Solved Laptop freezing/crashing when running routine tasks

Status
Not open for further replies.
A

a4007035

Posts: 84   +0
Hi,

The laptop I am currently using keeps crashing on me. I go to run something simple such as windows update and part way through the update the laptop will crash. It is also running a lot slower than normal. Followed the steps in the guide. Logs posted below.

Gavin
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7064

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702

10/07/2011 20:01:45
mbam-log-2011-07-10 (20-01-45).txt

Scan type: Quick scan
Objects scanned: 151683
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-10 22:50:27
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O
Running: nz1x8xxp.exe; Driver: C:\Users\cash\AppData\Local\Temp\ugddapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by cash at 22:51:45 on 2011-07-10
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1014.123 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7F67C530-FC26-4CF5-873B-972FD230749E} : NameServer = 192.168.0.1
TCP: Interfaces\{DAECB5E8-37F6-4F28-980F-7616944B54B0} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cash\appdata\roaming\mozilla\firefox\profiles\i6z48zj3.default\
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-10 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-10 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-10 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-10 22712]
.
=============== Created Last 30 ================
.
2011-07-10 19:20:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-10 19:20:57 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-10 19:20:56 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-10 19:20:55 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-10 19:20:47 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-10 19:20:43 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-10 19:20:23 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-10 19:20:23 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-10 19:20:23 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 18:53:59 -------- d-----w- c:\users\cash\appdata\roaming\Malwarebytes
2011-07-10 18:53:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 18:53:52 -------- d-----w- c:\programdata\Malwarebytes
2011-07-10 18:53:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 18:53:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-10 18:49:10 -------- d-----w- c:\users\cash\appdata\local\Mozilla
2011-07-10 17:09:22 -------- d-----w- c:\users\cash\appdata\roaming\Avira
2011-07-10 17:06:17 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-10 17:06:14 -------- d-----w- c:\programdata\Avira
2011-07-10 17:06:14 -------- d-----w- c:\program files\Avira
2011-07-10 16:48:23 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-07-10 16:48:15 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e7ebfff0-483c-47ca-9ff5-de6418b3a06c}\mpengine.dll
2011-07-10 16:48:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-10 16:35:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 19:21:55 -------- d-sh--w- C:\found.000
2011-06-22 18:42:59 2048 ----a-w- c:\program files\internet explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-07-10 14:26:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-07-10 13:45:45 1214976 ----a-w- c:\windows\system32\drivers\athr.sys
.
============= FINISH: 22:52:51.10 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 04/11/2008 21:00:57
System Uptime: 10/07/2011 22:24:18 (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | X58L
Processor: Genuine Intel(R) CPU 575 @ 2.00GHz | Socket 478 | 1995/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 32.143 GiB free.
D: is FIXED (NTFS) - 46 GiB total, 45.733 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Agere Systems HDA Modem
ASUS Live Update
ASUS Splendid Video Enhancement Technology
Atheros Client Installation Program
µTorrent
Avira AntiVir Personal - Free Antivirus
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 5.0 (x86 en-GB)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
.
==== Event Viewer Messages From Past Week ========
.
10/07/2011 21:00:40, Error: EventLog [6008] - The previous system shutdown at 20:56:19 on 10/07/2011 was unexpected.
10/07/2011 20:52:09, Error: EventLog [6008] - The previous system shutdown at 20:47:28 on 10/07/2011 was unexpected.
10/07/2011 20:40:09, Error: EventLog [6008] - The previous system shutdown at 20:22:03 on 10/07/2011 was unexpected.
10/07/2011 19:47:44, Error: EventLog [6008] - The previous system shutdown at 19:43:36 on 10/07/2011 was unexpected.
10/07/2011 18:55:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/07/2011 18:55:04, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/07/2011 18:55:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/07/2011 18:54:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/07/2011 18:54:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/07/2011 18:54:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/07/2011 18:54:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/07/2011 18:54:12, Error: EventLog [6008] - The previous system shutdown at 18:16:44 on 10/07/2011 was unexpected.
10/07/2011 18:13:14, Error: EventLog [6008] - The previous system shutdown at 18:10:36 on 10/07/2011 was unexpected.
10/07/2011 18:02:09, Error: EventLog [6008] - The previous system shutdown at 17:57:04 on 10/07/2011 was unexpected.
10/07/2011 17:53:15, Error: EventLog [6008] - The previous system shutdown at 17:48:28 on 10/07/2011 was unexpected.
10/07/2011 17:42:39, Error: EventLog [6008] - The previous system shutdown at 17:40:09 on 10/07/2011 was unexpected.
10/07/2011 15:27:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/07/2011 15:27:04, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/07/2011 15:27:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/07/2011 15:26:59, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/07/2011 15:26:58, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
10/07/2011 15:26:27, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Media Player Network Sharing Service_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Media Player Network Sharing Service (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package SystemRestore_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package SystemRestore (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package MovieMaker_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package MovieMaker (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package MobilePC-Client-Basic_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package MobilePC-Client-Basic (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft .NET Framework 3.0_nl-NL (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft .NET Framework 3.0_it-IT (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft .NET Framework 3.0_fr-FR (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft .NET Framework 3.0_de-DE (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981997 (Security Update) into Staged(Staged) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981997 (Security Update) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938371 (Update) into Permanent(Permanent) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2478935 (Security Update) into Staged(Staged) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2478935 (Security Update) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2281679 (Security Update) into Staged(Staged) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2281679 (Security Update) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package GPUPipeline_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package GPUPipeline (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package ClipsInTheLibrary_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package ClipsInTheLibrary (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package CaptureWizard_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:19, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package CaptureWizard (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft .NET Framework 3.0_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft .NET Framework 3.0 (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976771 (Security Update) into Installed(Installed) state
10/07/2011 15:21:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958483 (Update) into Installed(Installed) state
10/07/2011 15:21:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB948610 (Update) into Installed(Installed) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Samples for Music (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Media Format Runtime_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Media Format Runtime (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975558 (Security Update) into Staged(Staged) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975558 (Security Update) into Installed(Installed) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968816 (Security Update) into Staged(Staged) state
10/07/2011 15:21:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968816 (Security Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Media Player_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Media Player (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Telnet Server_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Telnet Server (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Telnet Client_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Telnet Client (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Server-Help-Package.VistaHomeBasic_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Server-Help-Package.VistaHomeBasic (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PeerToPeer-Full-Package_$(build.cultureNameString (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PeerToPeer-Full-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PeerToPeer-AdhocMeetings-Package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PeerToPeer-AdhocMeetings-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package ParentalControls-Package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package ParentalControls-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package MSMQ Client Home Basic package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package MSMQ Client Home Basic package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB977816 (Security Update) into Staged(Staged) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB977816 (Security Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973540 (Security Update) into Staged(Staged) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973540 (Security Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959772 (Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954154 (Security Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952069 (Security Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Staged(Staged) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package InboxGames-Package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package InboxGames-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package CoreClientUAHB_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package CoreClientUAHB (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package BHBC Namespace_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package BHBC Namespace (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package AnytimeUpgradeUA_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package AnytimeUpgradeUA (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WMI-SNMP-Provider-Package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WMI-SNMP-Provider-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows Foundation (Foundation) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package SNMP-Package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package SNMP-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package RemoteAssistance_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package RemoteAssistance (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-SimpleTCP-Package_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-SimpleTCP-Package (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Language Pack (Language Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982665 (Security Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982665 (Security Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979687 (Security Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979687 (Security Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978542 (Security Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978542 (Security Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976002 (Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976002 (Update) into Permanent(Permanent) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957388 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955302 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954366 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952709 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB947562 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB937286 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB936330 (Service Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2479943 (Security Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2479943 (Security Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2305420 (Security Update) into Staged(Staged) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2305420 (Security Update) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package HelpCustomization_en-US (Language Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package HelpCustomization (Feature Pack) into Installed(Installed) state
10/07/2011 15:21:15, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Client-Features (Feature Pack) into Installed(Installed) state
10/07/2011 15:01:58, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/07/2011 15:01:54, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/07/2011 15:01:54, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume VistaOS.
10/07/2011 15:00:39, Error: netbt [4321] - The name "USER :0" could not be registered on the interface with IP address 192.168.0.9. The computer with the IP address 169.254.40.195 did not allow the name to be claimed by this computer.
10/07/2011 15:00:38, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DAECB5E8-37F6-4F28-980F-7616944B54B0} because another computer on the network has the same name. The server could not start.
10/07/2011 15:00:38, Error: netbt [4321] - The name "USER :20" could not be registered on the interface with IP address 192.168.0.9. The computer with the IP address 169.254.40.195 did not allow the name to be claimed by this computer.
10/07/2011 15:00:32, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/07/2011 14:37:37, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
10/07/2011 14:35:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
10/07/2011 12:41:37, Error: EventLog [6008] - The previous system shutdown at 00:37:17 on 26/06/2011 was unexpected.
10/07/2011 12:41:00, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
10/07/2011 12:40:58, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Not much there...

Define "crash".
 
Thanks Broni

Define "crash".
Click to expand...

There are 2 types: -

1. I will try and run something like windows update and whilst it is downloading/installing the updates the laptop will just freeze still. And I'll go to click on something and it won't allow me to do anything. I try Ctrl+Alt+Del to get to task manager but it doesn't even get on to that. So I just have to hold the off switch to restart it.

2. The second 'crash' is again when running something like an installation for windows update and then it goes to this black screen which says: -

'A problem has been detected and windows has been shut down to prevent damage to your computer'

Then it says something like 'win32 kernal...' But I can't remember exactly what it says as it restarts pretty quickly. And I don't have my laptop on me right now so can't tell you exactly what it says.

I think it has been referred to as the Windows Blue Screen of Death (BSOD), although my screen is actually black.

I'll try and update this message when I get back to my laptop.

Regards

Gavin
 
ok, The error message keeps varying. One time it said 'memory management'. The other time it said 'kernal_input'. It normally occurs when I try and install Windows Vista SP2 which is one of the updates it keeps trying to install. I can generally access the other programs fine on the laptop.

I take it this isn't malware then.
 
Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

=================================================================

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System

Under Select type to list, select:
Critical (Vista only)
Error

Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.
 
==================================================
Dump File : Mini071211-01.dmp
Crash Time : 12/07/2011 00:19:09
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x803e0c70
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071211-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-11.dmp
Crash Time : 11/07/2011 23:48:01
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa579fe41
Parameter 3 : 0x88919c48
Parameter 4 : 0x88919944
Caused By Driver : srv.sys
Caused By Address : srv.sys+16e41
File Description : Server driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : srv.sys+16e41
Stack Address 1 : ntkrnlpa.exe+21c6eb
Stack Address 2 : ntkrnlpa.exe+3841d
Stack Address 3 : ntkrnlpa.exe+1d5e88
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-11.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-10.dmp
Crash Time : 11/07/2011 23:40:25
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x2d343834
Parameter 3 : 0x00000000
Parameter 4 : 0xb2978c70
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-10.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-09.dmp
Crash Time : 11/07/2011 22:38:25
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00000030
Parameter 2 : 0xa684c570
Parameter 3 : 0xab4a8000
Parameter 4 : 0xa7c4e044
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+1eb000
Stack Address 2 : ntkrnlpa.exe+2120d9
Stack Address 3 : ntkrnlpa.exe+8993c
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-09.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-08.dmp
Crash Time : 11/07/2011 08:41:53
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x81665b5b
Parameter 3 : 0xa3315b84
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+5b5b
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : win32k.sys+5b5b
Stack Address 1 : win32k.sys+11b83e
Stack Address 2 : win32k.sys+11bc8b
Stack Address 3 : win32k.sys+e7a2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-08.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-07.dmp
Crash Time : 11/07/2011 08:20:51
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x000d1e85
Parameter 3 : 0x00000000
Parameter 4 : 0x815068c0
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-07.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-06.dmp
Crash Time : 11/07/2011 01:46:20
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xa7679b78
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-06.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-05.dmp
Crash Time : 11/07/2011 01:28:19
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc000001d
Parameter 2 : 0xa621de41
Parameter 3 : 0x803ecc48
Parameter 4 : 0x803ec944
Caused By Driver : srv.sys
Caused By Address : srv.sys+16e41
File Description : Server driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : srv.sys+16e41
Stack Address 1 : ntkrnlpa.exe+21c6eb
Stack Address 2 : ntkrnlpa.exe+3841d
Stack Address 3 : ntkrnlpa.exe+1d5e88
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-05.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-04.dmp
Crash Time : 11/07/2011 01:20:17
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x000000be
Parameter 1 : 0x864d2e11
Parameter 2 : 0x30c1f121
Parameter 3 : 0x86f03cd4
Parameter 4 : 0x0000000b
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+c9e11
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a5125
Stack Address 1 : ntkrnlpa.exe+5ab84
Stack Address 2 : Ntfs.sys+c9e11
Stack Address 3 : ntkrnlpa.exe+1d5e88
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-04.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-03.dmp
Crash Time : 11/07/2011 00:53:15
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00000030
Parameter 2 : 0x8afc6418
Parameter 3 : 0xa6975000
Parameter 4 : 0xa2b95028
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+1eb000
Stack Address 2 : ntkrnlpa.exe+2120d9
Stack Address 3 : ntkrnlpa.exe+8993c
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-02.dmp
Crash Time : 11/07/2011 00:34:57
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00000030
Parameter 2 : 0x90aca3f0
Parameter 3 : 0xa6fc2000
Parameter 4 : 0xa2906000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+1eb000
Stack Address 2 : ntkrnlpa.exe+2120d9
Stack Address 3 : ntkrnlpa.exe+8993c
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071111-01.dmp
Crash Time : 11/07/2011 00:13:03
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0xfefcfcfc
Parameter 3 : 0x00000000
Parameter 4 : 0x8aefe8c0
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071111-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071011-06.dmp
Crash Time : 10/07/2011 23:59:42
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8d8f2c38
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071011-06.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071011-05.dmp
Crash Time : 10/07/2011 23:15:51
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0xa6da2e41
Parameter 3 : 0x803f8c48
Parameter 4 : 0x803f8944
Caused By Driver : srv.sys
Caused By Address : srv.sys+16e41
File Description : Server driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : srv.sys+16e41
Stack Address 1 : ntkrnlpa.exe+21c6eb
Stack Address 2 : ntkrnlpa.exe+3841d
Stack Address 3 : ntkrnlpa.exe+1d5e88
Computer Name :
Full Path : C:\Windows\Minidump\Mini071011-05.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071011-04.dmp
Crash Time : 10/07/2011 21:00:37
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xa4204c38
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071011-04.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071011-03.dmp
Crash Time : 10/07/2011 20:52:03
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00000030
Parameter 2 : 0x8356efb8
Parameter 3 : 0xa849b000
Parameter 4 : 0xa7a95000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+1eb000
Stack Address 2 : ntkrnlpa.exe+2120d9
Stack Address 3 : ntkrnlpa.exe+8993c
Computer Name :
Full Path : C:\Windows\Minidump\Mini071011-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071011-02.dmp
Crash Time : 10/07/2011 18:13:23
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8ac69c70
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071011-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini071011-01.dmp
Crash Time : 10/07/2011 17:42:51
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xa3b24ba8
Caused By Driver : hal.dll
Caused By Address : hal.dll+75b0
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini071011-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,120
==================================================

==================================================
Dump File : Mini062211-04.dmp
Crash Time : 22/06/2011 20:24:30
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x8a0e38c0
Caused By Driver : hal.dll
Caused By Address : hal.dll+75b0
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini062211-04.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,168
==================================================

==================================================
Dump File : Mini062211-03.dmp
Crash Time : 22/06/2011 20:05:01
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xa6d5cb78
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini062211-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,168
==================================================

==================================================
Dump File : Mini062211-02.dmp
Crash Time : 22/06/2011 19:49:29
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0xa82568c0
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+83a38
Stack Address 2 : ntkrnlpa.exe+51537
Stack Address 3 : ntkrnlpa.exe+3b6f2
Computer Name :
Full Path : C:\Windows\Minidump\Mini062211-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,168
==================================================

==================================================
Dump File : Mini062211-01.dmp
Crash Time : 22/06/2011 18:45:38
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001904aa
Parameter 2 : 0xa263e75c
Parameter 3 : 0xa263e458
Parameter 4 : 0x81f0400c
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+1a316
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : Ntfs.sys+1a316
Stack Address 2 : Ntfs.sys+152c6
Stack Address 3 : ntkrnlpa.exe+b92e8
Computer Name :
Full Path : C:\Windows\Minidump\Mini062211-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,168
==================================================

==================================================
Dump File : Mini042311-01.dmp
Crash Time : 23/04/2011 18:31:21
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 0x00000000
Parameter 2 : 0x857b23f0
Parameter 3 : 0xf2000040
Parameter 4 : 0x00000800
Caused By Driver : hal.dll
Caused By Address : hal.dll+68b5
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : hal.dll+68b5
Stack Address 2 : ntkrnlpa.exe+c09e8
Stack Address 3 : hal.dll+67c9
Computer Name :
Full Path : C:\Windows\Minidump\Mini042311-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 144,264
==================================================

==================================================
Dump File : Mini022609-01.dmp
Crash Time : 26/02/2009 18:17:13
Bug Check String : BUGCODE_USB_DRIVER
Bug Check Code : 0x000000fe
Parameter 1 : 0x00000008
Parameter 2 : 0x00000006
Parameter 3 : 0x00000005
Parameter 4 : 0x89bba978
Caused By Driver : hal.dll
Caused By Address : hal.dll+75b0
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd0e3
Stack Address 1 : usbhub.sys+13ded
Stack Address 2 : usbhub.sys+13fff
Stack Address 3 : usbhub.sys+18ee3
Computer Name :
Full Path : C:\Windows\Minidump\Mini022609-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 6001
Dump File Size : 139,576
==================================================
 
When I try the run on VEW with Critical and Error selected it says:-

Run Time Error 75
Path/File Access Error

I can run with just critical selected and it the following is a paste from the log
 
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/07/2011 20:54:05

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/07/2011 21:07:02

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/07/2011 23:55:20
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (2312) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Log: 'Application' Date/Time: 11/07/2011 23:53:29
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 23:51:58
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 23:39:13
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\2608407d70a0dc02a7a2a6fa478fdc\spinstall.exe /path:"C:\Users\cash\Desktop\Gavs\Windows6.0-KB948465-X86.exe"; Descripton = Windows Vista™ Service Pack 2; Hr = 0x8007043c).

Log: 'Application' Date/Time: 11/07/2011 23:36:31
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 23:36:21
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 11/07/2011 23:19:19
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 22:48:13
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 22:43:18
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4bc51b52-94d0-43ff-b36a-d4001a501ec5}

Log: 'Application' Date/Time: 11/07/2011 22:40:35
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 21:42:55
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 21:39:01
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 21:38:48
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 11/07/2011 07:41:42
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 07:21:01
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 07:03:32
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 00:46:28
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 00:28:04
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 00:20:28
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/07/2011 00:10:44
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/07/2011 23:54:26
Type: Error Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
Application initialization failed. Last error: 0x80004005

Log: 'System' Date/Time: 11/07/2011 23:54:26
Type: Error Category: 33
Event: 1000 Source: Microsoft-Windows-LanguagePackSetup
CBS Client initialization failed. Last error: 0x80080005

Log: 'System' Date/Time: 11/07/2011 23:54:12
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 11/07/2011 23:48:06
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:06
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:06
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:05
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:04
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:04
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:03
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:48:00
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:47:59
Type: Error Category: 48
Event: 10101 Source: Microsoft-Windows-DriverFrameworks-UserMode
The driver package installation has failed. The final status was 1084.

Log: 'System' Date/Time: 11/07/2011 23:36:32
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: avipbb spldr ssmdrv Wanarpv6

Log: 'System' Date/Time: 11/07/2011 23:36:32
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 11/07/2011 23:36:28
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

Log: 'System' Date/Time: 11/07/2011 23:36:24
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 11/07/2011 23:36:21
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 11/07/2011 23:36:14
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 11/07/2011 23:35:25
Type: Error Category: 0
Event: 27 Source: volsnap
The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Log: 'System' Date/Time: 11/07/2011 23:35:20
Type: Error Category: 0
Event: 27 Source: volsnap
The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Keep updating me regarding your computer behavior, good, or bad
Click to expand...

One of the windows updates it was trying to install was the Vista Service Pack 2 but it kept going to BDOS. So I downloaded the SP2 from the microsoft website and installed it in safe mode. Laptop hasn't crashed since.
 
I tell a lie. It has gone to the BDOS since installing SP2 and restarted as a consequence.

Do the logs I pasted yesterday tell you anything?
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 11-07-14.03 - cash 14/07/2011 18:11:34.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1014.405 [GMT 1:00]
Running from: c:\users\cash\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 17:19 . 2011-07-14 17:19 -------- d-----w- c:\users\cash\AppData\Local\temp
2011-07-14 17:19 . 2011-07-14 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 23:58 . 2011-07-12 23:58 -------- d-----w- C:\found.001
2011-07-12 20:19 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBD77873-4FC6-4542-8D7B-A85EC0EA1B12}\mpengine.dll
2011-07-12 20:15 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 20:15 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 20:14 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 20:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-07-11 23:48 . 2011-07-11 23:48 -------- d-----w- c:\windows\system32\ca-ES
2011-07-11 23:48 . 2011-07-11 23:48 -------- d-----w- c:\windows\system32\eu-ES
2011-07-11 23:48 . 2011-07-11 23:48 -------- d-----w- c:\windows\system32\vi-VN
2011-07-11 23:46 . 2011-07-11 23:46 -------- d-----w- c:\windows\system32\SPReview
2011-07-11 23:23 . 2011-07-11 23:23 -------- d-----w- C:\3896eb041f3f97a285
2011-07-11 22:17 . 2011-07-11 22:17 -------- d-----w- C:\21df2b3bb09b57229ba0
2011-07-11 21:57 . 2011-07-11 21:57 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-07-10 23:30 . 2011-07-10 23:30 -------- d-----w- C:\d8a368b2bd13d3e200
2011-07-10 23:17 . 2011-07-10 23:17 -------- d-----w- C:\734d09fbe22968f0101488fb
2011-07-10 22:45 . 2011-07-10 22:45 -------- d-----w- c:\windows\system32\EventProviders
2011-07-10 22:45 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-07-10 22:45 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-07-10 19:20 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-10 19:20 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-10 19:20 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-10 19:20 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-10 19:20 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-10 19:20 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-10 19:20 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-10 19:20 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-10 19:20 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-10 19:20 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 18:53 . 2011-07-10 18:53 -------- d-----w- c:\users\cash\AppData\Roaming\Malwarebytes
2011-07-10 18:53 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 18:53 . 2011-07-10 18:53 -------- d-----w- c:\programdata\Malwarebytes
2011-07-10 18:53 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 18:53 . 2011-07-10 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-10 18:49 . 2011-07-10 18:49 -------- d-----w- c:\users\cash\AppData\Local\Mozilla
2011-07-10 17:09 . 2011-07-10 17:09 -------- d-----w- c:\users\cash\AppData\Roaming\Avira
2011-07-10 17:06 . 2011-07-10 18:58 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-10 17:06 . 2011-07-10 18:58 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-10 17:06 . 2011-07-10 17:06 -------- d-----w- c:\programdata\Avira
2011-07-10 17:06 . 2011-07-10 17:06 -------- d-----w- c:\program files\Avira
2011-07-10 16:48 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-10 16:35 . 2011-07-10 16:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-10 16:02 . 2011-07-10 16:02 -------- d-----w- c:\users\ADMINI~1
2011-06-22 19:21 . 2011-06-22 19:21 -------- d-----w- C:\found.000
2011-06-22 18:43 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-06-22 18:43 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-22 18:43 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2011-06-22 18:43 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2011-06-22 18:43 . 2009-03-08 11:30 66560 ----a-w- c:\windows\system32\tdc.ocx
2011-06-22 18:43 . 2009-03-08 11:31 34816 ----a-w- c:\windows\system32\imgutil.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 14:26 . 2008-11-04 23:20 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-07-10 13:45 . 2010-04-27 22:19 1214976 ----a-w- c:\windows\system32\drivers\athr.sys
2011-06-16 04:32 . 2011-07-10 18:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-21 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Skytel"="Skytel.exe" [2008-08-21 1833504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 13:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-05-29 08:11 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{5FF4900C-3C9D-4172-8AEC-E22410A0ACA6}.job
- c:\windows\system32\msfeedssync.exe [2011-07-10 04:32]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{E75C6FAB-5B18-4F19-B7C2-D3F76EEF9E71}.job
- c:\windows\system32\msfeedssync.exe [2011-07-10 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7F67C530-FC26-4CF5-873B-972FD230749E}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\cash\AppData\Roaming\Mozilla\Firefox\Profiles\i6z48zj3.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 18:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-14 18:23:15
ComboFix-quarantined-files.txt 2011-07-14 17:23
.
Pre-Run: 28,129,169,408 bytes free
Post-Run: 28,660,760,576 bytes free
.
- - End Of File - - 84F54BAEA6DE60BAFCBD20F780771649
 
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14/07/2011 at 18:28:15.
Operating System: Windows Vista (TM) Home Basic


Processes terminated by Rkill or while it was running:



Rkill completed on 14/07/2011 at 18:28:19.
 
Looks good.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 14/07/2011 21:52:13 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\cash\Desktop\Gavs
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.48 Mb Total Physical Memory | 164.86 Mb Available Physical Memory | 16.25% Memory free
2.24 Gb Paging File | 1.24 Gb Available in Paging File | 55.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 27.07 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive D: | 46.13 Gb Total Space | 45.73 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: USER | User Name: cash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 21:51:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cash\Desktop\Gavs\OTL.exe
PRC - [2011/07/10 19:58:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/16 05:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/21 02:35:19 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/18 20:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/14 21:51:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cash\Desktop\Gavs\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/10 19:58:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/03/18 20:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 19:58:28 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 19:58:28 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/10 14:45:45 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/03/21 20:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/08/09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 09:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/01/24 19:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006/12/14 01:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 19:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/10 19:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cash\AppData\Roaming\mozilla\Extensions
[2011/07/14 18:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/14 18:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/19 12:03:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/14 18:19:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 18:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/14 18:23:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/14 18:23:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/14 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\cash\AppData\Local\temp
[2011/07/14 18:09:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/14 18:09:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/14 18:09:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/14 18:09:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/14 18:09:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/14 18:03:14 | 004,151,905 | R--- | C] (Swearware) -- C:\Users\cash\Desktop\ComboFix.exe
[2011/07/13 00:58:07 | 000,000,000 | ---D | C] -- C:\found.001
[2011/07/12 00:48:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/07/12 00:48:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/07/12 00:48:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/07/12 00:46:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/07/12 00:23:36 | 000,000,000 | ---D | C] -- C:\3896eb041f3f97a285
[2011/07/11 23:17:03 | 000,000,000 | ---D | C] -- C:\21df2b3bb09b57229ba0
[2011/07/11 22:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/07/11 00:30:20 | 000,000,000 | ---D | C] -- C:\d8a368b2bd13d3e200
[2011/07/11 00:17:37 | 000,000,000 | ---D | C] -- C:\734d09fbe22968f0101488fb
[2011/07/10 23:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/07/10 23:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/10 19:53:59 | 000,000,000 | ---D | C] -- C:\Users\cash\AppData\Roaming\Malwarebytes
[2011/07/10 19:53:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/10 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/10 19:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/10 19:53:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/10 19:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/10 19:49:10 | 000,000,000 | ---D | C] -- C:\Users\cash\AppData\Local\Mozilla
[2011/07/10 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\cash\AppData\Roaming\Mozilla
[2011/07/10 19:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/10 18:09:22 | 000,000,000 | ---D | C] -- C:\Users\cash\AppData\Roaming\Avira
[2011/07/10 18:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/07/10 18:06:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/07/10 18:06:17 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/10 18:06:17 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/07/10 18:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/07/10 18:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/10 17:31:04 | 000,000,000 | ---D | C] -- C:\Users\cash\Desktop\Gavs
[2011/07/10 14:45:33 | 000,000,000 | ---D | C] -- C:\Users\cash\Desktop\Drivers
[2011/06/22 20:21:55 | 000,000,000 | ---D | C] -- C:\found.000
[2007/01/24 19:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011/07/14 21:55:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E75C6FAB-5B18-4F19-B7C2-D3F76EEF9E71}.job
[2011/07/14 21:13:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 21:13:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 19:13:49 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/07/14 19:13:23 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/07/14 19:13:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/14 19:13:03 | 1064,558,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 19:04:31 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/14 19:04:31 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/14 18:19:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/14 18:04:57 | 004,151,905 | R--- | M] (Swearware) -- C:\Users\cash\Desktop\ComboFix.exe
[2011/07/14 18:01:34 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FF4900C-3C9D-4172-8AEC-E22410A0ACA6}.job
[2011/07/13 00:59:58 | 153,795,653 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/13 00:03:44 | 000,370,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/11 22:40:29 | 000,000,680 | ---- | M] () -- C:\Users\cash\AppData\Local\d3d9caps.dat
[2011/07/10 23:19:32 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/07/10 19:58:28 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/10 19:58:28 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/07/10 19:49:01 | 000,000,877 | ---- | M] () -- C:\Users\cash\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/10 19:49:01 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/10 18:06:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/10 18:03:00 | 000,000,950 | ---- | M] () -- C:\Users\cash\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/10 17:26:50 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2011/07/10 15:26:37 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011/07/10 14:45:45 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/22 20:28:47 | 000,002,609 | ---- | M] () -- C:\Users\cash\Desktop\Microsoft Office Word 2003.lnk
[2011/06/22 20:13:30 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock

========== Files Created - No Company Name ==========

[2011/07/14 18:09:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/14 18:09:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/14 18:09:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/14 18:09:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/14 18:09:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/12 00:50:38 | 1064,558,592 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/11 22:40:29 | 000,000,680 | ---- | C] () -- C:\Users\cash\AppData\Local\d3d9caps.dat
[2011/07/10 23:44:59 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/07/10 23:19:32 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/07/10 23:19:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/07/10 19:49:01 | 000,000,877 | ---- | C] () -- C:\Users\cash\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/10 19:49:01 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/10 19:49:01 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/10 18:06:31 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/06/22 19:39:57 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2010/11/16 06:16:34 | 000,005,632 | ---- | C] () -- C:\Users\cash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/16 05:44:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/16 05:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/03 06:37:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/03 21:40:34 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/02/02 11:05:19 | 000,000,552 | ---- | C] () -- C:\Users\cash\AppData\Local\d3d8caps.dat
[2008/11/05 00:20:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008/11/04 22:51:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/16 10:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/02/11 04:55:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 04:34:47 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 04:34:47 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 04:34:47 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/08/06 18:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,370,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/02 10:53:08 | 000,000,000 | ---D | M] -- C:\Users\cash\AppData\Roaming\Birdstep Technology
[2011/07/10 14:38:17 | 000,000,000 | ---D | M] -- C:\Users\cash\AppData\Roaming\uTorrent
[2010/11/23 00:15:27 | 000,000,000 | ---D | M] -- C:\Users\cash\AppData\Roaming\Vodafone
[2011/07/14 19:10:46 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/14 18:01:34 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5FF4900C-3C9D-4172-8AEC-E22410A0ACA6}.job
[2011/07/14 21:55:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E75C6FAB-5B18-4F19-B7C2-D3F76EEF9E71}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/04/04 20:01:58 | 000,000,019 | ---- | M] () -- C:\AA21.txt
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/16 10:45:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/07/14 18:23:15 | 000,010,307 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/24 00:52:55 | 000,037,980 | ---- | M] () -- C:\debug1214.txt
[2008/11/05 00:38:57 | 000,019,479 | ---- | M] () -- C:\devlist.txt
[2008/08/26 00:30:09 | 000,000,024 | ---- | M] () -- C:\Driver.10
[2008/04/29 08:12:04 | 000,000,030 | ---- | M] () -- C:\DVD.LOG
[2008/11/05 00:35:36 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2011/07/14 19:13:03 | 1064,558,592 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/04 23:21:50 | 000,000,481 | ---- | M] () -- C:\igoogle_log.txt
[2008/10/06 04:46:41 | 000,000,021 | ---- | M] () -- C:\msapp2.LOG
[2008/08/08 08:22:19 | 000,000,030 | ---- | M] () -- C:\NERO.LOG
[2008/07/04 05:35:34 | 000,000,021 | ---- | M] () -- C:\NIS2008.TXT
[2007/03/16 00:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT
[2011/07/14 19:13:02 | 1378,332,672 | -HS- | M] () -- C:\pagefile.sys
[2008/11/04 09:35:13 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2008/09/24 03:22:03 | 000,002,666 | ---- | M] () -- C:\Patch.LOG
[2008/04/29 15:30:15 | 000,000,020 | ---- | M] () -- C:\READER_A.TXT
[2008/08/09 00:07:53 | 000,000,024 | ---- | M] () -- C:\RECOVERY.DAT
[2008/11/04 23:59:16 | 000,000,646 | ---- | M] () -- C:\RHDSetup.log
[2011/07/14 18:36:42 | 000,000,368 | ---- | M] () -- C:\rkill.log
[2008/11/05 00:11:01 | 000,000,086 | ---- | M] () -- C:\setup.log
[2006/05/16 01:22:24 | 000,000,005 | ---- | M] () -- C:\store.log
[2008/11/04 22:42:57 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2008/11/04 22:42:03 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2008/07/31 23:40:18 | 000,000,021 | ---- | M] () -- C:\V552.txt
[2011/07/12 21:10:02 | 000,013,616 | ---- | M] () -- C:\VEW.txt
[2008/09/09 04:43:53 | 001,048,576 | ---- | M] () -- C:\X51L.BIN

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/07/12 00:44:27 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/06/19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/10 18:03:00 | 000,000,286 | -HS- | M] () -- C:\Users\cash\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/07/14 18:04:57 | 004,151,905 | R--- | M] (Swearware) -- C:\Users\cash\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/12 00:54:28 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/07/12 00:53:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/07/12 00:53:57 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/07/12 00:53:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/07/12 00:53:57 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/07/12 00:53:58 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/02/02 10:51:30 | 000,000,402 | -HS- | M] () -- C:\Users\cash\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-12 23:23:42


< End of report >
 
OTL Extras logfile created on: 14/07/2011 21:52:13 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\cash\Desktop\Gavs
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.48 Mb Total Physical Memory | 164.86 Mb Available Physical Memory | 16.25% Memory free
2.24 Gb Paging File | 1.24 Gb Available in Paging File | 55.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 27.07 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive D: | 46.13 Gb Total Space | 45.73 Gb Free Space | 99.13% Space Free | Partition Type: NTFS

Computer Name: USER | User Name: cash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30C23E9F-AFC6-44AA-9A48-B510392E4D28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BB3E781-825F-4AAF-809A-9211BD25516A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{54A63823-24BE-44EF-B7C7-2EA62B233B59}" = rport=2869 | protocol=6 | dir=out | app=system |
"{63748240-4B8F-4926-8B1F-704C173766D8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AD4C07F2-2F66-48BB-957A-7FCEFE4449CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8B47793-76B9-44A7-8996-FE03D7FE6DBF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D084B99D-98CE-43DD-90B4-F5FBF9193E6D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EF3B482D-052F-43E7-B2F6-4415D913F6E9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F3AF7D08-CC58-4272-840B-4D53550423A8}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386AE8FE-C7A7-405E-9BC5-B20077F81158}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{81E4CD63-BDC0-4035-BAA7-70D33337BD6C}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{90DAC70E-0DC4-4756-81C8-C6AB5EA16DCC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A2870724-204C-4AC2-9F26-C247F8DA305D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA6B26F5-30EE-4489-BA30-9E7117ECC81E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{BD598C97-7388-43E8-99F5-ADCA07552F7E}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{CBD84FA7-A4D1-4352-BF92-1F2D38C077C3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DC4E2EB9-4FC7-4995-8041-8A0C64B2B691}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{FF7570CC-C20B-40C9-923A-6AD570F4D044}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9C7AFBE7-B5AF-48AA-85CC-3D362CFC94A2}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{C4866E81-105C-445D-955F-FB92F99C5FDB}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/07/2011 18:59:53 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 19:13:15 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 19:25:25 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 19:34:46 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 19:53:25 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 20:03:29 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 20:10:44 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 20:20:28 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 20:28:04 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

Error - 10/07/2011 20:46:28 | Computer Name = user | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14/07/2011 14:00:08 | Computer Name = user | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:59:09 on 14/07/2011 was unexpected.

Error - 14/07/2011 14:02:36 | Computer Name = user | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 14/07/2011 14:10:12 | Computer Name = user | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 14/07/2011 14:10:45 | Computer Name = user | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 14/07/2011 14:10:50 | Computer Name = user | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 14/07/2011 14:15:21 | Computer Name = user | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 14/07/2011 14:22:04 | Computer Name = user | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 14/07/2011 16:24:52 | Computer Name = user | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 14/07/2011 16:36:49 | Computer Name = user | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 14/07/2011 16:46:04 | Computer Name = user | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.


< End of report >
 
Looks good as well...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 8.3.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
Status
Not open for further replies.

Similar threads

D
Windows 11 23H2 update is affecting gaming performance, but Microsoft says there's a workaround
2
Replies
31
Views
1K
scavengerspc
scavengerspc
A
Opera starts offering local access to LLMs and AI chatbots
Replies
2
Views
138
Eldritch
Eldritch
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back