Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD ntoskrnl.exe tcpip.sys prooblem


  • Please log in to reply

#91
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

https://www.dropbox....kgoYH91L4a?dl=0

 

 

 


  • 0

Advertisements


#92
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

the vew files

 

 

i wonder what happened, there were no programs installed in the meantime

 

Attached Files


Edited by honshu, 19 January 2015 - 11:29 AM.

  • 0

#93
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

who is making the backup i wonder


  • 0

#94
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

Run Autoruns and look for more yellow items.  I think these:  UimBus Uim_DEVIM Uim_IM are left from paragon uninstall.  Should have been removed but weren't.

 

Log: 'Application' Date/Time: 19/01/2015 15:00:23
Type: Waarschuwing Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.     DETAIL -   5 user registry handles leaked from \Registry\User\S-1-5-21-1109764070-618117929-3508857997-1001_Classes:
Process 6080 (\Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-1109764070-618117929-3508857997-1001_CLASSES
Process 6080 (\Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-1109764070-618117929-3508857997-1001_CLASSES
Process 6080 (\Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-1109764070-618117929-3508857997-1001_CLASSES\.htm
Process 6080 (\Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-1109764070-618117929-3508857997-1001_CLASSES\.htm
Process 6080 (\Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-1109764070-618117929-3508857997-1001_CLASSES\MIME\Database
 
 
I suspect Outlook may be causing the boot problems.  It should not be holding open the registry when you shutdown.  When you get a good boot next time do not start outlook.  Then shutdown and see if you get a second good boot.
 
Also there is something from Winmail:
 
Log: 'Application' Date/Time: 19/01/2015 14:54:33
Type: Fout Category: 3
Event: 215 Source: ESENT
WinMail (6824) WindowsMail0: Het maken van de back-up is gestopt, omdat deze door de client is gestopt of omdat de verbinding met de client is mislukt.

  • 0

#95
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

Forgot to ask if the dropbox file shows a bad boot or a good one.


  • 0

#96
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

a bad one

 

and i don't even us winmail


  • 0

#97
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

outlook will take a long time opening the profile during a bad boot


  • 0

#98
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

Let me see the two FRST files.  I may be able to make some sense of it.


  • 0

#99
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

Also I think you need to uninstall mbam.  Fully 1/2 of the proc mon log is made up from mbam actions.


  • 0

#100
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

https://www.dropbox....kgoYH91L4a?dl=0


  • 0

Advertisements


#101
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

This log is only about 4 minutes long.  Major thing I see happening is some updates  (KB2492386, KB2868725, KB2923545, KB3023266, KB2726535,and a bunch of others) getting installed  wonder if they get reinstalled every time or if this was just a one time thing.

 

Guess we are going to need another boot log to see.  Wonder if this is related to not showing any updates in the speccy log.  


  • 0

#102
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

history of update only showing some 6 updates as well, programs as earlierer mentioned, shows all updates installed


  • 0

#103
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

indeed strange this update matter, installed one with date of 14th june

 

 

https://www.dropbox....kgoYH91L4a?dl=0


  • 0

#104
honshu

honshu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

Ron,

 

just found a system repair disc date sept 2011, and I think it is the one i made after installening win 7 on the SSD

 

would it make sense to run it?


  • 0

#105
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

Up to you.  Might be faster than trying to fix whatever is broken.  You will need to install a bunch of updates.  I would not let ccleaner do anything other than clean the temp files.  It sometimes gets carried away.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP