[Epicregret]

I currently run Windows Vista on my desktop, and ever since last year it decides to crash and the blue screen appears mentioning that Driver_less_or_Equal something something TCPIP.SYS. I have attached the mini dump files that I found, hopefully someone can help me out. I will say that I do believe that my Outpost Firewall has something to do with it. Thanks to anyone that can help!

Attached Files

•  bluescreen.zip   47.96KB   118 downloads

[Advertisements]

Probably caused by : tcpip.sys

Do you use Comodo Firewall ?

Edited by Bonk, 24 May 2010 - 10:40 AM.

[megabite]

Probably caused by : tcpip.sys

Do you use Comodo Firewall ?

Edited by Bonk, 24 May 2010 - 10:40 AM.

[Epicregret]

No, I currently don't use Comodo Firewall. Though I did have it last year, but it was too intrusive for my taste.

[megabite]

Understood...

Just that ComodoFirewall had issues like this and you said."ever since last year it decides to crash"

Would that be about the sametime you installed Comodofirewall?

You could see if there are any remnants left causing the problems by using Revo uninstaller free version.

What are you using now for firewall and protection programs?

Edited by Bonk, 24 May 2010 - 10:57 AM.

[Epicregret]

Yes I had Comodo installed last year, and decided to switch to Outpost and the problem started happening. I have Revo Uninstaller on my computer and I did do a deep scan after removing Comodo. I removed all traces from it, and I even reformatted my hard drive.

I currently have Outpost Firewall Pro 2009, Malwarebytes, Microsoft Security Essentials, and I have TuneUp Utilities 2010.

[megabite]

As a test can you Uninstall Outpost and use Windows firewall and see the results.

[Epicregret]

Sure, I'll uninstall Outpost and start using Windows Firewall, hopefully that will stop the crashing. I'll write back if anything happens good or bad. Thanks!

[diabillic]

Download BluescreenView, select File -> select all then Save and name the .txt whatever you want. Please paste that in your next post.

[Epicregret]

I have attached the files, hopefully I can get this figured out. Thanks!

Attached Files

•  Bluescreen.txt   3.31KB   136 downloads

Edited by Epicregret, 24 May 2010 - 07:19 PM.

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :filefind
  tcpip.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[Epicregret]

Ok here the log:

Attached Files

•  SystemLook.txt   10.81KB   144 downloads

[Broni]

First of all, I'd like to see, if your file is simply corrupted and we're not dealing here with some kind of infection.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
C:\WINDOWS\System32\drivers\tcpip.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

[Epicregret]

First of all, I'd like to see, if your file is simply corrupted and we're not dealing here with some kind of infection.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
C:\WINDOWS\System32\drivers\tcpip.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Here are the results:

http://www.virustota...7750-1274760468

[Broni]

Very good

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg

:Files
C:\WINDOWS\System32\drivers\tcpip.sys|C:\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys /replace
	  
:Commands
[purity]
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know, if the above stopped BSOD.

[Epicregret]

• Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Here are the results:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\WINDOWS\System32\drivers\tcpip.sys with C:\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Domo-Kun
->Temp folder emptied: 23464277 bytes
->Temporary Internet Files folder emptied: 6765534 bytes
->Java cache emptied: 14959793 bytes
->Google Chrome cache emptied: 8611181 bytes
->Flash cache emptied: 11554 bytes

User: JrIsmael
->Temp folder emptied: 8739644 bytes
->Temporary Internet Files folder emptied: 6703555 bytes
->Java cache emptied: 12182511 bytes
->Google Chrome cache emptied: 373076266 bytes
->Flash cache emptied: 9181 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156346 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 34911103 bytes

Total Files Cleaned = 467.00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05252010_000245

Files moved on Reboot...

Registry entries deleted on Reboot...