Resolved BSOD and avgtdia.sys - possible malware

RevCo · Jul 14, 2011

Hi,

I've been on the Windows BSOD forum (https://www.techspot.com/vb/topic167668.html), where Archean has been helping me out. He has looked through the minidumps and says the crashes were caused by
avgtdia.sys
and might be spyware/malware - he suggested I post my logs here...

So I've gone through the 7-step and below is the log files (gmer.log not included as the log file was blank - no output) - malwarebytes finds nothing either but I included that.

I'm on Windows 7 Ultimate x64, new build machine. Any help very much appreciated!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7082

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14/07/2011 07:33:02
mbam-log-2011-07-14 (07-33-02).txt

Scan type: Quick scan
Objects scanned: 165469
Time elapsed: 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Mike at 7:43:07 on 2011-07-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8173.6185 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{33BFD830-BF7C-41BD-85EC-4EE93840C28A} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\s9v6wz6o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: C:\Program Files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: C:\Program Files\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: C:\Program Files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: C:\Program Files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: C:\Program Files\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-3 203776]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-2 586880]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-2 13336]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-4-20 9319936]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-4-20 306176]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-8 122856]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-8 369640]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-7-4 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-2 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-2 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\editplus.exe=D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
ShellExec: EDITPLUS.EXE: edit=D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
ShellExec: EDITPLUS.EXE: open=D:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
.
=============== Created Last 30 ================
.
2011-07-13 22:31:30 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-12 07:02:27 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-11 18:20:52 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2011-07-11 18:20:50 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-11 18:20:48 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-09 20:21:01 -------- d-----w- C:\symbols
2011-07-09 20:13:36 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2011-07-08 18:50:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-07-07 19:06:11 1137856 ----a-w- C:\Windows\PE_File.dll
2011-07-07 18:45:20 1072320 ----a-w- C:\Windows\PE_Rom.dll
2011-07-04 21:49:35 -------- d-----w- C:\Users\Mike\AppData\Roaming\Subversion
2011-07-04 21:42:18 -------- d-----w- C:\Users\Mike\Adobe Flash Builder 4
2011-07-04 20:47:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-04 20:47:18 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-04 20:47:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-04 20:47:18 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-04 20:47:18 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-04 18:44:56 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2011-07-04 18:44:41 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2011-07-04 18:27:09 253440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp101.dll
2011-07-04 18:26:22 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-07-04 18:26:22 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-07-04 18:26:18 138752 ----a-w- C:\Windows\System32\hpf3l101.dll
2011-07-04 18:26:16 -------- d-----w- C:\Program Files (x86)\HP
2011-07-04 18:26:05 -------- d-----w- C:\Program Files\HP
2011-07-04 18:25:45 643200 ----a-w- C:\Windows\System32\hpzids40.dll
2011-07-04 18:25:45 525440 ----a-w- C:\Windows\System32\hposc_p04a.dll
2011-07-04 18:25:45 1412224 ----a-w- C:\Windows\System32\hpost_p04d.dll
2011-07-04 18:25:45 1180288 ----a-w- C:\Windows\System32\hposwia_p04d.dll
2011-07-04 18:24:23 -------- d-----w- C:\Users\Mike\AppData\Local\ElevatedDiagnostics
2011-07-04 16:25:11 -------- d-----w- C:\ProgramData\PMS
2011-07-03 22:49:10 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-07-03 22:48:41 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-03 22:20:26 -------- d-----w- C:\Windows\SysWow64\spool
2011-07-03 22:19:48 -------- d-----w- C:\Users\Mike\AppData\Local\Adobe
2011-07-03 22:19:46 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-07-03 19:43:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\Dropbox
2011-07-03 18:54:12 -------- d-----w- C:\Users\Mike\AppData\Local\Collectorz.com
2011-07-03 18:45:09 -------- d-----w- C:\Users\Mike\AppData\Roaming\Scooter Software
2011-07-03 18:45:07 -------- d-----w- C:\Program Files (x86)\Beyond Compare 3
2011-07-03 06:41:58 -------- d-----w- C:\Windows\Panther
2011-07-02 22:35:59 -------- d-----w- C:\Users\Mike\AppData\Roaming\TrueCrypt
2011-07-02 22:32:05 -------- d-----w- C:\Windows\System32\SPReview
2011-07-02 22:32:02 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-02 21:21:59 98304 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-07-02 21:04:01 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG10
2011-07-02 21:03:01 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-07-02 21:02:56 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-07-02 21:02:56 -------- d-----w- C:\ProgramData\AVG10
2011-07-02 21:02:53 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-02 20:23:25 -------- d-----w- C:\Users\Mike\AppData\Roaming\Static Outlook Backup
2011-07-02 20:16:06 -------- d-----w- C:\Windows\PCHEALTH
2011-07-02 20:14:07 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft Help
2011-07-02 20:10:57 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-02 19:48:35 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-07-02 16:50:45 -------- d--h--w- C:\ProgramData\Common Files
2011-07-02 16:48:23 -------- d-----w- C:\ProgramData\MFAData
2011-07-02 15:50:57 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-02 15:50:57 -------- d-----w- C:\Windows\System32\Wat
2011-07-02 15:29:58 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-07-02 15:29:53 -------- d-----w- C:\Users\Mike\AppData\Local\Google
2011-07-02 15:29:42 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{369B4200-24FD-42F6-AC6A-706AE86BABC3}\mpengine.dll
2011-07-02 15:29:42 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-02 15:29:42 -------- d-----w- C:\Users\Mike\AppData\Local\Deployment
2011-07-02 15:29:42 -------- d-----w- C:\Users\Mike\AppData\Local\Apps
2011-07-02 15:26:04 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-07-02 15:26:04 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-07-02 15:26:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-02 15:26:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-02 15:24:39 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-02 15:23:50 642944 ----a-w- C:\Windows\System32\winload.efi
2011-07-02 15:20:14 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2011-07-02 15:20:10 -------- d-----w- C:\Users\Mike\AppData\Roaming\Intel Corporation
2011-07-02 15:19:20 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-07-02 15:18:42 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2011-07-02 15:18:37 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-02 15:18:37 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-02 15:18:37 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-02 15:18:37 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-02 15:17:51 -------- d-----w- C:\ProgramData\ASUS
2011-07-02 15:17:44 28672 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-07-02 15:17:44 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-07-02 15:17:44 -------- d-----w- C:\Program Files (x86)\ASUS
2011-07-02 15:17:40 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-02 15:16:40 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2011-07-02 15:16:02 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-07-02 15:12:19 -------- d-----w- C:\Intel
2011-07-02 15:08:12 -------- d-----w- C:\Program Files (x86)\devolo
2011-07-02 15:05:40 -------- d-----w- C:\Users\Mike\AppData\Local\ATI
2011-07-02 15:05:21 0 ----a-w- C:\Windows\ativpsrm.bin
2011-07-02 15:03:22 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-07-02 15:02:55 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-07-02 15:02:54 116736 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys
2011-07-02 15:02:52 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-02 15:02:52 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-02 15:02:35 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-07-02 15:02:29 -------- d-sh--w- C:\Windows\Installer
2011-07-02 15:02:28 -------- d-----w- C:\Program Files\ATI
2011-07-02 15:00:57 -------- d-----w- C:\Program Files\ATI Technologies
.
==================== Find3M ====================
.
2011-07-02 22:33:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-02 22:33:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-20 01:44:50 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-04-20 01:30:18 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-04-20 01:09:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-04-20 01:09:06 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-04-20 01:07:48 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-04-20 01:07:04 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-04-20 01:04:56 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-04-20 01:04:20 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-04-20 01:03:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-04-20 01:02:50 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-04-20 01:02:44 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-04-20 01:02:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-04-20 01:02:26 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-04-20 01:02:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-04-20 01:02:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-04-20 00:59:22 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-04-20 00:49:32 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-04-20 00:46:18 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-04-20 00:46:16 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-04-20 00:46:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-04-20 00:46:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-04-20 00:45:54 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-04-20 00:42:06 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-04-20 00:40:50 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-20 00:40:16 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-20 00:40:04 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-04-20 00:38:06 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-04-20 00:31:14 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-04-20 00:30:38 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-04-20 00:23:14 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-04-20 00:23:08 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-04-20 00:22:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-04-20 00:22:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-04-20 00:22:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-04-20 00:22:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-04-20 00:22:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-04-20 00:22:34 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-04-20 00:21:46 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-04-20 00:21:40 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-04-20 00:21:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-04-20 00:21:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 00:20:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-04-20 00:13:38 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-04-20 00:13:38 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-04-20 00:13:30 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
.
============= FINISH: 7:43:12.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 02/07/2011 15:55:09
System Uptime: 14/07/2011 07:17:11 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 LE
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 70.263 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 93.355 GiB free.
E: is CDROM ()
M: is FIXED (NTFS) - 279 GiB total, 78.168 GiB free.
R: is FIXED (NTFS) - 136 GiB total, 105.026 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C310 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart Prem C310 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe Creative Suite 4 Web Premium
Adobe Creative Suite 5 Design Premium
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Builder 4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI Suite II
AMD DnD V1.0.19
Asmedia ASM104x USB 3.0 Host Controller Driver
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
AVG 2011
Beyond Compare Version 3.2.4
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Connect
Debugging Tools for Windows (x64)
devolo dLAN Configuration Wizard
devolo Informer
Dropbox
EditPlus 3
Google Chrome
HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7
HydraVision
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel® Watchdog Timer Driver (Intel® WDT)
Java(TM) 6 Update 26 (64-bit)
Java(TM) SE Development Kit 6 Update 26 (64-bit)
kuler
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MozBackup 1.5.1
Mozilla Firefox 5.0 (x86 en-GB)
Mozilla Thunderbird (5.0)
MSXML 4.0 SP2 (KB954430)
Music Collector
Network64
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PS_AIO_07_C310_SW_Min
PS3 Media Server
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
Scan
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Static Outlook Backup 2.9
Suite Shared Configuration CS4
Toolbox
TrueCrypt
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Visual Studio 2008 x64 Redistributables
WinZip 11.2
.
==== Event Viewer Messages From Past Week ========
.
14/07/2011 07:42:38, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
14/07/2011 07:42:38, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
14/07/2011 07:42:38, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
14/07/2011 07:17:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b7d600, 0xfffffa8009b7d8e0, 0xfffff80002d91f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071411-11185-01.
14/07/2011 07:10:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009bfe060, 0xfffffa8009bfe340, 0xfffff80002de0f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071411-11840-01.
13/07/2011 22:38:10, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
13/07/2011 17:23:40, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2011 17:23:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
13/07/2011 17:23:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
13/07/2011 17:23:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/07/2011 17:23:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
13/07/2011 17:23:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt Wanarpv6 WfpLwf
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/07/2011 17:23:26, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/07/2011 17:23:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c4 (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071311-13228-01.
13/07/2011 16:54:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80098dab30, 0xfffffa80098dae10, 0xfffff80002d84f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071311-10530-01.
12/07/2011 22:59:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008eb7a70, 0xfffffa8008eb7d50, 0xfffff80002dccf40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-10358-01.
12/07/2011 19:03:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008eb5b30, 0xfffffa8008eb5e10, 0xfffff80002d88f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-10374-01.
12/07/2011 08:04:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008e9ab30, 0xfffffa8008e9ae10, 0xfffff80002ddef40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-12464-01.
12/07/2011 07:40:19, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009a82060, 0xfffffa8009a82340, 0xfffff80002de0f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071211-12074-01.
11/07/2011 20:35:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64
11/07/2011 20:15:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/07/2011 20:15:21, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/07/2011 20:15:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO Avgldx64 Avgmfx64 discache spldr truecrypt Wanarpv6
11/07/2011 20:15:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffff9800a69ab30, 0xfffff9800a69ae10, 0xfffff80002da0f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071111-12994-01.
11/07/2011 18:05:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009757060, 0xfffffa8009757340, 0xfffff80002dd2f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071111-8580-01.
11/07/2011 17:59:40, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b61b30, 0xfffffa8009b61e10, 0xfffff80002dccf40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071111-9469-01.
10/07/2011 09:18:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009801b30, 0xfffffa8009801e10, 0xfffff80002ddaf40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071011-9687-01.
10/07/2011 08:15:45, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b38b30, 0xfffffa8009b38e10, 0xfffff80002d95f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071011-9594-01.
09/07/2011 20:59:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b40060, 0xfffffa8009b40340, 0xfffff80002ddef40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070911-9906-01.
09/07/2011 13:30:17, Error: Ntfs [137] - The default transaction resource manager on volume X: encountered a non-retryable error and could not start. The data contains the error code.
09/07/2011 11:35:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009b48060, 0xfffffa8009b48340, 0xfffff80002d96f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070911-12745-01.
08/07/2011 19:18:42, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

Bobbye · Jul 14, 2011

Welcome to this Forum! Give me minute to review your other thread to see if there is information to help me help you. It would appear that this is related to your AVG 2011 AV program.
==================================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
Follow the order of the tasks I give you. Order is crucial in cleaning process.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Edit: I've found you problem, being experienced by many AVG users. It appears to be due to a bad update (again!?) or install of an update. I'm writing up what is suggested for a fix.

Bobbye · Jul 14, 2011

avgtdi.sys is the process for AVG Network connection watcher, part of the AVG Network Redirector

This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: avgtdia.sys (AVG Network connection watcher, AVG Technologies CZ, s.r.o.). (Hold on this for now)

Although many had this problem, all I saw consistently was 'update'. But this is not a new problem so I don't know if an update was done. I'd like for you to do this: I'm going to have you run Combofix. It won't run with AVG installed and AVG left no way for us to completely disable it. So follow the uninstall directions below and put one of the temporary AV program on the system. You can then run the scans and access if this change stops the BSOD:
==========================================
Download AppRemover and save to the desktop

Double click the setup on the desktop> click Next
Select “Remove Security Application”
Let scan finish to determine security apps
A screen like below will appear:
Click on Next after choice has been made
Check the AVG program you want to uninstall
After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
====================================================
By the way, you may want to keep the open taps in Firefox down to 15. FF continues to leak memory and exceeding that will just stress the system. I use to open ,y homepage with 7 tabs. Now I only use one and click on the 'open new tab' to the right of the clock in the toolbar at the top when IO need another..

RevCo · Jul 14, 2011

Hi Bobbye - many thanks for taking the time to look at this.

I guess I'm hopelessly naive not even considering AVG could be responsible for a week of blue screen hell!

So - I used AppRemover - sadly the computer died at 75% removal, I tried it again and it said no AVG, so I tried ComboFix and it ran OK. With luck all of AVG is permanently gone as I don't think I want to use it again after this...

So - here is the report:

ComboFix 11-07-14.05 - Mike 14/07/2011 19:20:10.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8173.6630 [GMT 1:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 18:21 . 2011-07-14 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-14 18:19 . 2011-07-14 18:19 -------- d-----w- C:\32788R22FWJFW
2011-07-13 22:31 . 2011-07-13 22:31 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-12 07:02 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-11 18:20 . 2011-07-11 18:20 -------- d-----w- c:\programdata\Malwarebytes
2011-07-11 18:20 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-09 20:21 . 2011-07-09 20:21 -------- d-----w- C:\symbols
2011-07-09 20:13 . 2011-07-14 06:28 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-07-08 18:50 . 2011-07-08 18:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-07-07 19:06 . 2011-07-07 19:06 1137856 ----a-w- c:\windows\PE_File.dll
2011-07-07 18:45 . 2011-07-11 18:58 1072320 ----a-w- c:\windows\PE_Rom.dll
2011-07-04 20:47 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-07-04 20:47 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-07-04 20:47 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-07-04 20:47 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-04 20:47 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-07-04 19:24 . 2011-07-04 19:24 -------- d-----w- c:\program files (x86)\Google
2011-07-04 18:44 . 2011-05-04 11:25 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-07-04 18:44 . 2010-10-19 15:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2011-07-04 18:27 . 2010-03-10 14:35 253440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-07-04 18:26 . 2010-03-10 14:35 138752 ----a-w- c:\windows\system32\hpf3l101.dll
2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\HP
2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files\HP
2011-07-04 18:25 . 2011-07-04 18:25 -------- d-----w- c:\programdata\HP
2011-07-04 18:25 . 2009-12-11 09:48 525440 ----a-w- c:\windows\system32\hposc_p04a.dll
2011-07-04 18:25 . 2009-12-11 09:48 1412224 ----a-w- c:\windows\system32\hpost_p04d.dll
2011-07-04 18:25 . 2009-12-11 09:48 1180288 ----a-w- c:\windows\system32\hposwia_p04d.dll
2011-07-04 18:25 . 2009-10-22 14:55 643200 ----a-w- c:\windows\system32\hpzids40.dll
2011-07-04 16:25 . 2011-07-04 16:32 -------- d-----w- c:\programdata\PMS
2011-07-03 22:49 . 2011-07-04 21:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-03 22:48 . 2011-07-03 22:48 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-03 22:31 . 2011-07-03 22:31 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-07-03 22:31 . 2011-07-03 22:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-07-03 22:21 . 2011-07-03 22:21 -------- d-----w- c:\programdata\FLEXnet
2011-07-03 22:20 . 2011-07-03 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-03 22:20 . 2011-07-03 22:20 -------- d-----w- c:\windows\SysWow64\spool
2011-07-03 22:19 . 2011-07-03 22:19 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-07-03 22:15 . 2011-07-03 22:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-03 18:45 . 2011-07-03 18:46 -------- d-----w- c:\program files (x86)\Beyond Compare 3
2011-07-03 18:44 . 2011-07-03 18:44 -------- d-----w- c:\programdata\WinZip
2011-07-03 06:41 . 2011-07-02 14:55 -------- d-----w- c:\windows\Panther
2011-07-02 23:27 . 2011-07-02 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-02 22:32 . 2011-07-02 22:32 -------- d-----w- c:\windows\system32\SPReview
2011-07-02 22:32 . 2011-07-02 22:32 -------- d-----w- c:\windows\system32\EventProviders
2011-07-02 21:21 . 2010-11-20 13:33 75136 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-07-02 21:02 . 2011-07-14 18:19 -------- d-----w- c:\programdata\AVG10
2011-07-02 20:16 . 2011-07-03 07:58 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-07-02 20:16 . 2011-07-03 08:16 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-07-02 20:16 . 2011-07-02 20:16 -------- d-----w- c:\windows\PCHEALTH
2011-07-02 20:14 . 2011-07-13 21:38 -------- d-----w- c:\programdata\Microsoft Help
2011-07-02 20:13 . 2011-07-02 20:13 -------- d-----r- C:\MSOCache
2011-07-02 20:10 . 2011-07-04 22:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-02 19:48 . 2011-07-02 19:48 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-07-02 19:47 . 2011-07-02 19:47 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-07-02 16:50 . 2011-07-02 16:50 -------- d--h--w- c:\programdata\Common Files
2011-07-02 15:50 . 2011-07-02 15:50 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-02 15:50 . 2011-07-02 15:50 -------- d-----w- c:\windows\system32\Wat
2011-07-02 15:29 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-02 15:29 . 2011-06-20 07:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{369B4200-24FD-42F6-AC6A-706AE86BABC3}\mpengine.dll
2011-07-02 15:29 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-07-02 15:26 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-02 15:26 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-07-02 15:26 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-07-02 15:26 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-07-02 15:24 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-02 15:23 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-07-02 15:20 . 2011-07-02 15:20 -------- d-----w- c:\programdata\ASUS OC Profiles
2011-07-02 15:19 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-07-02 15:19 . 2011-07-02 15:19 -------- d-----w- c:\windows\SysWow64\Macromed
2011-07-02 15:18 . 2008-12-02 19:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2011-07-02 15:17 . 2011-07-02 15:17 -------- d-----w- c:\programdata\ASUS
2011-07-02 15:17 . 2011-07-02 15:18 -------- d-----w- c:\program files (x86)\ASUS
2011-07-02 15:17 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-07-02 15:17 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-07-02 15:17 . 2008-01-04 05:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-02 15:16 . 2011-07-02 15:16 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2011-07-02 15:16 . 2010-11-05 22:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-07-02 15:12 . 2011-07-07 19:03 -------- d-----w- c:\program files (x86)\Intel
2011-07-02 15:12 . 2011-07-02 15:12 -------- d-----w- C:\Intel
2011-07-02 15:08 . 2011-07-02 15:08 -------- d-----w- c:\program files (x86)\devolo
2011-07-02 15:05 . 2011-07-02 15:05 -------- d-----w- c:\programdata\ATI
2011-07-02 15:05 . 2011-07-02 15:05 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-02 15:03 . 2011-07-02 15:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-07-02 15:02 . 2011-07-02 15:02 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-07-02 15:02 . 2010-01-28 14:33 116736 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2011-07-02 15:02 . 2011-04-20 01:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-02 15:02 . 2011-04-20 00:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-02 15:02 . 2011-07-02 15:03 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-07-02 15:02 . 2011-07-14 18:11 -------- d-sh--w- c:\windows\Installer
2011-07-02 15:02 . 2011-07-02 15:02 -------- d-----w- c:\program files\ATI
2011-07-02 15:00 . 2011-07-02 15:03 -------- d-----w- c:\program files\ATI Technologies
2011-07-02 14:55 . 2011-07-04 21:42 -------- d-----w- c:\users\Mike
2011-07-02 14:55 . 2011-07-02 14:55 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 22:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-02 22:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-03 05:57 . 2011-07-13 16:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-04-20 01:44 . 2011-04-20 01:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 01:30 . 2011-04-20 01:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 01:09 . 2011-04-20 01:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:09 . 2011-04-20 01:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 01:07 . 2011-04-20 01:07 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 01:07 . 2011-04-20 01:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 01:04 . 2010-02-03 04:17 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 01:04 . 2010-02-03 04:17 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 01:03 . 2011-04-20 01:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 01:02 . 2010-02-03 04:15 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 01:02 . 2011-04-20 01:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 01:02 . 2011-04-20 01:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 01:02 . 2011-04-20 01:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 01:02 . 2011-04-20 01:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 01:02 . 2011-04-20 01:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 00:59 . 2011-04-20 00:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 00:49 . 2011-04-20 00:49 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 00:46 . 2011-04-20 00:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 00:46 . 2011-04-20 00:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 00:46 . 2011-04-20 00:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 00:46 . 2011-04-20 00:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 00:45 . 2011-04-20 00:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 00:42 . 2011-04-20 00:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 00:40 . 2011-04-20 00:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 00:40 . 2011-04-20 00:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 00:40 . 2010-02-03 03:43 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 00:38 . 2011-04-20 00:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 00:31 . 2010-02-03 03:49 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 00:30 . 2011-04-20 00:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 00:23 . 2010-02-03 03:24 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 00:23 . 2011-04-20 00:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 00:22 . 2011-04-20 00:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 00:22 . 2011-04-20 00:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 00:22 . 2011-04-20 00:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 00:22 . 2011-04-20 00:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 00:22 . 2011-04-20 00:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 00:22 . 2011-04-20 00:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 00:21 . 2010-02-03 03:23 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 00:21 . 2011-04-20 00:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 00:21 . 2010-02-03 03:23 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 00:21 . 2011-04-20 00:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 00:20 . 2011-04-20 00:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 00:13 . 2011-04-20 00:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 00:13 . 2011-04-20 00:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 00:13 . 2011-04-20 00:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 00:13 . 2011-04-20 00:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018098111-758220622-1035322099-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 15:29]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018098111-758220622-1035322099-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 15:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\s9v6wz6o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-14 19:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 18:23
.
Pre-Run: 75,855,355,904 bytes free
Post-Run: 77,554,216,960 bytes free
.
- - End Of File - - EC79A7909F777BD43701F1CDEC9B2BC3

Thanks again, really appreciate it.

p.s. you can tell the number of tabs I had opened, huh?

You're right of course, far too many. I was just panic-opening tabs trying to find out something that would help me with the computer before the next BSOD.

RevCo · Jul 15, 2011

Hi Bobbye, just an update - I obviously don't want to jump the gun or anything - but after following all your instructions, I didn't get any more BSOD last night, and I even tried verifier again - selecting all drivers on the computer - and with a restart...no blue screen! That was a 100% sure fire blue screen previously...

But as I said, I won't go shouting it's fixed just yet, I know that combofix log might contain something to upset me!

RevCo · Jul 15, 2011

Damn. I spoke too soon. Just got in, booted the computer and 5 minutes later - BSOD :-( Same error codes as before (or so it looks to me). *sigh*

Bobbye · Jul 15, 2011

you can tell the number of tabs I had opened, huh

No- you told us!

I have about 50 tabs open in firefox and am reading away]
https://www.techspot.com/vb/topic167668.html

Is it possible that AVG updated and the problem causing the BDOD was fixed?

Combofix looks pretty good. Some extra processes running and one questionable Registry entry.

Let's do the Eset Online Virus scan and see if there is anything in that. Keep me up to speed on the blue screens. If you don't get them, I'll have you remove the cleaning tools. For now:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

RevCo · Jul 15, 2011

Ah yeah, I did mention the tabs - I'm clearly getting forgetful in my old age :-|

OK then - ESET has run and picked up 4 things - here's the log:

R:\Backups\Application Data.zip multiple threats
R:\Games\platypus\platypus_full.exe probably a variant of Win32/Spy.Banker.MNGGXZ trojan
R:\Utilities\Flash Tools\ASV\asvpc501.zip probably a variant of Win32/Inject.HCKNXLY trojan
R:\Utilities\Flash Tools\ASV\asvpc501\p60790c.dat probably a variant of Win32/Inject.HCKNXLY trojan

Seems odd about the last 3 - they are paid for things (a game and a flash tool) that I've used on the old computer for years. But happy to delete them if it gets this running!
The 1st was just a backup of the old app data and I can get rid of that now too...

Let me know if you want to see the minidump from the bluescreen today (i.e. after AVG was wiped out - I'm now just going to use avast)

Cheers

Bobbye · Jul 15, 2011

I don't handle the minidumps. Instead, you can check this: We are looking form an error that occurs at the same time you get the BSOD. We can do this in 2 ways:

1. If you happened to notice the computer clock when you got the BSOD, you can do the following to look for error at that specific time:

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Double click on the Error to open.
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES

You can ignore Warnings and Information Events.
If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
You don't need to include the lines of code in the box below the Description, if any.
Please do not copy the entire Event log.

Errors are time coded. If necessary, you can adapt this basic instruction to Windows 7:
Windows 7: http://www.windows7update.com/Windows7-Event-Viewer.html
or
2. If you don't know the time:

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

Select log to query, select
Application
System

Under Select type to list, select:
Critical (Vista only)
Error

Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Load the log
In Notepad, click Edit> Select all
Then press Edit > Copy
Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

I'm not looking for any crash dumps here, so skip any of those. And this needs to be done for a time you were in Normal Mode- when using Safe Mode, a lot of drivers don't load and I already know that, so don't want to use up the 20 events telling me that.
=============================================
For the Eset entries:

Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Files  
R:\Backups\Application Data.zip 
R:\Games\platypus\platypus_full.exe 
R:\Utilities\Flash Tools\ASV\asvpc501.zip 
R:\Utilities\Flash Tools\ASV\asvpc501\p60790c.dat 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================================
Description of ASV Flash Tool:
ASV is short for Action Script Viewer, a utility program created by Burak Kalayci and his Manitu Group. ASV was originally a hacker tool. It appears to have evolved to a valuable tool for a Flash developer. ASV is a SWF Decompiler. It will open any SWF file and show all of its contents including scripts, timeline, symbols, sounds and more.

It not always the program or app that has the malware> it can be the site used for the download.
======================================
About the Eset malware
Win32/Spy.Banker.(MNGGXZ) trojan>> Win32/Spy.Banker.SCW is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine.
Win32/Inject.( HCKNXLY) trojan>> Trojan:W32/Inject is a large family of malware that secretly makes changes to the Windows Registry. Variants in the family may also make changes to other running processes.. Inject variants may be delivered as part of the payload of other malware.

I found nothing about the random letter in upper case in ( )

Go ahead and run the above. I'm going to check the Combofix log. Please note: there is a possibility of a Sality infection. If that turns out to be the case, I will then recommend a refomat/reinstall.

Bobbye · Jul 15, 2011

This is something you need to check. There are 3 error events from yesterday. I am thinking this could easily be the source of the BSOD:

Peer-to-peer technologies are used to facilitate real-time communication and collaboration across distributed networks.
http://msdn.microsoft.com/en-us/library/aa371704(v=VS.85).aspx

It has to be set up correctly in the Workgroup.

Please review this: Common Return Codes by Peer Networking:
http://msdn.microsoft.com/en-us/library/dd433181(VS.85).aspx

The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.>>>
Error 0x80630801 - The Identity Store has been corrupted. Delete idstore.sst[/b] . Note: You will have to go into Folder Options> View tab> Check 'show hidden file and folders'> Uncheck 'hide protected system files (Recommended)'> Click on Yes to confirm> Apply> OK
Location is: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming

RevCo · Jul 15, 2011

OK - never heard of Sality infection but kind of think I don't want to...but yeah, I am thinking reformat is looking likely, unfortunately.

I've just seen your latest reply (thank you again) and even with 'hide protected system files (Recommended)' unchecked I only found idstore.sst here:
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking
[did full search of computer, this is the only one found]
So, should I still delete this one?

Other than that, after your previous reply, I had a BSOD. The event viewer error log had this only:

Log Name: Application
Source: Microsoft-Windows-LoadPerf
Date: 16/07/2011 00:56:28
Event ID: 3011
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Super-PC
Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-LoadPerf" Guid="{122EE297-BB47-41AE-B265-1CA8D1886D40}" />
<EventID>3011</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-07-15T23:56:28.925652600Z" />
<EventRecordID>3760</EventRecordID>
<Correlation />
<Execution ProcessID="2016" ThreadID="1456" />
<Channel>Application</Channel>
<Computer>Super-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<EventXML xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="LoadPerf">
<param1>WmiApRpl</param1>
<param2>WmiApRpl</param2>
<binaryDataSize>8</binaryDataSize>
<binaryData>F20300004D070000</binaryData>
</EventXML>
</UserData>
</Event>
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

From VEW I go this:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/07/2011 01:11:18

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2011 00:10:45
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 16/07/2011 00:10:45
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 15/07/2011 23:56:28
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 15/07/2011 23:56:28
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 15/07/2011 20:18:04
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 15/07/2011 20:18:04
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 15/07/2011 19:12:44
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 15/07/2011 19:12:44
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 15/07/2011 18:46:43
Type: Error Category: 0
Event: 59 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\Intel\intel control center\IntelControlCenter.exe".Error in manifest or policy file "c:\program files (x86)\Intel\intel control center\IntelControlCenter.exe.Config" on line 0. Invalid Xml syntax.

Log: 'Application' Date/Time: 15/07/2011 18:46:29
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 15/07/2011 18:46:27
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 15/07/2011 18:32:17
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 15/07/2011 18:32:17
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 15/07/2011 16:32:38
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 15/07/2011 16:32:36
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 15/07/2011 16:31:55
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 15/07/2011 16:17:52
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 15/07/2011 16:17:52
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 14/07/2011 19:43:28
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 14/07/2011 19:43:28
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2011 00:06:26
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/07/2011 00:04:01
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/07/2011 16:13:26
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/07/2011 18:06:41
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/07/2011 06:17:16
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/07/2011 06:09:56
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/07/2011 16:23:24
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/07/2011 15:54:15
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/07/2011 21:59:43
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/07/2011 18:03:51
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/07/2011 07:04:25
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/07/2011 06:40:13
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/07/2011 19:15:04
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/07/2011 17:04:56
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/07/2011 16:59:35
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/07/2011 18:13:48
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/07/2011 08:28:50
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/07/2011 08:18:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/07/2011 07:15:39
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 09/07/2011 19:59:27
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2011 00:06:54
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:06:54
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:06:54
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:06:54
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:06:54
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 16/07/2011 00:06:54
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 16/07/2011 00:06:43
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:06:43
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:06:43
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 16/07/2011 00:06:30
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009a42950, 0xfffffa8009a42c30, 0xfffff80002dd7f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071611-8502-01.

Log: 'System' Date/Time: 16/07/2011 00:06:29
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 01:05:04 on ?16/?07/?2011 was unexpected.

Log: 'System' Date/Time: 16/07/2011 00:04:29
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:04:29
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:04:29
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:04:29
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:04:29
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 16/07/2011 00:04:29
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 16/07/2011 00:04:18
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:04:18
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 16/07/2011 00:04:18
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

--------------------------------

From OTMovit I got this:

All processes killed
========== FILES ==========
R:\Backups\Application Data.zip moved successfully.
R:\Games\platypus\platypus_full.exe moved successfully.
R:\Utilities\Flash Tools\ASV\asvpc501.zip moved successfully.
R:\Utilities\Flash Tools\ASV\asvpc501\p60790c.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 424151 bytes
->Temporary Internet Files folder emptied: 5151299 bytes
->FireFox cache emptied: 48800327 bytes
->Google Chrome cache emptied: 26049154 bytes
->Flash cache emptied: 5620 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 07162011_011409

Files moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bobbye · Jul 17, 2011

Please do this:

If you do not plan on using Remote Assistance or HomeGroup for networking, the following group of services can safely be disabled:

Peer Name Resolution Protocol> Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function.
Peer Networking Grouping> Enables multi-party communication using Peer-to-Peer Grouping.
Peer Networking Identity Manager> Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services.
PNRP Machine Name Publication Service.> This service publishes a machine name using the Peer Name Resolution Protocol.

---------------
If you do plan on using Remote Assistance or HomeGroup for networking- or if you are not sure, the group of services can be safely set to Manual
--------------
Perfprmance Logs & Alerts
Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert
It can be Disabled. If that is seen to cause problems> Set the Startup type to Manual
----------
Note: Source for Services courtesy of Black Viper Win 7 Services
In my opinion, Black Viper is greatly more knowledgeable about Windows in the field than Microsoft.
The attributes for bold and underlined text are mine as is the color red.
=================================================
To access the Services and make changes:
Click on Start> Run> type in services.msc> enter> Double click the Service you want to open> Change the Service Startup Type in the dialog box.

When finished click on Apply> OK> Close Services.
Reboot the computer in to Normal Mode

RevCo · Jul 18, 2011

Hi Bobbye,
Last night I stumbled on the OCZ forums and it appears there are many, many people who also have the same drive (Vertex3) on this chipset which have pretty much identical problems - BSOD, stutters/pauses and the drive disappearing.
I've been wrong many times about all this, but I think it looks too suspicious - I'm thinking it must be the same fault as I am having.

So I think rather than waste any more of your time, I'll see what OCZ have to say and with any luck get it resolved. It might be something else I guess, but I don't want to keep coming back to you if it's something down to the drive firmware being bad.

Not sure how to mark this as resolved (without tempting fate) but if you want to do that so you don't keep coming back to it... I will come back here and let you know (if you want to know that is!) - just in case anyone else comes along showing the same sort of symptoms.

Once again, I really do appreciate all your help you have given me with this.

Cheers.

Bobbye · Jul 18, 2011

My compliments to you for using such good judgement! I did note many were having the same problem. Hopefully you can't find the resolution. You may want to make note of the information about the Services and the Black Viper site. That is most likely an unrelated problem but it should be checked..

Thank you for updating me. I will close this thread. If you needs us later, you know where we are.
You may want to go ahead and remove the cleaning programs.

Remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
[o] Click START> then RUN
[o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Download OTCleanIt by OldTimer and save it to your Desktop.
[o] Double click OTCleanIt.exe.
[o] Click the CleanUp! button.
[o] If you are prompted to Reboot during the cleanup, select Yes.
[o]The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
Set a new, clean Restore Point
[o] Click on Start> right click on Computer> Properties
[o] Select System Protection
[o] Click on the Create button (near bottom)
[o] Type a name for the Restore Point
[o] Click on Create again to save the restore point.
Deleting all but the most recent System Protection point in Windows 7
[o] Click Start> Computer> right click the C Drive and choose Properties> enter.
[o] Click Disk Cleanup from there.

[o] Click Clean up system files
This restarts Disk Cleanup to run in elevated mode.
[o] Click the More Options tab

[o] Click the Clean up under System Restore and Shadow Copies.
[o] Click OK.
[o] You will get a confirmation screen> Just click Delete.
[o] Click OK on the Disk Cleanup Screen.
[o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

Resolved BSOD and avgtdia.sys - possible malware

RevCo

Posts: 13 +0

Bobbye

Posts: 16,313 +36

Bobbye

Posts: 16,313 +36

RevCo

Posts: 13 +0

RevCo

Posts: 13 +0

RevCo

Posts: 13 +0

Bobbye

Posts: 16,313 +36

RevCo

Posts: 13 +0

Bobbye

Posts: 16,313 +36

Bobbye

Posts: 16,313 +36

RevCo

Posts: 13 +0

Bobbye

Posts: 16,313 +36

RevCo

Posts: 13 +0

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts