BSOD and avgtdia.sys - possible malware

Resolved
By RevCo
Jul 14, 2011
Topic Status:
Not open for further replies.
  1. Hi,

    I've been on the Windows BSOD forum (http://www.techspot.com/vb/topic167668.html), where Archean has been helping me out. He has looked through the minidumps and says the crashes were caused by
    avgtdia.sys
    and might be spyware/malware - he suggested I post my logs here...

    So I've gone through the 7-step and below is the log files (gmer.log not included as the log file was blank - no output) - malwarebytes finds nothing either but I included that.

    I'm on Windows 7 Ultimate x64, new build machine. Any help very much appreciated!

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7082

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    14/07/2011 07:33:02
    mbam-log-2011-07-14 (07-33-02).txt

    Scan type: Quick scan
    Objects scanned: 165469
    Time elapsed: 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    DDS (Ver_2011-07-14.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Mike at 7:43:07 on 2011-07-14
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8173.6185 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
    C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG10\avgui.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{33BFD830-BF7C-41BD-85EC-4EE93840C28A} : DHCPNameServer = 192.168.0.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\s9v6wz6o.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: C:\Program Files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.133.33\npGoogleOneClick7.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: C:\Program Files\NOS\bin\np_gp.dll
    FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-3 203776]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-2 586880]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-2 13336]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-4-20 9319936]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-4-20 306176]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-8 122856]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-8 369640]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-7-4 56344]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-2 20992]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-2 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\editplus.exe=D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE [UserChoice]
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    ShellExec: EDITPLUS.EXE: edit=D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
    ShellExec: EDITPLUS.EXE: open=D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
    .
    =============== Created Last 30 ================
    .
    2011-07-13 22:31:30 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-07-12 07:02:27 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-11 18:20:52 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
    2011-07-11 18:20:50 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-11 18:20:48 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-09 20:21:01 -------- d-----w- C:\symbols
    2011-07-09 20:13:36 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
    2011-07-08 18:50:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2011-07-07 19:06:11 1137856 ----a-w- C:\Windows\PE_File.dll
    2011-07-07 18:45:20 1072320 ----a-w- C:\Windows\PE_Rom.dll
    2011-07-04 21:49:35 -------- d-----w- C:\Users\Mike\AppData\Roaming\Subversion
    2011-07-04 21:42:18 -------- d-----w- C:\Users\Mike\Adobe Flash Builder 4
    2011-07-04 20:47:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-07-04 20:47:18 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-07-04 20:47:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-07-04 20:47:18 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-07-04 20:47:18 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-07-04 18:44:56 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2011-07-04 18:44:41 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
    2011-07-04 18:27:09 253440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp101.dll
    2011-07-04 18:26:22 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2011-07-04 18:26:22 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2011-07-04 18:26:18 138752 ----a-w- C:\Windows\System32\hpf3l101.dll
    2011-07-04 18:26:16 -------- d-----w- C:\Program Files (x86)\HP
    2011-07-04 18:26:05 -------- d-----w- C:\Program Files\HP
    2011-07-04 18:25:45 643200 ----a-w- C:\Windows\System32\hpzids40.dll
    2011-07-04 18:25:45 525440 ----a-w- C:\Windows\System32\hposc_p04a.dll
    2011-07-04 18:25:45 1412224 ----a-w- C:\Windows\System32\hpost_p04d.dll
    2011-07-04 18:25:45 1180288 ----a-w- C:\Windows\System32\hposwia_p04d.dll
    2011-07-04 18:24:23 -------- d-----w- C:\Users\Mike\AppData\Local\ElevatedDiagnostics
    2011-07-04 16:25:11 -------- d-----w- C:\ProgramData\PMS
    2011-07-03 22:49:10 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2011-07-03 22:48:41 525544 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-07-03 22:20:26 -------- d-----w- C:\Windows\SysWow64\spool
    2011-07-03 22:19:48 -------- d-----w- C:\Users\Mike\AppData\Local\Adobe
    2011-07-03 22:19:46 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
    2011-07-03 19:43:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\Dropbox
    2011-07-03 18:54:12 -------- d-----w- C:\Users\Mike\AppData\Local\Collectorz.com
    2011-07-03 18:45:09 -------- d-----w- C:\Users\Mike\AppData\Roaming\Scooter Software
    2011-07-03 18:45:07 -------- d-----w- C:\Program Files (x86)\Beyond Compare 3
    2011-07-03 06:41:58 -------- d-----w- C:\Windows\Panther
    2011-07-02 22:35:59 -------- d-----w- C:\Users\Mike\AppData\Roaming\TrueCrypt
    2011-07-02 22:32:05 -------- d-----w- C:\Windows\System32\SPReview
    2011-07-02 22:32:02 -------- d-----w- C:\Windows\System32\EventProviders
    2011-07-02 21:21:59 98304 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
    2011-07-02 21:04:01 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG10
    2011-07-02 21:03:01 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-07-02 21:02:56 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-07-02 21:02:56 -------- d-----w- C:\ProgramData\AVG10
    2011-07-02 21:02:53 -------- d-----w- C:\Program Files (x86)\AVG
    2011-07-02 20:23:25 -------- d-----w- C:\Users\Mike\AppData\Roaming\Static Outlook Backup
    2011-07-02 20:16:06 -------- d-----w- C:\Windows\PCHEALTH
    2011-07-02 20:14:07 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft Help
    2011-07-02 20:10:57 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-02 19:48:35 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
    2011-07-02 16:50:45 -------- d--h--w- C:\ProgramData\Common Files
    2011-07-02 16:48:23 -------- d-----w- C:\ProgramData\MFAData
    2011-07-02 15:50:57 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-07-02 15:50:57 -------- d-----w- C:\Windows\System32\Wat
    2011-07-02 15:29:58 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2011-07-02 15:29:53 -------- d-----w- C:\Users\Mike\AppData\Local\Google
    2011-07-02 15:29:42 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{369B4200-24FD-42F6-AC6A-706AE86BABC3}\mpengine.dll
    2011-07-02 15:29:42 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-07-02 15:29:42 -------- d-----w- C:\Users\Mike\AppData\Local\Deployment
    2011-07-02 15:29:42 -------- d-----w- C:\Users\Mike\AppData\Local\Apps
    2011-07-02 15:26:04 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-07-02 15:26:04 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-07-02 15:26:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-07-02 15:26:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-07-02 15:24:39 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-07-02 15:23:50 642944 ----a-w- C:\Windows\System32\winload.efi
    2011-07-02 15:20:14 -------- d-----w- C:\ProgramData\ASUS OC Profiles
    2011-07-02 15:20:10 -------- d-----w- C:\Users\Mike\AppData\Roaming\Intel Corporation
    2011-07-02 15:19:20 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
    2011-07-02 15:18:42 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
    2011-07-02 15:18:37 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-07-02 15:18:37 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-07-02 15:18:37 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-07-02 15:18:37 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-07-02 15:17:51 -------- d-----w- C:\ProgramData\ASUS
    2011-07-02 15:17:44 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll
    2011-07-02 15:17:44 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
    2011-07-02 15:17:44 -------- d-----w- C:\Program Files (x86)\ASUS
    2011-07-02 15:17:40 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    2011-07-02 15:16:40 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
    2011-07-02 15:16:02 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2011-07-02 15:12:19 -------- d-----w- C:\Intel
    2011-07-02 15:08:12 -------- d-----w- C:\Program Files (x86)\devolo
    2011-07-02 15:05:40 -------- d-----w- C:\Users\Mike\AppData\Local\ATI
    2011-07-02 15:05:21 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-07-02 15:03:22 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2011-07-02 15:02:55 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2011-07-02 15:02:54 116736 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
    2011-07-02 15:02:52 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-07-02 15:02:52 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-07-02 15:02:35 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2011-07-02 15:02:29 -------- d-sh--w- C:\Windows\Installer
    2011-07-02 15:02:28 -------- d-----w- C:\Program Files\ATI
    2011-07-02 15:00:57 -------- d-----w- C:\Program Files\ATI Technologies
    .
    ==================== Find3M ====================
    .
    2011-07-02 22:33:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-02 22:33:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-04-20 01:44:50 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-04-20 01:30:18 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-04-20 01:09:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-04-20 01:09:06 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-04-20 01:07:48 795648 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-04-20 01:07:04 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-04-20 01:04:56 480256 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-04-20 01:04:20 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-04-20 01:03:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-04-20 01:02:50 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-04-20 01:02:44 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-04-20 01:02:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-04-20 01:02:26 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-04-20 01:02:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-04-20 01:02:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-04-20 00:59:22 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-04-20 00:49:32 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-04-20 00:46:18 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-04-20 00:46:16 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-04-20 00:46:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-04-20 00:46:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-04-20 00:45:54 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-04-20 00:42:06 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-04-20 00:40:50 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-04-20 00:40:16 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-04-20 00:40:04 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-04-20 00:38:06 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-04-20 00:31:14 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-04-20 00:30:38 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-04-20 00:23:14 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-04-20 00:23:08 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-04-20 00:22:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-04-20 00:22:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-04-20 00:22:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-04-20 00:22:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-04-20 00:22:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-04-20 00:22:34 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-04-20 00:21:46 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-04-20 00:21:40 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-04-20 00:21:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-04-20 00:21:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-04-20 00:20:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-04-20 00:13:38 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-04-20 00:13:38 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-04-20 00:13:30 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    .
    ============= FINISH: 7:43:12.55 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-07-14.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02/07/2011 15:55:09
    System Uptime: 14/07/2011 07:17:11 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8P67 LE
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 70.263 GiB free.
    D: is FIXED (NTFS) - 98 GiB total, 93.355 GiB free.
    E: is CDROM ()
    M: is FIXED (NTFS) - 279 GiB total, 78.168 GiB free.
    R: is FIXED (NTFS) - 136 GiB total, 105.026 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Prem C310 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Photosmart Prem C310 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Community Help
    Adobe Creative Suite 4 Web Premium
    Adobe Creative Suite 5 Design Premium
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Builder 4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Linguistics CS4
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AI Suite II
    AMD DnD V1.0.19
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ATI AVIVO64 Codecs
    ATI Catalyst Install Manager
    AVG 2011
    Beyond Compare Version 3.2.4
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Connect
    Debugging Tools for Windows (x64)
    devolo dLAN Configuration Wizard
    devolo Informer
    Dropbox
    EditPlus 3
    Google Chrome
    HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7
    HydraVision
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel® Watchdog Timer Driver (Intel® WDT)
    Java(TM) 6 Update 26 (64-bit)
    Java(TM) SE Development Kit 6 Update 26 (64-bit)
    kuler
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Windows SDK for Windows 7 (7.1)
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MozBackup 1.5.1
    Mozilla Firefox 5.0 (x86 en-GB)
    Mozilla Thunderbird (5.0)
    MSXML 4.0 SP2 (KB954430)
    Music Collector
    Network64
    PDF Settings CS4
    PDF Settings CS5
    Photoshop Camera Raw
    Picasa 3
    Pixel Bender Toolkit
    PS_AIO_07_C310_SW_Min
    PS3 Media Server
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.92
    Scan
    SeaTools for Windows
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Static Outlook Backup 2.9
    Suite Shared Configuration CS4
    Toolbox
    TrueCrypt
    Unknown Device Identifier 7.00
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553975)
    Visual Studio 2008 x64 Redistributables
    WinZip 11.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    14/07/2011 07:42:38, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    14/07/2011 07:42:38, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    14/07/2011 07:42:38, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    14/07/2011 07:17:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b7d600, 0xfffffa8009b7d8e0, 0xfffff80002d91f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071411-11185-01.
    14/07/2011 07:10:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009bfe060, 0xfffffa8009bfe340, 0xfffff80002de0f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071411-11840-01.
    13/07/2011 22:38:10, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
    13/07/2011 17:23:40, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2011 17:23:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    13/07/2011 17:23:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    13/07/2011 17:23:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    13/07/2011 17:23:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    13/07/2011 17:23:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt Wanarpv6 WfpLwf
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2011 17:23:26, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2011 17:23:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c4 (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071311-13228-01.
    13/07/2011 16:54:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80098dab30, 0xfffffa80098dae10, 0xfffff80002d84f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071311-10530-01.
    12/07/2011 22:59:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008eb7a70, 0xfffffa8008eb7d50, 0xfffff80002dccf40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-10358-01.
    12/07/2011 19:03:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008eb5b30, 0xfffffa8008eb5e10, 0xfffff80002d88f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-10374-01.
    12/07/2011 08:04:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008e9ab30, 0xfffffa8008e9ae10, 0xfffff80002ddef40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-12464-01.
    12/07/2011 07:40:19, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009a82060, 0xfffffa8009a82340, 0xfffff80002de0f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-12074-01.
    11/07/2011 20:35:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64
    11/07/2011 20:15:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/07/2011 20:15:21, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/07/2011 20:15:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO Avgldx64 Avgmfx64 discache spldr truecrypt Wanarpv6
    11/07/2011 20:15:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffff9800a69ab30, 0xfffff9800a69ae10, 0xfffff80002da0f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071111-12994-01.
    11/07/2011 18:05:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009757060, 0xfffffa8009757340, 0xfffff80002dd2f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071111-8580-01.
    11/07/2011 17:59:40, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b61b30, 0xfffffa8009b61e10, 0xfffff80002dccf40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071111-9469-01.
    10/07/2011 09:18:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009801b30, 0xfffffa8009801e10, 0xfffff80002ddaf40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071011-9687-01.
    10/07/2011 08:15:45, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b38b30, 0xfffffa8009b38e10, 0xfffff80002d95f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071011-9594-01.
    09/07/2011 20:59:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b40060, 0xfffffa8009b40340, 0xfffff80002ddef40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070911-9906-01.
    09/07/2011 13:30:17, Error: Ntfs [137] - The default transaction resource manager on volume X: encountered a non-retryable error and could not start. The data contains the error code.
    09/07/2011 11:35:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b48060, 0xfffffa8009b48340, 0xfffff80002d96f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070911-12745-01.
    08/07/2011 19:18:42, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to this Forum! Give me minute to review your other thread to see if there is information to help me help you. It would appear that this is related to your AVG 2011 AV program.
    ==================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Edit: I've found you problem, being experienced by many AVG users. It appears to be due to a bad update (again!?) or install of an update. I'm writing up what is suggested for a fix.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    avgtdi.sys is the process for AVG Network connection watcher, part of the AVG Network Redirector

    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: avgtdia.sys (AVG Network connection watcher, AVG Technologies CZ, s.r.o.). (Hold on this for now)

    Although many had this problem, all I saw consistently was 'update'. But this is not a new problem so I don't know if an update was done. I'd like for you to do this: I'm going to have you run Combofix. It won't run with AVG installed and AVG left no way for us to completely disable it. So follow the uninstall directions below and put one of the temporary AV program on the system. You can then run the scans and access if this change stops the BSOD:
    ==========================================
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ====================================================
    By the way, you may want to keep the open taps in Firefox down to 15. FF continues to leak memory and exceeding that will just stress the system. I use to open ,y homepage with 7 tabs. Now I only use one and click on the 'open new tab' to the right of the clock in the toolbar at the top when IO need another..
  4. RevCo

    RevCo Newcomer, in training Topic Starter

    Hi Bobbye - many thanks for taking the time to look at this.

    I guess I'm hopelessly naive not even considering AVG could be responsible for a week of blue screen hell!

    So - I used AppRemover - sadly the computer died at 75% removal, I tried it again and it said no AVG, so I tried ComboFix and it ran OK. With luck all of AVG is permanently gone as I don't think I want to use it again after this...

    So - here is the report:

    ComboFix 11-07-14.05 - Mike 14/07/2011 19:20:10.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8173.6630 [GMT 1:00]
    Running from: c:\users\Mike\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-14 18:21 . 2011-07-14 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-14 18:19 . 2011-07-14 18:19 -------- d-----w- C:\32788R22FWJFW
    2011-07-13 22:31 . 2011-07-13 22:31 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-07-12 07:02 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-11 18:20 . 2011-07-11 18:20 -------- d-----w- c:\programdata\Malwarebytes
    2011-07-11 18:20 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-09 20:21 . 2011-07-09 20:21 -------- d-----w- C:\symbols
    2011-07-09 20:13 . 2011-07-14 06:28 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
    2011-07-08 18:50 . 2011-07-08 18:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-07-07 19:06 . 2011-07-07 19:06 1137856 ----a-w- c:\windows\PE_File.dll
    2011-07-07 18:45 . 2011-07-11 18:58 1072320 ----a-w- c:\windows\PE_Rom.dll
    2011-07-04 20:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-07-04 20:47 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-07-04 20:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-07-04 20:47 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-07-04 20:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-07-04 19:24 . 2011-07-04 19:24 -------- d-----w- c:\program files (x86)\Google
    2011-07-04 18:44 . 2011-05-04 11:25 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
    2011-07-04 18:44 . 2010-10-19 15:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
    2011-07-04 18:27 . 2010-03-10 14:35 253440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
    2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\Common Files\HP
    2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2011-07-04 18:26 . 2010-03-10 14:35 138752 ----a-w- c:\windows\system32\hpf3l101.dll
    2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\HP
    2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files\HP
    2011-07-04 18:25 . 2011-07-04 18:25 -------- d-----w- c:\programdata\HP
    2011-07-04 18:25 . 2009-12-11 09:48 525440 ----a-w- c:\windows\system32\hposc_p04a.dll
    2011-07-04 18:25 . 2009-12-11 09:48 1412224 ----a-w- c:\windows\system32\hpost_p04d.dll
    2011-07-04 18:25 . 2009-12-11 09:48 1180288 ----a-w- c:\windows\system32\hposwia_p04d.dll
    2011-07-04 18:25 . 2009-10-22 14:55 643200 ----a-w- c:\windows\system32\hpzids40.dll
    2011-07-04 16:25 . 2011-07-04 16:32 -------- d-----w- c:\programdata\PMS
    2011-07-03 22:49 . 2011-07-04 21:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-07-03 22:48 . 2011-07-03 22:48 525544 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-03 22:31 . 2011-07-03 22:31 -------- d-----w- c:\program files (x86)\Adobe Media Player
    2011-07-03 22:31 . 2011-07-03 22:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2011-07-03 22:21 . 2011-07-03 22:21 -------- d-----w- c:\programdata\FLEXnet
    2011-07-03 22:20 . 2011-07-03 22:36 -------- d-----w- c:\program files\Common Files\Adobe
    2011-07-03 22:20 . 2011-07-03 22:20 -------- d-----w- c:\windows\SysWow64\spool
    2011-07-03 22:19 . 2011-07-03 22:19 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
    2011-07-03 22:15 . 2011-07-03 22:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-07-03 18:45 . 2011-07-03 18:46 -------- d-----w- c:\program files (x86)\Beyond Compare 3
    2011-07-03 18:44 . 2011-07-03 18:44 -------- d-----w- c:\programdata\WinZip
    2011-07-03 06:41 . 2011-07-02 14:55 -------- d-----w- c:\windows\Panther
    2011-07-02 23:27 . 2011-07-02 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-07-02 22:32 . 2011-07-02 22:32 -------- d-----w- c:\windows\system32\SPReview
    2011-07-02 22:32 . 2011-07-02 22:32 -------- d-----w- c:\windows\system32\EventProviders
    2011-07-02 21:21 . 2010-11-20 13:33 75136 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2011-07-02 21:02 . 2011-07-14 18:19 -------- d-----w- c:\programdata\AVG10
    2011-07-02 20:16 . 2011-07-03 07:58 -------- d-----w- c:\program files (x86)\Microsoft Works
    2011-07-02 20:16 . 2011-07-03 08:16 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-07-02 20:16 . 2011-07-02 20:16 -------- d-----w- c:\windows\PCHEALTH
    2011-07-02 20:14 . 2011-07-13 21:38 -------- d-----w- c:\programdata\Microsoft Help
    2011-07-02 20:13 . 2011-07-02 20:13 -------- d-----r- C:\MSOCache
    2011-07-02 20:10 . 2011-07-04 22:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-02 19:48 . 2011-07-02 19:48 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2011-07-02 19:47 . 2011-07-02 19:47 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
    2011-07-02 16:50 . 2011-07-02 16:50 -------- d--h--w- c:\programdata\Common Files
    2011-07-02 15:50 . 2011-07-02 15:50 -------- d-----w- c:\windows\SysWow64\Wat
    2011-07-02 15:50 . 2011-07-02 15:50 -------- d-----w- c:\windows\system32\Wat
    2011-07-02 15:29 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2011-07-02 15:29 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{369B4200-24FD-42F6-AC6A-706AE86BABC3}\mpengine.dll
    2011-07-02 15:29 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-07-02 15:26 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-07-02 15:26 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-07-02 15:26 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-07-02 15:26 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-07-02 15:24 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-07-02 15:23 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
    2011-07-02 15:20 . 2011-07-02 15:20 -------- d-----w- c:\programdata\ASUS OC Profiles
    2011-07-02 15:19 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2011-07-02 15:19 . 2011-07-02 15:19 -------- d-----w- c:\windows\SysWow64\Macromed
    2011-07-02 15:18 . 2008-12-02 19:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
    2011-07-02 15:17 . 2011-07-02 15:17 -------- d-----w- c:\programdata\ASUS
    2011-07-02 15:17 . 2011-07-02 15:18 -------- d-----w- c:\program files (x86)\ASUS
    2011-07-02 15:17 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
    2011-07-02 15:17 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
    2011-07-02 15:17 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
    2011-07-02 15:16 . 2011-07-02 15:16 -------- d-----w- c:\program files (x86)\ASM104xUSB3
    2011-07-02 15:16 . 2010-11-05 22:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2011-07-02 15:12 . 2011-07-07 19:03 -------- d-----w- c:\program files (x86)\Intel
    2011-07-02 15:12 . 2011-07-02 15:12 -------- d-----w- C:\Intel
    2011-07-02 15:08 . 2011-07-02 15:08 -------- d-----w- c:\program files (x86)\devolo
    2011-07-02 15:05 . 2011-07-02 15:05 -------- d-----w- c:\programdata\ATI
    2011-07-02 15:05 . 2011-07-02 15:05 0 ----a-w- c:\windows\ativpsrm.bin
    2011-07-02 15:03 . 2011-07-02 15:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-07-02 15:02 . 2011-07-02 15:02 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2011-07-02 15:02 . 2010-01-28 14:33 116736 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
    2011-07-02 15:02 . 2011-04-20 01:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-07-02 15:02 . 2011-04-20 00:27 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-07-02 15:02 . 2011-07-02 15:03 -------- d-----w- c:\program files (x86)\ATI Technologies
    2011-07-02 15:02 . 2011-07-14 18:11 -------- d-sh--w- c:\windows\Installer
    2011-07-02 15:02 . 2011-07-02 15:02 -------- d-----w- c:\program files\ATI
    2011-07-02 15:00 . 2011-07-02 15:03 -------- d-----w- c:\program files\ATI Technologies
    2011-07-02 14:55 . 2011-07-04 21:42 -------- d-----w- c:\users\Mike
    2011-07-02 14:55 . 2011-07-02 14:55 -------- d-----w- C:\Recovery
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-02 22:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-07-02 22:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-03 05:57 . 2011-07-13 16:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-04-20 01:44 . 2011-04-20 01:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-04-20 01:30 . 2011-04-20 01:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
    2011-04-20 01:09 . 2011-04-20 01:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:09 . 2011-04-20 01:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-04-20 01:07 . 2011-04-20 01:07 795648 ----a-w- c:\windows\system32\aticfx64.dll
    2011-04-20 01:07 . 2011-04-20 01:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-04-20 01:04 . 2010-02-03 04:17 480256 ----a-w- c:\windows\system32\atieclxx.exe
    2011-04-20 01:04 . 2010-02-03 04:17 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-04-20 01:03 . 2011-04-20 01:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-04-20 01:02 . 2010-02-03 04:15 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-04-20 01:02 . 2011-04-20 01:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-04-20 01:02 . 2011-04-20 01:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-04-20 01:02 . 2011-04-20 01:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-04-20 01:02 . 2011-04-20 01:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-04-20 01:02 . 2011-04-20 01:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-04-20 00:59 . 2011-04-20 00:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-04-20 00:49 . 2011-04-20 00:49 4951552 ----a-w- c:\windows\system32\atidxx64.dll
    2011-04-20 00:46 . 2011-04-20 00:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-04-20 00:46 . 2011-04-20 00:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-04-20 00:46 . 2011-04-20 00:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-04-20 00:46 . 2011-04-20 00:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-04-20 00:45 . 2011-04-20 00:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-04-20 00:42 . 2011-04-20 00:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-04-20 00:40 . 2011-04-20 00:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-04-20 00:40 . 2011-04-20 00:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-04-20 00:40 . 2010-02-03 03:43 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-04-20 00:38 . 2011-04-20 00:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-04-20 00:31 . 2010-02-03 03:49 5440000 ----a-w- c:\windows\system32\atiumd64.dll
    2011-04-20 00:30 . 2011-04-20 00:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-04-20 00:23 . 2010-02-03 03:24 366080 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 00:23 . 2011-04-20 00:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-04-20 00:22 . 2011-04-20 00:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-04-20 00:22 . 2011-04-20 00:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-04-20 00:22 . 2011-04-20 00:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-04-20 00:22 . 2011-04-20 00:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-04-20 00:22 . 2011-04-20 00:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-04-20 00:22 . 2011-04-20 00:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-04-20 00:21 . 2010-02-03 03:23 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-04-20 00:21 . 2011-04-20 00:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-04-20 00:21 . 2010-02-03 03:23 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-04-20 00:21 . 2011-04-20 00:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-04-20 00:20 . 2011-04-20 00:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-20 00:13 . 2011-04-20 00:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-04-20 00:13 . 2011-04-20 00:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-04-20 00:13 . 2011-04-20 00:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-04-20 00:13 . 2011-04-20 00:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    .
    c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018098111-758220622-1035322099-1000Core.job
    - c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 15:29]
    .
    2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018098111-758220622-1035322099-1000UA.job
    - c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 15:29]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\s9v6wz6o.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-14 19:23:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-14 18:23
    .
    Pre-Run: 75,855,355,904 bytes free
    Post-Run: 77,554,216,960 bytes free
    .
    - - End Of File - - EC79A7909F777BD43701F1CDEC9B2BC3


    Thanks again, really appreciate it.

    p.s. you can tell the number of tabs I had opened, huh? :) You're right of course, far too many. I was just panic-opening tabs trying to find out something that would help me with the computer before the next BSOD.
  5. RevCo

    RevCo Newcomer, in training Topic Starter

    Hi Bobbye, just an update - I obviously don't want to jump the gun or anything - but after following all your instructions, I didn't get any more BSOD last night, and I even tried verifier again - selecting all drivers on the computer - and with a restart...no blue screen! That was a 100% sure fire blue screen previously...

    But as I said, I won't go shouting it's fixed just yet, I know that combofix log might contain something to upset me!
  6. RevCo

    RevCo Newcomer, in training Topic Starter

    Damn. I spoke too soon. Just got in, booted the computer and 5 minutes later - BSOD :-( Same error codes as before (or so it looks to me). *sigh*
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    No- you told us!

    Is it possible that AVG updated and the problem causing the BDOD was fixed?

    Combofix looks pretty good. Some extra processes running and one questionable Registry entry.

    Let's do the Eset Online Virus scan and see if there is anything in that. Keep me up to speed on the blue screens. If you don't get them, I'll have you remove the cleaning tools. For now:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  8. RevCo

    RevCo Newcomer, in training Topic Starter

    Ah yeah, I did mention the tabs - I'm clearly getting forgetful in my old age :-|

    OK then - ESET has run and picked up 4 things - here's the log:

    R:\Backups\Application Data.zip multiple threats
    R:\Games\platypus\platypus_full.exe probably a variant of Win32/Spy.Banker.MNGGXZ trojan
    R:\Utilities\Flash Tools\ASV\asvpc501.zip probably a variant of Win32/Inject.HCKNXLY trojan
    R:\Utilities\Flash Tools\ASV\asvpc501\p60790c.dat probably a variant of Win32/Inject.HCKNXLY trojan


    Seems odd about the last 3 - they are paid for things (a game and a flash tool) that I've used on the old computer for years. But happy to delete them if it gets this running!
    The 1st was just a backup of the old app data and I can get rid of that now too...

    Let me know if you want to see the minidump from the bluescreen today (i.e. after AVG was wiped out - I'm now just going to use avast)

    Cheers
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I don't handle the minidumps. Instead, you can check this: We are looking form an error that occurs at the same time you get the BSOD. We can do this in 2 ways:

    1. If you happened to notice the computer clock when you got the BSOD, you can do the following to look for error at that specific time:

    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error>
    [3] .Double click on the Error to open.
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.
    Errors are time coded. If necessary, you can adapt this basic instruction to Windows 7:
    Windows 7: http://www.windows7update.com/Windows7-Event-Viewer.html
    or
    2. If you don't know the time:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)

    I'm not looking for any crash dumps here, so skip any of those. And this needs to be done for a time you were in Normal Mode- when using Safe Mode, a lot of drivers don't load and I already know that, so don't want to use up the 20 events telling me that.
    =============================================
    For the Eset entries:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      R:\Backups\Application Data.zip 
      R:\Games\platypus\platypus_full.exe 
      R:\Utilities\Flash Tools\ASV\asvpc501.zip 
      R:\Utilities\Flash Tools\ASV\asvpc501\p60790c.dat 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =======================================
    Description of ASV Flash Tool:
    ASV is short for Action Script Viewer, a utility program created by Burak Kalayci and his Manitu Group. ASV was originally a hacker tool. It appears to have evolved to a valuable tool for a Flash developer. ASV is a SWF Decompiler. It will open any SWF file and show all of its contents including scripts, timeline, symbols, sounds and more.

    It not always the program or app that has the malware> it can be the site used for the download.
    ======================================
    About the Eset malware
    Win32/Spy.Banker.(MNGGXZ) trojan>> Win32/Spy.Banker.SCW is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine.
    Win32/Inject.( HCKNXLY) trojan>> Trojan:W32/Inject is a large family of malware that secretly makes changes to the Windows Registry. Variants in the family may also make changes to other running processes.. Inject variants may be delivered as part of the payload of other malware.

    I found nothing about the random letter in upper case in ( )

    Go ahead and run the above. I'm going to check the Combofix log. Please note: there is a possibility of a Sality infection. If that turns out to be the case, I will then recommend a refomat/reinstall.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is something you need to check. There are 3 error events from yesterday. I am thinking this could easily be the source of the BSOD:

    Peer-to-peer technologies are used to facilitate real-time communication and collaboration across distributed networks.
    http://msdn.microsoft.com/en-us/library/aa371704(v=VS.85).aspx

    It has to be set up correctly in the Workgroup.

    Please review this: Common Return Codes by Peer Networking:
    http://msdn.microsoft.com/en-us/library/dd433181(VS.85).aspx

    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.>>>
    Error 0x80630801 - The Identity Store has been corrupted. Delete idstore.sst[/b] . Note: You will have to go into Folder Options> View tab> Check 'show hidden file and folders'> Uncheck 'hide protected system files (Recommended)'> Click on Yes to confirm> Apply> OK
    Location is: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
  11. RevCo

    RevCo Newcomer, in training Topic Starter

    OK - never heard of Sality infection but kind of think I don't want to...but yeah, I am thinking reformat is looking likely, unfortunately.

    I've just seen your latest reply (thank you again) and even with 'hide protected system files (Recommended)' unchecked I only found idstore.sst here:
    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking
    [did full search of computer, this is the only one found]
    So, should I still delete this one?

    Other than that, after your previous reply, I had a BSOD. The event viewer error log had this only:

    Log Name: Application
    Source: Microsoft-Windows-LoadPerf
    Date: 16/07/2011 00:56:28
    Event ID: 3011
    Task Category: None
    Level: Error
    Keywords:
    User: SYSTEM
    Computer: Super-PC
    Description:
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-LoadPerf" Guid="{122EE297-BB47-41AE-B265-1CA8D1886D40}" />
    <EventID>3011</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2011-07-15T23:56:28.925652600Z" />
    <EventRecordID>3760</EventRecordID>
    <Correlation />
    <Execution ProcessID="2016" ThreadID="1456" />
    <Channel>Application</Channel>
    <Computer>Super-PC</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <UserData>
    <EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="LoadPerf">
    <param1>WmiApRpl</param1>
    <param2>WmiApRpl</param2>
    <binaryDataSize>8</binaryDataSize>
    <binaryData>F20300004D070000</binaryData>
    </EventXML>
    </UserData>
    </Event>
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.



    From VEW I go this:

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 16/07/2011 01:11:18

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 16/07/2011 00:10:45
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 16/07/2011 00:10:45
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 15/07/2011 23:56:28
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 15/07/2011 23:56:28
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 15/07/2011 20:18:04
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 15/07/2011 20:18:04
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 15/07/2011 19:12:44
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 15/07/2011 19:12:44
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 15/07/2011 18:46:43
    Type: Error Category: 0
    Event: 59 Source: SideBySide
    Activation context generation failed for "c:\program files (x86)\Intel\intel control center\IntelControlCenter.exe".Error in manifest or policy file "c:\program files (x86)\Intel\intel control center\IntelControlCenter.exe.Config" on line 0. Invalid Xml syntax.

    Log: 'Application' Date/Time: 15/07/2011 18:46:29
    Type: Error Category: 0
    Event: 80 Source: SideBySide
    Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Log: 'Application' Date/Time: 15/07/2011 18:46:27
    Type: Error Category: 0
    Event: 63 Source: SideBySide
    Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Log: 'Application' Date/Time: 15/07/2011 18:32:17
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 15/07/2011 18:32:17
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 15/07/2011 16:32:38
    Type: Error Category: 0
    Event: 80 Source: SideBySide
    Activation context generation failed for "C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Log: 'Application' Date/Time: 15/07/2011 16:32:36
    Type: Error Category: 0
    Event: 80 Source: SideBySide
    Activation context generation failed for "C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Log: 'Application' Date/Time: 15/07/2011 16:31:55
    Type: Error Category: 0
    Event: 80 Source: SideBySide
    Activation context generation failed for "C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Log: 'Application' Date/Time: 15/07/2011 16:17:52
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 15/07/2011 16:17:52
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Log: 'Application' Date/Time: 14/07/2011 19:43:28
    Type: Error Category: 0
    Event: 3011 Source: Microsoft-Windows-LoadPerf
    Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Log: 'Application' Date/Time: 14/07/2011 19:43:28
    Type: Error Category: 0
    Event: 3012 Source: Microsoft-Windows-LoadPerf
    The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 16/07/2011 00:06:26
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 16/07/2011 00:04:01
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 15/07/2011 16:13:26
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 14/07/2011 18:06:41
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 14/07/2011 06:17:16
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 14/07/2011 06:09:56
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 13/07/2011 16:23:24
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 13/07/2011 15:54:15
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 12/07/2011 21:59:43
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 12/07/2011 18:03:51
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 12/07/2011 07:04:25
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 12/07/2011 06:40:13
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 11/07/2011 19:15:04
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 11/07/2011 17:04:56
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 11/07/2011 16:59:35
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 10/07/2011 18:13:48
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 10/07/2011 08:28:50
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 10/07/2011 08:18:47
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 10/07/2011 07:15:39
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 09/07/2011 19:59:27
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 16/07/2011 00:06:54
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:06:54
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:06:54
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:06:54
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:06:54
    Type: Error Category: 0
    Event: 102 Source: Microsoft-Windows-PNRPSvc
    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    Log: 'System' Date/Time: 16/07/2011 00:06:54
    Type: Error Category: 0
    Event: 102 Source: Microsoft-Windows-PNRPSvc
    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    Log: 'System' Date/Time: 16/07/2011 00:06:43
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:06:43
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:06:43
    Type: Error Category: 0
    Event: 102 Source: Microsoft-Windows-PNRPSvc
    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    Log: 'System' Date/Time: 16/07/2011 00:06:30
    Type: Error Category: 0
    Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
    The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009a42950, 0xfffffa8009a42c30, 0xfffff80002dd7f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071611-8502-01.

    Log: 'System' Date/Time: 16/07/2011 00:06:29
    Type: Error Category: 0
    Event: 6008 Source: EventLog
    The previous system shutdown at 01:05:04 on ?16/?07/?2011 was unexpected.

    Log: 'System' Date/Time: 16/07/2011 00:04:29
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:04:29
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:04:29
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:04:29
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:04:29
    Type: Error Category: 0
    Event: 102 Source: Microsoft-Windows-PNRPSvc
    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    Log: 'System' Date/Time: 16/07/2011 00:04:29
    Type: Error Category: 0
    Event: 102 Source: Microsoft-Windows-PNRPSvc
    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    Log: 'System' Date/Time: 16/07/2011 00:04:18
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:04:18
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    Log: 'System' Date/Time: 16/07/2011 00:04:18
    Type: Error Category: 0
    Event: 102 Source: Microsoft-Windows-PNRPSvc
    The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    --------------------------------


    From OTMovit I got this:


    All processes killed
    ========== FILES ==========
    R:\Backups\Application Data.zip moved successfully.
    R:\Games\platypus\platypus_full.exe moved successfully.
    R:\Utilities\Flash Tools\ASV\asvpc501.zip moved successfully.
    R:\Utilities\Flash Tools\ASV\asvpc501\p60790c.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 424151 bytes
    ->Temporary Internet Files folder emptied: 5151299 bytes
    ->FireFox cache emptied: 48800327 bytes
    ->Google Chrome cache emptied: 26049154 bytes
    ->Flash cache emptied: 5620 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 36072 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 07162011_011409

    Files moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please do this:

    If you do not plan on using Remote Assistance or HomeGroup for networking, the following group of services can safely be disabled:
    • Peer Name Resolution Protocol> Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function.
    • Peer Networking Grouping> Enables multi-party communication using Peer-to-Peer Grouping.
    • Peer Networking Identity Manager> Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services.
    • PNRP Machine Name Publication Service.> This service publishes a machine name using the Peer Name Resolution Protocol.
    ---------------
    If you do plan on using Remote Assistance or HomeGroup for networking- or if you are not sure, the group of services can be safely set to Manual
    --------------
    Perfprmance Logs & Alerts
    Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert
    It can be Disabled. If that is seen to cause problems> Set the Startup type to Manual
    ----------
    Note: Source for Services courtesy of Black Viper Win 7 Services
    In my opinion, Black Viper is greatly more knowledgeable about Windows in the field than Microsoft.
    The attributes for bold and underlined text are mine as is the color red.
    =================================================
    To access the Services and make changes:
    Click on Start> Run> type in services.msc> enter> Double click the Service you want to open> Change the Service Startup Type in the dialog box.

    When finished click on Apply> OK> Close Services.
    Reboot the computer in to Normal Mode
  13. RevCo

    RevCo Newcomer, in training Topic Starter

    Hi Bobbye,
    Last night I stumbled on the OCZ forums and it appears there are many, many people who also have the same drive (Vertex3) on this chipset which have pretty much identical problems - BSOD, stutters/pauses and the drive disappearing.
    I've been wrong many times about all this, but I think it looks too suspicious - I'm thinking it must be the same fault as I am having.

    So I think rather than waste any more of your time, I'll see what OCZ have to say and with any luck get it resolved. It might be something else I guess, but I don't want to keep coming back to you if it's something down to the drive firmware being bad.

    Not sure how to mark this as resolved (without tempting fate) but if you want to do that so you don't keep coming back to it... I will come back here and let you know (if you want to know that is!) - just in case anyone else comes along showing the same sort of symptoms.

    Once again, I really do appreciate all your help you have given me with this.

    Cheers.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    My compliments to you for using such good judgement! I did note many were having the same problem. Hopefully you can't find the resolution. You may want to make note of the information about the Services and the Black Viper site. That is most likely an unrelated problem but it should be checked..

    Thank you for updating me. I will close this thread. If you needs us later, you know where we are.
    You may want to go ahead and remove the cleaning programs.

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.