0E5-CF2C-498F-A8C7-AAB69FC1438C}
    2011-12-30 05:38:33 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2011-12-30 05:38:33 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2011-12-30 05:38:29 -------- d-----w- C:\Program Files (x86)\Realtek
    2011-12-30 04:20:52 -------- d-----w- C:\Program Files\Speccy
    2011-12-30 04:16:46 -------- d-----w- C:\Program Files\WhoCrashed
    2011-12-30 04:02:45 -------- d-----w- C:\Program Files (x86)\NirSoft
    2011-12-30 0346 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
    2011-12-29 17:53:21 -------- d-----w- C:\ProgramData\PC Tools
    2011-12-29 17:53:20 -------- d-----w- C:\Users\David\AppData\Roaming\TestApp
    2011-12-29 17:34:27 -------- d-----w- C:\Users\David\AppData\Local\{743CBC03-8236-4C90-B3B4-9A9A538EE351}
    2011-12-29 17:33:58 -------- d-----w- C:\Users\David\AppData\Local\{F2C052DE-235D-4DFF-A267-A9AE1DB127F3}
    2011-12-29 09:28:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-29 03:46:49 -------- d-----w- C:\Users\David\AppData\Local\{4D6C5596-655F-428F-A321-F58C375C6376}
    2011-12-29 03:46:27 -------- d-----w- C:\Users\David\AppData\Local\{DF7B0D77-73FD-4E7D-9C1B-423EFCAFC856}
    2011-12-28 00:54:52 -------- d-----w- C:\Users\David\AppData\Local\{227F67B1-CF6F-45AA-958B-D751CDE69C90}
    2011-12-28 00:54:29 -------- d-----w- C:\Users\David\AppData\Local\{1227210B-6477-4182-801E-2AE9897F9F82}
    2011-12-27 11:27:33 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
    2011-12-27 11:27:33 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2011-12-27 11:27:33 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-12-27 11:27:33 630784 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
    2011-12-27 11:27:33 39936 ----a-w- C:\Windows\SysWow64\huffyuv.dll
    2011-12-27 11:27:33 3164160 ----a-w- C:\Windows\SysWow64\x264vfw.dll
    2011-12-27 11:27:33 287744 ----a-w- C:\Windows\SysWow64\divxa32.acm
    2011-12-27 11:27:33 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-12-27 11:27:33 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
    2011-12-27 11:27:33 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
    2011-12-27 11:27:33 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2011-12-27 11:26:39 86016 ----a-w- C:\Windows\System32\ff_vfw.dll
    2011-12-27 11:26:39 203264 ----a-w- C:\Windows\System32\unrar.dll
    2011-12-27 09:32:34 -------- d-----w- C:\Windows\BACKUPSSS
    2011-12-27 0815 -------- d-----w- C:\Users\David\AppData\Local\{D822EDCA-3868-4B8F-8F9D-0F737F993E02}
    2011-12-27 08:55:52 -------- d-----w- C:\Users\David\AppData\Local\{D9D39768-1D0C-4A56-A285-CABF7F438C2F}
    2011-12-26 07:11:52 -------- d-----w- C:\Users\David\AppData\Local\{F9B764B1-832E-4CB2-B068-78A955981E8C}
    2011-12-26 07:11:30 -------- d-----w- C:\Users\David\AppData\Local\{A23D08B6-44F6-46EA-A3C8-A77B8B0B8C8F}
    2011-12-25 19:11:01 -------- d-----w- C:\Users\David\AppData\Local\{738D6EF9-09F7-4A43-8C81-F74DE25CFFC6}
    2011-12-25 19:10:39 -------- d-----w- C:\Users\David\AppData\Local\{167706A5-FAB1-4F4B-9FAD-EF93BE67586E}
    2011-12-25 17:36:05 -------- d-----w- C:\Users\David\AppData\Local\{8264D460-6409-4537-B022-46FB56678D76}
    2011-12-24 13:58:25 -------- d-----w- C:\Users\David\AppData\Local\{FCE994D1-3360-4740-9E6B-E9243C9E1D47}
    2011-12-24 13:58:14 -------- d-----w- C:\Users\David\AppData\Local\{20D3E62E-981D-4446-B6A9-BD3AC2C3093A}
    2011-12-24 09:52:03 -------- d--h--w- C:\VritualRoot
    2011-12-24 09:16:06 -------- d-----w- C:\ProgramData\Comodo
    2011-12-23 22:25:48 -------- d-----w- C:\Users\David\AppData\Local\{9C019233-2ACF-4E9D-A084-D96556AD0902}
    2011-12-23 22:25:26 -------- d-----w- C:\Users\David\AppData\Local\{ABF1D047-FEBC-416E-9A43-3D2C98D2ADAA}
    2011-12-23 08:41:42 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A4366AA-6641-44F7-96E5-0F303C6665C0}\mpengine.dll
    2011-12-23 04:22:07 -------- d-----w- C:\Users\David\AppData\Local\{6E991558-E167-4995-A2F7-C6080828B55F}
    2011-12-23 04:06:32 -------- d-----w- C:\Users\David\AppData\Local\{BFA6B174-738C-49FD-AB56-01E5176815D8}
    2011-12-22 14:15:23 -------- d-----w- C:\Users\David\Aptana Rubles
    2011-12-22 12:18:32 -------- d-----w- C:\Users\David\AppData\Local\{F387D3CD-013C-4770-BBC9-82FFD50A5256}
    2011-12-22 12:18:10 -------- d-----w- C:\Users\David\AppData\Local\{6EAA9F23-DBFA-4CF4-93A4-43F7BAC0BA26}
    2011-12-22 10:57:57 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
    2011-12-21 14:39:52 -------- d-----w- C:\Program Files (x86)\NCH Software
    2011-12-21 14:39:47 -------- d-----w- C:\Users\David\AppData\Roaming\NCH Software
    2011-12-21 14:08:20 -------- d-----w- C:\Users\David\AppData\Local\CrashDumps
    2011-12-21 06:52:29 -------- d-----w- C:\Users\David\AppData\Local\{1152A069-90EC-4953-850D-77031EC50F1F}
    2011-12-21 06:52:07 -------- d-----w- C:\Users\David\AppData\Local\{4D623026-FB2D-4501-B6CB-F50E8DCF81D3}
    2011-12-21 06:02:11 -------- d-----w- C:\ProgramData\SonicFocus
    2011-12-21 06:02:02 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
    2011-12-21 06:02:02 90224 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
    2011-12-21 06:02:02 675952 ----a-w- C:\Windows\System32\VIASysFx.dll
    2011-12-21 06:02:02 2915440 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
    2011-12-21 06:02:02 27760 ----a-w- C:\Windows\System32\ViakaraokeSrv.exe
    2011-12-21 06:02:02 2182768 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
    2011-12-21 06:02:02 202864 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
    2011-12-21 06:02:02 116848 ----a-w- C:\Windows\System32\ViaKaraokePropPageExt.dll
    2011-12-21 06:02:02 1161328 ----a-w- C:\Windows\System32\ViaKaraokeApo.dll
    2011-12-21 05:58:19 53248 ----a-r- C:\Users\David\AppData\Roaming\Microsoft\Installer \{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-12-21 05:52:31 -------- d-----w- C:\ViewSonic
    2011-12-21 05:40:09 -------- d-----w- C:\ProgramData\DriverGenius
    2011-12-20 22:32:13 -------- d-----w- C:\Users\David\AppData\Local\{4CB842EF-DDC6-4F9D-81AE-507D39883137}
    2011-12-20 17:18:39 -------- d-----w- C:\Users\David\VirtualBox VMs
    2011-12-20 17:17:26 -------- d-----w- C:\Users\David\.VirtualBox
    2011-12-20 17:13:42 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2011-12-20 17:13:39 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2011-12-20 17:13:38 -------- d-----w- C:\Program Files\Oracle
    2011-12-20 02:59:18 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2011-12-20 02:59:18 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2011-12-20 02:59:16 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2011-12-20 02:58:56 389840 ----a-w- C:\Windows\System32\guard64.dll
    2011-12-20 02:58:56 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2011-12-19 23:52:49 -------- d-----w- C:\Users\David\AppData\Local\{EA070AD5-C650-4B96-999E-B2377D525168}
    2011-12-19 23:52:26 -------- d-----w- C:\Users\David\AppData\Local\{E7B98C07-C3B9-4ED9-B3A7-807630BFF814}
    2011-12-19 21:45:22 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2011-12-19 21:43:54 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2011-12-19 21:43:54 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2011-12-19 11:52:11 -------- d-----w- C:\Users\David\AppData\Local\{E099004D-8715-491F-A0F0-9294F1CBE18A}
    2011-12-19 11:51:49 -------- d-----w- C:\Users\David\AppData\Local\{3D137495-3586-40DE-9404-8E35E23E49FC}
    2011-12-18 20:57:58 -------- d-----w- C:\Users\David\AppData\Local\{073DE7BF-FE73-42F8-8F31-C203333AF431}
    2011-12-18 07:03:00 -------- d-----w- C:\Users\David\AppData\Local\{8BF5C567-5130-48D3-A38D-895803EA1FA3}
    2011-12-18 07:02:38 -------- d-----w- C:\Users\David\AppData\Local\{77D269A9-09BD-4417-A595-C0F23627F186}
    2011-12-16 22:41:40 -------- d-----w- C:\Users\David\AppData\Local\{03284EE5-5B5C-496C-99F6-5CB29FDEE561}
    2011-12-16 22:41:17 -------- d-----w- C:\Users\David\AppData\Local\{AC3DDA9B-9709-4620-942A-A7CA356A1AA7}
    2011-12-16 20:23:56 -------- d-----w- C:\ProgramData\BOINC
    2011-12-16 20:23:03 -------- d-----w- C:\Windows\Downloaded Installations
    2011-12-16 19:59:05 59392 ----a-w- C:\Windows\SysWow64\speexw.acm
    2011-12-16 19:59:04 -------- d-----w- C:\Users\David\AppData\Roaming\TurboIRC 7
    2011-12-16 19:59:04 -------- d-----w- C:\ProgramData\TurboIRC 7
    2011-12-16 15:32:33 -------- d-----w- C:\Users\David\AppData\Roaming\X-Chat 2
    2011-12-16 10:41:02 -------- d-----w- C:\Users\David\AppData\Local\{E826912D-F411-4BDD-A675-6AFCA3C606EC}
    2011-12-16 10:40:39 -------- d-----w- C:\Users\David\AppData\Local\{CC8826F8-9280-474F-8618-794B9946A846}
    2011-12-15 07:17:15 -------- d-----w- C:\Users\David\AppData\Local\{42288CBD-E69A-4AA6-8D0F-FE4ECB3F3B88}
    2011-12-15 07:16:53 -------- d-----w- C:\Users\David\AppData\Local\{2679A97D-1621-4BE7-9F01-9258AE209F4B}
    2011-12-14 09:28:00 -------- d-----w- C:\Users\David\AppData\Local\{581103B9-89BD-4426-A983-AC96DAB48707}
    2011-12-13 19:33:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-13 19:33:56 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-13 19:33:55 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-13 19:33:55 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-13 13:29:53 -------- d-----w- C:\Users\David\AppData\Local\{DFD2E76D-B575-4636-9CD3-5B1127B2A418}
    2011-12-13 13:29:31 -------- d-----w- C:\Users\David\AppData\Local\{09130C27-F49E-41A9-B785-52DC289835B8}
    2011-12-12 20:38:02 -------- d-----w- C:\Users\David\AppData\Local\{E3FFD271-A608-4ECC-8872-B01E0E8AC5A5}
    2011-12-12 20:37:40 -------- d-----w- C:\Users\David\AppData\Local\{B21CEB58-F533-45CE-86A2-6F5A58A61D00}
    2011-12-12 17:29:09 -------- d-----w- C:\Users\David\AppData\Local\Opera
    2011-12-12 08:37:10 -------- d-----w- C:\Users\David\AppData\Local\{99351DF2-2F21-4DC3-90CD-81578049E8BC}
    2011-12-12 08:36:47 -------- d-----w- C:\Users\David\AppData\Local\{9DA9CC73-97CE-4713-9BB4-08D4A247B434}
    2011-12-11 17:26:37 -------- d-----w- C:\Users\David\AppData\Local\{5060A5BF-0E56-401D-B607-418D7E7DCF90}
    2011-12-11 17:26:14 -------- d-----w- C:\Users\David\AppData\Local\{A4570B7D-A344-4F42-8C14-69A5D8E1EEE7}
    2011-12-11 15:42:56 -------- d-----w- C:\Users\David\AppData\Roaming\DRPSu
    2011-12-11 08:46:37 -------- d-----w- C:\Users\David\AppData\Roaming\BleachBit
    2011-12-11 08:46:29 -------- d-----w- C:\Program Files (x86)\BleachBit
    2011-12-11 08:02:01 -------- d-----w- C:\Users\David\AppData\Roaming\TCB Networks
    2011-12-11 08:01:58 -------- d-----w- C:\Program Files (x86)\TCB Networks
    2011-12-11 07:52:54 -------- d-----w- C:\Users\David\AppData\Roaming\Volume2
    2011-12-11 07:52:24 -------- d-----w- C:\Program Files (x86)\Volume2
    2011-12-11 05:03:43 -------- d-----w- C:\Users\David\AppData\Local\{38D9D1C4-20E8-4028-A678-F440D84B8452}
    2011-12-11 05:03:20 -------- d-----w- C:\Users\David\AppData\Local\{5AA04FA4-0170-4620-B784-71E5A7348645}
    2011-12-10 11:24:16 -------- d-----w- C:\Users\David\AppData\Local\{14733D2A-9E4A-47D8-BF12-881091289E8F}
    2011-12-10 11:23:54 -------- d-----w- C:\Users\David\AppData\Local\{6E47D229-2D0B-4C86-9255-2B5B755DDDAD}
    2011-12-10 09:32:28 -------- d-----w- C:\Users\David\AppData\Local\{990F7B31-3F18-4517-8DF1-BBA4950E0A8A}
    2011-12-10 09:32:05 -------- d-----w- C:\Users\David\AppData\Local\{9B4709AF-2D7F-478F-9DB1-750FB713EF17}
    2011-12-09 10:51:24 -------- d-----w- C:\Users\David\AppData\Local\{928216CB-96C9-42ED-97B4-0ABCA357F56B}
    2011-12-09 10:51:03 -------- d-----w- C:\Users\David\AppData\Local\{A2141E32-335D-49E8-B9D4-6F2B3452E432}
    2011-12-09 08:51:42 -------- d-----w- C:\Users\David\AppData\Local\{128B7A2B-80FE-42CD-AA2F-27CA4733CBAE}
    2011-12-09 08:51:18 -------- d-----w- C:\Users\David\AppData\Local\{344D89A7-2754-4F85-B5F5-5B4B53FC426A}
    2011-12-08 11:35:36 -------- d-----w- C:\Users\David\AppData\Local\{D76EE900-E56B-408C-9E79-478AD2763731}
    2011-12-08 11:35:14 -------- d-----w- C:\Users\David\AppData\Local\{50C1C04C-B050-4BBA-B1C9-00F256EC985C}
    2011-12-07 18:18:54 -------- d-----w- C:\Users\David\AppData\Local\{CAFEBA5E-0D64-4049-B514-19BE33FE9D7C}
    2011-12-07 18:18:31 -------- d-----w- C:\Users\David\AppData\Local\{F06118F6-91A3-4F7C-857F-1D0F2E4CD38D}
    2011-12-07 06:18:15 -------- d-----w- C:\Users\David\AppData\Local\{F23766FD-51B0-4865-9B80-8EB0AAF1D647}
    2011-12-07 06:17:52 -------- d-----w- C:\Users\David\AppData\Local\{244C2E4D-FDFF-4762-B411-452E180EA00E}
    2011-12-06 18:16:01 -------- d-----w- C:\Users\David\AppData\Local\{2FA41889-619A-4713-83DB-7F32628D50CA}
    2011-12-06 18:15:38 -------- d-----w- C:\Users\David\AppData\Local\{934A78DF-7F28-48C7-AACC-E25DFAE5C5C8}
    2011-12-06 06:15:10 -------- d-----w- C:\Users\David\AppData\Local\{34806041-6D06-45C7-9F18-632DB1319828}
    2011-12-06 06:14:47 -------- d-----w- C:\Users\David\AppData\Local\{4705602B-5697-4E1E-8B5D-1337686A4FBE}
    2011-12-05 05:25:10 -------- d-----w- C:\Users\David\AppData\Local\{F2E35358-654A-4A2E-805C-CC0CC5C0B023}
    2011-12-05 05:24:48 -------- d-----w- C:\Users\David\AppData\Local\{D05FD439-722A-4250-8F9C-6E469323C4C8}
    2011-12-04 08:22:25 -------- d-----w- C:\Users\David\AppData\Local\{67E42050-C2E7-439E-955E-D8FC823595D5}
    2011-12-04 08:22:01 -------- d-----w- C:\Users\David\AppData\Local\{BBEE2468-1243-49F9-95F0-047FC696A23B}
    2011-12-03 08:00:13 -------- d-----w- C:\Users\David\AppData\Local\{A62BE5FA-6C16-455D-973F-E29123D257B4}
    2011-12-03 08:00:01 -------- d-----w- C:\Users\David\AppData\Local\{BDF36037-BE2A-49A9-8B41-5352AF4B526F}
    .
    ==================== Find3M ====================
    .
    2011-12-19 21:16:44 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2011-12-19 21:16:44 80768 ----a-w- C:\Windows\System32\LMIinit.dll
    2011-12-19 21:16:44 34688 ----a-w- C:\Windows\System32\LMIport.dll
    2011-12-19 18:58:57 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2011-12-02 06:55:28 21 ---h--r- C:\Windows\wsysweb.dll
    2011-11-28 1220 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-27 03:30:31 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2011-11-12 12:50:24 248944 ----a-w- C:\Windows\System32\Dts2APO.dll
    2011-11-10 13:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-24 23:15:26 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-16 07:49:32 13571624 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
    2011-10-13 14:49:27 230864 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
    2011-10-04 21:29:28 40576 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
    2011-10-04 21:29:26 80000 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
    .
    ============= FINISH: 7:59:37.42 ===============

    DDS 2 (Attach.txt):
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/24/2011 6:40:00 PM
    System Uptime: 1/1/2012 7:27:18 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A79XTD EVO
    Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 101 GiB total, 35.01 GiB free.
    D: is FIXED (NTFS) - 831 GiB total, 142.649 GiB free.
    E: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Creative Game Port
    Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&296 6AB86&0&29A4
    Manufacturer: Creative
    Name: Creative Game Port
    PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&296 6AB86&0&29A4
    Service:
    .
    ==== System Restore Points ===================
    .
    RP277: 12/29/2011 7:10:21 PM - Installed Microsoft Fix it 50203
    RP278: 12/29/2011 7:24:39 PM - SlimDrivers Installing Drivers
    RP279: 12/29/2011 8:57:57 PM - Installed UxStyle Core Beta
    RP280: 12/29/2011 9:25:57 PM - Removed Dojotech Spotify Recorder
    RP281: 12/29/2011 9:35:23 PM - Removed Realtek Ethernet Controller Driver
    RP282: 12/29/2011 9:37:30 PM - Before installing new drivers - 12/29/2011 9:37:29 PM
    RP283: 12/29/2011 9:38:19 PM - Installed Realtek Ethernet Controller Driver
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Shockwave Player 11.6
    AIDA64 Extreme Edition v1.70
    America's Army 3
    Anomaly Warzone Earth version Repack by FKMETAL333
    Apple Application Support
    Apple Software Update
    Application Profiles
    Auslogics BoostSpeed 5.2
    BleachBit
    Brink
    Creative ALchemy
    Creative Audio Console
    Creative Live! Cam Center
    Creative Software AutoUpdate
    CrystalDiskInfo 4.1.4
    D3DX10
    Debut Video Capture Software
    Deus Ex - Human Revolution version 1.0
    Deus Ex: Game of the Year Edition
    Dinner Timer Lite
    DiRT 3
    DivX Web Player
    Doxillion Document Converter
    Driver Genius Professional Edition
    EASEUS Todo Backup Free 2.5.1
    Electric Sheep 2.7b29
    eReg
    Everything 1.2.1.371
    F.E.A.R. 3
    F.lux
    FileHippo.com Update Checker
    foobar2000 v1.1.9
    FugueUp! WOL Magic Packet Utility
    Game Booster 3
    Game Fire
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Hard Disk Sentinel PRO
    HashCalc 2.02
    InfraRecorder
    Java Auto Updater
    Java(TM) 6 Update 30
    K-Lite Mega Codec Pack 8.0.0
    Killing Floor
    LastPass (uninstall only)
    Launchy 2.5
    Left 4 Dead
    Left 4 Dead 2
    LogMeIn
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.60.0.1800
    ManyCam 2.6.65 (remove only)
    Messenger Plus! 5
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    MorphVOX Pro
    Morrowind
    Morrowind AnimKit 2.1 (remove only)
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NirSoft BlueScreenView
    Nokia Connectivity Cable Driver
    Nokia_Multimedia_Common_Components_2_5
    NVIDIA PhysX
    OpenAL
    OpenDNS Updater 2.2.1
    OpenOffice.org 3.3
    PC Connectivity Solution
    Pidgin
    pidgin-otr 3.2.0-1
    Platform
    Polipo 1.0.4.1
    Python 2.7.2
    Quake Live Mozilla Plugin
    QuickTime
    Realtek Ethernet Controller Driver
    RocketDock 1.3.5
    Sanctum
    Secunia PSI (2.0.0.4003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.5
    SlimDrivers
    Spotify
    StarCraft II
    Steam
    SumatraPDF
    System Requirements Lab
    Team Fortress 2
    TeamViewer 7
    Tor 0.2.1.30
    Translator Fun Voice Pack
    TrueCrypt
    Tunatic
    TurboIRC 7 Uninstall
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Server
    VIA Platform Device Manager
    Vidalia 0.2.12
    ViewSonic Monitor Drivers x64
    VirtualCloneDrive
    VirtuaWin v4.3
    VLC media player 1.1.11
    Wakoopa
    WinDirStat 1.1.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinFF 1.3.2
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2011 2:28:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffffa800b3f6000, 0x0000000000000002, 0x0000000000000000, 0xfffff8800187f067). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123011-16972-01.
    12/29/2011 9:31:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    12/29/2011 9:30:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
    12/29/2011 9:29:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    12/29/2011 9:29:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.
    12/29/2011 9:28:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    12/29/2011 6:43:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffffa8009626000, 0x0000000000000002, 0x0000000000000000, 0xfffff8800192a067). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122911-17565-01.
    12/29/2011 10:02:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffffa800c131000, 0x0000000000000002, 0x0000000000000000, 0xfffff88001957067). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122911-15880-01.
    12/29/2011 1:19:45 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    .
    ==== End Of File ===========================
    Last edited by Gryffy; 01-01-2012 at 04:09 PM.
  2. 01-01-2012  #2
    broni
    broni is offline Senior Member
    I don't see anything malicious in your logs.

    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

    ================================================== ============

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  3. 02-01-2012  #3
    Gryffy
    Gryffy is offline Junior Member
    Thanks for the timely response, Broni.
    Nice, BlueScreenView I actually stumbled across while i was Googling the problem so i have it downloaded already . I'll be sure to post the updates logs though.
    It looks like I have the installable version installed. I'm guessing that wont be a problem...

    BlueScreenView:

    ==================================================
    Dump File : 123011-16972-01.dmp
    Crash Time : 12/30/2011 2:28:59 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffffa80`0b3f6000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff880`0187f067
    Caused By Driver : tcpip.sys
    Caused By Address : tcpip.sys+78067
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7cc40
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\123011-16972-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 292,232
    ==================================================

    ==================================================
    Dump File : 122911-17565-01.dmp
    Crash Time : 12/29/2011 6:43:34 PM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffffa80`09626000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff880`0192a067
    Caused By Driver : tcpip.sys
    Caused By Address : tcpip.sys+78067
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7cc40
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\122911-17565-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 286,808
    ==================================================

    ==================================================
    Dump File : 122911-15880-01.dmp
    Crash Time : 12/29/2011 10:02:50 AM
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffffa80`0c131000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff880`01957067
    Caused By Driver : tcpip.sys
    Caused By Address : tcpip.sys+78067
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Crash Address : ntoskrnl.exe+7cc40
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\Windows\Minidump\122911-15880-01.dmp
    Processors Count : 4
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 288,224
    ==================================================

    Farbar Service Scanner:

    Farbar Service Scanner
    Ran by David (administrator) on 01-01-2012 at 17:59:06
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ************************************************** **************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  4. 02-01-2012  #4
    broni
    broni is offline Senior Member
    All looks good.
    Possibly tcpip.sys file is corrupted.

    Please run Farbar Service Scanner.
    Type the following in the edit box after "Search:".

    tcpip.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply.
  5. 02-01-2012  #5
    Gryffy
    Gryffy is offline Junior Member
    Hmmm...I'm wondering if I just need to take a can of air to the hardware. Nonetheless...

    FSS "tcpip.sys":

    Farbar Service Scanner
    Ran by David (administrator) on 01-01-2012 at 19:30:11
    Windows 7 Ultimate Service Pack 1 (X64)

    ************************************************
    ================== Search: "tcpip.sys" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6 e9949627e69c\tcpip.sys
    [2011-11-08 16:50] - [2011-09-29 09:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a2 76c29643d7ec\tcpip.sys
    [2011-08-10 03:37] - [2011-06-20 22:20] - 1914752 ____A (Microsoft Corporation) A0EB71E0DC047C7CC95CD6AB4036296E

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cb b5de9625357a\tcpip.sys
    [2011-06-14 17:40] - [2011-04-24 22:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f0 9b257d43f3eb\tcpip.sys
    [2011-11-08 16:50] - [2011-09-29 08:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_1132 7af77d12659c\tcpip.sys
    [2011-08-10 03:37] - [2011-06-20 22:34] - 1923968 ____A (Microsoft Corporation) F0E98C00A09FDF791525829A1D14240F

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114d e9497cfe9316\tcpip.sys
    [2011-06-14 17:40] - [2011-04-24 21:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_1144 17c17d05cb37\tcpip.sys
    [2011-05-24 19:29] - [2010-11-20 05:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad 20ca992955d7\tcpip.sys
    [2011-11-08 16:50] - [2011-09-29 08:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8e d978993fa916\tcpip.sys
    [2011-08-10 03:37] - [2011-06-20 22:16] - 1888128 ____A (Microsoft Corporation) 5279D4DD69C7C71524B8E7A5746D15CC

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb9 18de99201ffb\tcpip.sys
    [2011-06-14 17:40] - [2011-04-24 21:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0 b57e990e2079\tcpip.sys
    [2011-05-24 18:37] - [2010-06-13 22:39] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9e a52499331463\tcpip.sys
    [2011-05-24 19:04] - [2010-04-08 23:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f17 0e9f80139ebc\tcpip.sys
    [2011-11-08 16:50] - [2011-09-29 08:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d 1e3b7feb1307\tcpip.sys
    [2011-08-10 03:37] - [2011-06-20 22:27] - 1896832 ____A (Microsoft Corporation) B9D87C7707F058AC652A398CD28DE14B

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f66 8bf97fd90dd3\tcpip.sys
    [2011-06-14 17:40] - [2011-04-24 21:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59 b7ad7fe2fcc8\tcpip.sys
    [2011-05-24 18:37] - [2010-06-13 22:37] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2c a8c580036f65\tcpip.sys
    [2011-05-24 19:04] - [2010-04-09 03:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1

    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f13 03f98017479d\tcpip.sys
    [2009-07-13 15:25] - [2009-07-13 17:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

    ====== End Of Search ======
  6. 02-01-2012  #6
    broni
    broni is offline Senior Member
    This is little bit strange as I don't see tcpip.sys in its default location.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
tcpip.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  7. 02-01-2012  #7
    Gryffy
    Gryffy is offline Junior Member
    Whoa, that is strange indeed.

    SystemLook:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:55 on 01/01/2012 by David
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "tcpip.sys"
    C:\Windows\System32\drivers\tcpip.sys --a---- 1923952 bytes [00:50 09/11/2011] [16:29 29/09/2011] FC62769E7BFF2896035AEED399108162
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f13 03f98017479d\tcpip.sys --a---- 1898576 bytes [23:25 13/07/2009] [01:45 14/07/2009] 912107716BAB424C7870E8E6AF5E07E1
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2c a8c580036f65\tcpip.sys --a---- 1898376 bytes [03:04 25/05/2011] [11:06 09/04/2010] 7FC877A25796D8ADF539E64703FCA7E1
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59 b7ad7fe2fcc8\tcpip.sys --a---- 1896832 bytes [02:37 25/05/2011] [06:37 14/06/2010] 90A2D722CF64D911879D6C4A4F802A4D
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f66 8bf97fd90dd3\tcpip.sys --a---- 1896832 bytes [01:40 15/06/2011] [05:32 25/04/2011] 61DC720BB065D607D5823F13D2A64321
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d 1e3b7feb1307\tcpip.sys --a---- 1896832 bytes [11:37 10/08/2011] [06:27 21/06/2011] B9D87C7707F058AC652A398CD28DE14B
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f17 0e9f80139ebc\tcpip.sys --a---- 1897328 bytes [00:50 09/11/2011] [16:24 29/09/2011] F18F56EFC0BFB9C87BA01C37B27F4DA5
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9e a52499331463\tcpip.sys --a---- 1892232 bytes [03:04 25/05/2011] [07:56 09/04/2010] A9C0F786AC1F736891D05CE0A1D29DEB
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0 b57e990e2079\tcpip.sys --a---- 1889152 bytes [02:37 25/05/2011] [06:39 14/06/2010] 542C6767C68C9D6AAACA59436B0D15C2
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb9 18de99201ffb\tcpip.sys --a---- 1893248 bytes [01:40 15/06/2011] [05:28 25/04/2011] 1F748D5439B65E0BEBD92F65048F030D
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8e d978993fa916\tcpip.sys --a---- 1888128 bytes [11:37 10/08/2011] [06:16 21/06/2011] 5279D4DD69C7C71524B8E7A5746D15CC
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad 20ca992955d7\tcpip.sys --a---- 1886064 bytes [00:50 09/11/2011] [16:17 29/09/2011] AC3E29880DB5659532A1AA3439304A43
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_1144 17c17d05cb37\tcpip.sys --a---- 1924480 bytes [03:29 25/05/2011] [13:33 20/11/2010] 509383E505C973ED7534A06B3D19688D
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114d e9497cfe9316\tcpip.sys --a---- 1923968 bytes [01:40 15/06/2011] [05:33 25/04/2011] 92CE29D95AC9DD2D0EE9061D551BA250
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_1132 7af77d12659c\tcpip.sys --a---- 1923968 bytes [11:37 10/08/2011] [06:34 21/06/2011] F0E98C00A09FDF791525829A1D14240F
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f0 9b257d43f3eb\tcpip.sys --a---- 1923952 bytes [00:50 09/11/2011] [16:29 29/09/2011] FC62769E7BFF2896035AEED399108162
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cb b5de9625357a\tcpip.sys --a---- 1927552 bytes [01:40 15/06/2011] [06:16 25/04/2011] B77977AEB2FF159D01DB08A309989C5F
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a2 76c29643d7ec\tcpip.sys --a---- 1914752 bytes [11:37 10/08/2011] [06:20 21/06/2011] A0EB71E0DC047C7CC95CD6AB4036296E
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6 e9949627e69c\tcpip.sys --a---- 1912176 bytes [00:50 09/11/2011] [17:41 29/09/2011] 3810F06A4D74A7D62641EE73D6B3C660

    -= EOF =-
  8. 02-01-2012  #8
    broni
    broni is offline Senior Member
    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:

    Code:
    CopyFile:
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys C:\Windows\System32\drivers\tcpip.sys
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
  9. 02-01-2012  #9
    Gryffy
    Gryffy is offline Junior Member
    Just for the sake of curiosity, I did a search on the C Drive for "tcpip.sys" and there appears to be a tcpip.sys in "C:\Windows\System32\drivers".
  10. 02-01-2012  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    System Look found it.
    Go on with my previous reply.
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« Nothing on my desktop but a blue screen | My Hotmail account is locked up in Firefox »