Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
Computer Crashing - Blue Screen
Have something to say? Contribute New Article Reply to this Article Computer Crashing - Blue Screen
Hello All
Trying to help my cousin out with his Laptop. It keeps crashing every 15 mins or so and then going to the Blue Screen.
To me it sounds like there has been some sort of change in drivers on the system but thought I had better check it for virus / malware etc. I will post the required reports for the purpose of viruses etc but is there anything I can provide in trying to find out if any drivers are missing?
Also I will post the information on here that shows on the blue screen.
Regards
David
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
Windows Vista. - yes I have tried booting in safe mode and so far so good. He is complaining of the fact that if he is running a couple of programmes then it has a tendancy to crash and restart automatically or go to blue creen.
It takes 15 mins to load on initial start up due to the number of programmes that he has open upon booting. Therefore I do have a feeling that this could be just to pure overload.
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
I usually pare down the number of services that are automatically started in my clients' Vista machines for similar reasons - slow booting at the least. However, unless they are taking more memory than the system has (including swap space), they should not cause a BSOD.
Windows Vista. - yes I have tried booting in safe mode and so far so good. He is complaining of the fact that if he is running a couple of programmes then it has a tendancy to crash and restart automatically or go to blue creen.
It takes 15 mins to load on initial start up due to the number of programmes that he has open upon booting. Therefore I do have a feeling that this could be just to pure overload.
Of course it could be malware too so that can't be ruled out yet.But since you say it takes 15 minutes to just boot the computer, which NO computer should require, it sounds to me like you have likely narrowed down the problem.
Run the DDS Scanner FIRST and post those two logs here, copy/paste BOTH logs.
It runs fine in Safe Mode. After you have done that then continue with the malware scanners to rule that out too. But give us the DDS logs. We may find the problem right there.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19154
Run by Gareth at 16:59:13 on 2011-11-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2331 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: H - No File
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110509214205.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\gareth\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Steam] "c:\steam\Steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
mRun: []
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Virtual PDF Printer] c:\program files\virtual pdf printer\VirtualPDFPrinter.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BE20DB45-12CC-4D4A-A96B-4F4B4333AE67} : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-1 15672]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-7-20 20384]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-16 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-16 165032]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-16 141792]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-16 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-3-1 312152]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-2 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-16 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-16 171168]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
S3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2010-11-30 4096]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-16 56064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-7 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-7-20 954368]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-2 22216]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-16 153280]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-16 52320]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-16 84488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-02 14:35:02 -------- d-----w- c:\users\gareth\appdata\local\{FDA01F48-97E0-475E-AE87-7A2074B25E8C}
2011-11-02 13:23:24 -------- d-----w- c:\users\gareth\appdata\local\{DF692395-A1CF-4AFE-B2C3-BB0E15EF1F23}
2011-11-02 00:40:12 -------- d-----w- c:\users\gareth\appdata\local\{35004399-0AE2-4293-836C-17DA76FB0BA9}
2011-11-02 00:13:11 -------- d-----w- c:\users\gareth\appdata\local\{6775FDF8-FA8A-412D-BC16-FC1BA95FFF51}
2011-11-01 15:42:51 -------- d-----w- c:\users\gareth\appdata\local\{26E0B8C9-3D7F-4AEC-87D7-27D087FF352E}
2011-10-31 08:08:25 -------- d-----w- c:\users\gareth\appdata\local\{0C6304A2-6E07-4EC7-8627-56744872A688}
2011-10-31 01:01:46 -------- d-----w- c:\users\gareth\appdata\local\{17C26228-047E-492F-B0B7-B7F93D857728}
2011-10-31 00:51:12 -------- d-----w- c:\users\gareth\appdata\local\{7BA41663-77F4-4D09-B891-705F11471504}
2011-10-30 17:40:33 -------- d-----w- c:\users\gareth\appdata\local\{936C94EF-4037-4B23-87B8-9512F444ABD0}
2011-10-30 11:15:10 -------- d-----w- c:\users\gareth\appdata\local\{8A369321-D3E6-41A7-B8A9-D9B505F28AA3}
2011-10-30 09:39:05 -------- d-----w- c:\users\gareth\appdata\local\{EA4971BD-39D9-40C6-BFDF-891E66632798}
2011-10-30 02:37:31 -------- d-----w- c:\users\gareth\appdata\local\{16817869-A03C-4241-B809-791936392B05}
2011-10-30 01:37:56 -------- d-----w- c:\users\gareth\appdata\local\{282D8BF7-A6DB-483A-9AA1-2CAE7CFDF6F8}
2011-10-29 10:31:15 -------- d-----w- c:\users\gareth\appdata\local\{4F61C9CB-677B-4766-A6E7-021DA26F1EB4}
2011-10-29 10:05:43 -------- d-----w- c:\users\gareth\appdata\local\{A0411D1C-5E00-4219-931F-7D651A4E9490}
2011-10-29 04:38:54 -------- d-----w- c:\users\gareth\appdata\local\{E37CA9C9-9FCC-4852-90C0-04EEC31AF5E6}
2011-10-29 01:11:12 -------- d-----w- c:\users\gareth\appdata\local\{751C3251-1514-49B2-9249-2CB5EF7FD656}
2011-10-29 00:07:56 -------- d-----w- c:\users\gareth\appdata\local\{57339277-C85A-40B5-AD42-42C68903AC39}
2011-10-28 10:24:23 -------- d-----w- c:\users\gareth\appdata\local\{43E85759-26C2-4CBA-BE84-ED1A0682F531}
2011-10-28 08:05:44 -------- d-----w- c:\users\gareth\appdata\local\{626F00F1-8431-43E4-B6D3-C76F6DD2CEAF}
2011-10-28 03:53:22 -------- d-----w- c:\users\gareth\appdata\local\{1F261981-7D57-45EE-9030-ED0EB44B1A0A}
2011-10-27 23:11:23 -------- d-----w- c:\users\gareth\appdata\local\{BD804973-B272-4883-812B-B283CE8BBD9A}
2011-10-25 21:39:25 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-25 10:59:22 -------- d-----w- c:\users\gareth\appdata\local\{28C1900E-FC5E-4B8D-B3E0-F860252A521F}
2011-10-24 20:47:18 -------- d-----w- c:\users\gareth\appdata\local\{3D4171F7-CCE3-4E79-BB30-2AD90EAFF353}
2011-10-23 23:53:15 -------- d-----w- c:\users\gareth\appdata\local\{B0A8612C-84F0-461D-9DB3-0891806F5C98}
2011-10-23 11:52:43 -------- d-----w- c:\users\gareth\appdata\local\{A6145C6C-8076-42D8-80E1-3910054A4E8F}
2011-10-22 22:20:28 -------- d-----w- c:\users\gareth\appdata\local\{BF431F72-B991-4F4D-87E0-B612C339D288}
2011-10-22 22:18:44 -------- d-----w- c:\users\gareth\appdata\local\{CA8EF6DD-B246-47B1-AD56-236505BBCC38}
2011-10-21 10:07:39 -------- d-----w- c:\users\gareth\appdata\local\{D5AEB4CB-D0BB-4A58-A6AC-7B53CB2D36DF}
2011-10-21 10:07:10 -------- d-----w- c:\users\gareth\appdata\local\{8E607390-56BA-4F85-BD9B-38D38BCB9E23}
2011-10-20 13:47:27 -------- d-----w- c:\users\gareth\appdata\local\{97CC5A54-196A-49A1-871B-87A0C2B37BD4}
2011-10-20 13:46:43 -------- d-----w- c:\users\gareth\appdata\local\{A3CFA734-1C52-4078-9C17-1197C30C1EF0}
2011-10-20 01:10:46 -------- d-----w- c:\users\gareth\appdata\local\{6DB64EC4-9DA4-4579-88DB-807CB8942588}
2011-10-20 01:09:06 -------- d-----w- c:\users\gareth\appdata\local\{02646A5E-D6BF-4AC8-8DF3-02F055BAE951}
2011-10-19 12:22:01 -------- d-----w- c:\users\gareth\appdata\local\{A8CB5570-DD20-4DA9-92FA-A8BF7A365D61}
2011-10-18 23:42:50 -------- d-----w- c:\users\gareth\appdata\local\{A3D82C33-5039-446D-867D-1F5E4B93E560}
2011-10-18 23:42:39 -------- d-----w- c:\users\gareth\appdata\local\{D55CED9B-7844-464E-BD4E-5F4D4895847D}
2011-10-18 11:42:05 -------- d-----w- c:\users\gareth\appdata\local\{4C1D96B8-28ED-4DD4-85B5-F402655239C5}
2011-10-18 11:41:22 -------- d-----w- c:\users\gareth\appdata\local\{3FB6C18E-46CE-4114-BA35-3350845340F6}
2011-10-17 13:47:03 -------- d-----w- c:\users\gareth\appdata\local\{6014B1F1-034D-49C5-8C56-2850FB7C5109}
2011-10-16 11:17:35 -------- d-----w- c:\windows\system32\drivers\nss\0306000.01F
2011-10-16 11:17:35 -------- d-----w- c:\windows\system32\drivers\NSS
2011-10-16 11:17:35 -------- d-----w- c:\program files\Norton Security Scan
2011-10-16 11:17:26 -------- d-----w- c:\program files\NortonInstaller
2011-10-16 11:16:07 -------- d-----w- c:\users\gareth\appdata\local\{869B8614-67CA-4E8C-87F6-C382A1B67EEE}
2011-10-16 11:15:38 -------- d-----w- c:\users\gareth\appdata\local\{26DACD6F-29D5-46F5-9E86-85062616FD6F}
2011-10-14 14:34:47 -------- d-----w- c:\users\gareth\appdata\local\{5B07D064-B766-40D3-B8A1-5CF0063241D4}
2011-10-14 14:34:35 -------- d-----w- c:\users\gareth\appdata\local\{B9EA125B-E9F7-4468-A215-94068C037709}
2011-10-14 02:33:54 -------- d-----w- c:\users\gareth\appdata\local\{3E8D7C95-2E5B-453F-BDE7-779698799354}
2011-10-14 02:33:30 -------- d-----w- c:\users\gareth\appdata\local\{7093B6EF-5076-4325-8E83-C62D67B06091}
2011-10-13 13:55:38 -------- d-----w- c:\users\gareth\appdata\roaming\SmartDraw
2011-10-13 13:52:59 -------- d-----w- c:\program files\SmartDraw VP
2011-10-13 13:49:34 -------- d-----w- c:\users\gareth\appdata\local\{2EBFF11E-C742-4113-A854-22FA60232F25}
2011-10-13 13:49:10 -------- d-----w- c:\users\gareth\appdata\local\{DB6A721C-85A5-46EB-825E-E78D4681D677}
2011-10-13 01:49:26 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 01:49:25 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 01:49:25 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 01:49:24 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 01:49:20 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 01:49:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-10-13 01:49:00 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-10-13 01:47:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-13 01:47:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 01:47:16 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 01:47:15 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 01:47:15 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 01:52:50 -------- d-----w- c:\users\gareth\appdata\local\{75103DDE-CA09-4929-8CB8-FC33D616ADB8}
2011-10-12 01:51:45 -------- d-----w- c:\users\gareth\appdata\local\{6650F5EE-6586-4DC7-944C-E3E12527E098}
.
==================== Find3M ====================
.
2011-10-12 02:00:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 00:05:07 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-10-06 11:41:23 0 ----a-w- c:\windows\system32\RENB8E.tmp
2011-10-06 11:41:23 0 ----a-w- c:\windows\system32\RENB8D.tmp
2011-10-06 11:41:23 0 ----a-w- c:\windows\system32\RENB7D.tmp
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:00:49.98 ===============
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
I have just realised that i completed the DDS log request in safe mode, will this make a difference to the results?
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
No, if you notice I said it runs fine in Safe mode if required. Post that Attach.txt log Copy/Paste it.
I already see several key problems but need to see that one too.
There are 47 program files that run automatically at start up, most not required and several that MUST BE Uninstalled for sure.That's part of the slow down for sure.
I have not gone through the Services yet.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/07/2009 15:39:47
System Uptime: 08/11/2011 15:03:45 (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | CPU | 1995/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 15.753 GiB free.
D: is Removable
E: is FIXED (NTFS) - 73 GiB total, 17.392 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.65
8500A909_eDocs
8500A909_Help
8500A909a
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced SystemCare 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
µTorrent
BB FlashBack 2 Express
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BT NetProtect Plus
BufferChm
Camera Assistant Software for Toshiba
CamStudio OSS Desktop Recorder
CCleaner
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conduit Engine
D3DX10
Destination Component
DeviceDiscovery
DivX Setup
DocMgr
DocProc
Fax
Feedback Tool
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IObit Security 360
IObit Toolbar v4.1
iTunes
Java Auto Updater
Java(TM) 6 Update 27
LG USB Modem Drivers
Malwarebytes' Anti-Malware version 1.51.2.1300
ManyCam 2.6.60 (remove only)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office Converter Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MobileMe Control Panel
MPM
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
myphotobook 3.6
Network
Norton Security Scan
NVIDIA PhysX
Oblivion
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
OpenAL
Pando Media Booster
Picasa 2
ProductContext
Quick Screen Capture 3.0
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Shockwave
Skype Toolbars
Skype™ 5.3
SmartDraw VP
SmartWebPrinting
SolutionCenter
Status
Steam
Synaptics Pointing Device Driver
TES Construction Set
Toolbox
TortoiseSVN 1.6.7.18415 (32 bit)
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TrayApp
TRDCReminder
TRORDCLauncher
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VirtualDJ Home FREE
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
08/11/2011 15:39:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
08/11/2011 15:21:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
08/11/2011 15:08:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
08/11/2011 15:06:22, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:05:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
08/11/2011 15:05:28, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:05:28, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:05:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08/11/2011 15:04:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
08/11/2011 15:04:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08/11/2011 15:04:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
08/11/2011 15:04:40, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
08/11/2011 15:04:22, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
08/11/2011 15:04:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
08/11/2011 15:02:56, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:02:11, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/11/2011 15:01:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
08/11/2011 15:01:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
08/11/2011 15:00:45, Error: EventLog [6008] - The previous system shutdown at 14:59:28 on 08/11/2011 was unexpected.
02/11/2011 14:15:45, Error: EventLog [6008] - The previous system shutdown at 14:13:26 on 02/11/2011 was unexpected.
02/11/2011 14:04:36, Error: EventLog [6008] - The previous system shutdown at 14:02:46 on 02/11/2011 was unexpected.
02/11/2011 13:30:39, Error: EventLog [6008] - The previous system shutdown at 13:28:33 on 02/11/2011 was unexpected.
02/11/2011 07:38:33, Error: EventLog [6008] - The previous system shutdown at 07:36:27 on 02/11/2011 was unexpected.
02/11/2011 07:27:36, Error: EventLog [6008] - The previous system shutdown at 07:25:23 on 02/11/2011 was unexpected.
02/11/2011 06:56:47, Error: EventLog [6008] - The previous system shutdown at 06:53:54 on 02/11/2011 was unexpected.
02/11/2011 06:41:04, Error: EventLog [6008] - The previous system shutdown at 06:39:13 on 02/11/2011 was unexpected.
02/11/2011 06:00:37, Error: EventLog [6008] - The previous system shutdown at 05:58:20 on 02/11/2011 was unexpected.
02/11/2011 04:52:58, Error: EventLog [6008] - The previous system shutdown at 04:50:10 on 02/11/2011 was unexpected.
02/11/2011 03:46:18, Error: EventLog [6008] - The previous system shutdown at 03:44:08 on 02/11/2011 was unexpected.
02/11/2011 03:36:18, Error: EventLog [6008] - The previous system shutdown at 03:34:47 on 02/11/2011 was unexpected.
02/11/2011 03:16:56, Error: EventLog [6008] - The previous system shutdown at 03:15:17 on 02/11/2011 was unexpected.
02/11/2011 00:37:25, Error: EventLog [6008] - The previous system shutdown at 00:35:32 on 02/11/2011 was unexpected.
02/11/2011 00:10:40, Error: EventLog [6008] - The previous system shutdown at 00:09:15 on 02/11/2011 was unexpected.
01/11/2011 15:40:23, Error: EventLog [6008] - The previous system shutdown at 15:39:27 on 01/11/2011 was unexpected.
.
==== End Of File ===========================
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
First problem is your cousin is running TWO full Security suites, McAfee and total pieces of junk
IObit Security 360
IObit Toolbar v4.1
This IObit Security 360 program gets terrible reviews, it's own website is rated as unsatisfactory and possibly unsafe to even visit.
Having this alone is a real problem but running two different av programs and firewalls is the number one No-No. It does not increase protection but lessens it because they fight each other and the "bad guys' come right on in.
Also on there from this same company and another lousy program is
Advanced SystemCare 3, also very dangerous because it contains a registry cleaner among other things and "allegedly" will speed the computer and keep it running at "top notch" level, it doesn't and a registry cleaner is never needed and can do more damage than good.
I am not crazy about McAfee but it is at least it is from a reputable company and certainly not considered terrible as all that junk from iObit is considered to be.
Just do a search for reviews of iObit products and you will find the majority are "less than glowing".
Also on there is Norton Security Scan
Second no-no is your cousin is running, P2P programs, virtually the easiest way to infect a computer.
These also run all the time, and at start up.
µTorrent
uTorrentBar Toolbar
Is your cousins version of MBA-M the PAID version? Excellent program, free or paid but if it is the free version there is no need for it to run all the time as it does nothing. The Free version is a scanner only. The paid version offers some real time protection.
Before you go further, these programs below all need to uninstalled immediately.
Advanced SystemCare 3
Ask Toolbar
Conduit Engine >>>questionable at best. Conduit engines and toolbars are reputed to have a certain trackware functionality.
IObit Security 360
IObit Toolbar v4.1
Norton Security Scan
µTorrent
uTorrentBar Toolbar
Another possible problem is the fact that your cousin has two internal hard drives and BOTH have less than half remaining free space. With the uTorrent on there this tells me it's likely that there may be infected shared files stored on both of these drives.
C: is FIXED (NTFS) - 74 GiB total, 15.753 GiB free.
E: is FIXED (NTFS) - 73 GiB total, 17.392 GiB free.
Uninstall the programs noted above. Continue with the rest of the scans, in normal mode IF possible, if not then do them in safe mode.
Post back here with the requested logs.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Jholland - Thank you very much for your advice. Will carry out what you have suggested and report back with logs tomorrow morning. David
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
HOW CAN YOU TELL IF ITS A blue screen of deathCONCERN
- error msgs
-HD FAILED
-immediate blue screen
-ntldr missing or corrupt
-just plain balank screen
-------------------------------------------------------------
Booting is loading of software, process that will load all ur data in harddrive
hard drive errors are NO BOOT concern
*hard disk failed
*bsod
*ntldr missing or corrupted
*blank screen
TROUBLE SHOOTING
1. Ask them to restart the computer
make sure all non essential peripheral are not connected to the system
and run diagnostic tool
Run diagnostics F12
IF PASSED
*but ask to backed up files ur computer if cant back up, transfer call to solution station with SR
or OSRI(Operating System Reinstallation) pc restore.
IF FAILED,
*know the error code and if ever replace or reseat hard drive
If you encounter error 0141 or 0150, check BIOS to check if the HDD is detected
See if the HDD is properly seated
Recheck BIOS if HDD is detected, if yes rerun diagnostics and test
If it still won't load Windows, it's an OS issue and there's a need for OSRI
Check for HDD error codes:
Check BIOS
Reseat connectors/data cable
PSA (Fn + Power button) for laptops
F12 Hard Drive Diagnostics
For error code = STOP :Xnnnnnn ask the cx the first code
The Last Known Good Configuration (F8)
HDD Troubleshooting:
Check for HDD error codes:
Check BIOS
Reseat connectors/data cable
PSA (Fn + Power button) for laptops
F12 Hard Drive Diagnostics
*******0141 0150 (HD not detected)
go to BIOS, if hard drive detected, if not reseat hard drive go back to bios if it already detected run diagnostics, if no more error detected and load the OS.if cant proceed to PC restore
verify media to check if ders a cd came to the computer (driver disk) cyber link DVD decoder, roxio DVD burner
*check the invoice date. if within 2 year we can send pre loaded HD.
*if way over 2 years will send blank HD.
*******0146 DST Log contains previous error(s). RUNS CUSTOM TEST or quick test in HD
if FAILS, verify media to check if ders a cd came to the computer (driver disk) cyber link DVD decoder, roxio DVD burner
*check the invoice date. if within 2 year we can send pre loaded HD.
*if way over 2 years will send blank HD.
If PASSED, set customer expectation to backed up files since OS is the problem. go OSRI PC RESTORE REINSTALLATION
*******OTHER ERROR verify media
tap F12 for desktops
hold and press =Fn and power button for portables
2. if encounter error message,
*blue screen, ask them to read stop collen and google it.
most of the problem need re-installation of operating system... =))
hey man, having video issues. monitor not showing anything. give me step by step TS. c'',)
hey man, having video issues. monitor not showing anything. give me step by step TS. c'',)
Please create your own thread instead of hijacking another person's thread.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
HOW CAN YOU TELL IF ITS A blue screen of deathCONCERN
- error msgs
-HD FAILED
-immediate blue screen
-ntldr missing or corrupt
-just plain balank screen-------------------------------------------------------------
Booting is loading of software, process that will load all ur data in harddrive
hard drive errors are NO BOOT concern
*hard disk failed
*bsod
*ntldr missing or corrupted
*blank screenTROUBLE SHOOTING
1. Ask them to restart the computer
make sure all non essential peripheral are not connected to the system
and run diagnostic toolRun diagnostics F12
IF PASSED
*but ask to backed up files ur computer if cant back up, transfer call to solution station with SR
or OSRI(Operating System Reinstallation) pc restore.IF FAILED,
*know the error code and if ever replace or reseat hard driveIf you encounter error 0141 or 0150, check BIOS to check if the HDD is detected
See if the HDD is properly seated
Recheck BIOS if HDD is detected, if yes rerun diagnostics and test
If it still won't load Windows, it's an OS issue and there's a need for OSRICheck for HDD error codes:
Check BIOS
Reseat connectors/data cable
PSA (Fn + Power button) for laptops
F12 Hard Drive Diagnostics
For error code = STOP :Xnnnnnn ask the cx the first code
The Last Known Good Configuration (F8)HDD Troubleshooting:
Check for HDD error codes:
Check BIOS
Reseat connectors/data cable
PSA (Fn + Power button) for laptops
F12 Hard Drive Diagnostics*******0141 0150 (HD not detected)
go to BIOS, if hard drive detected, if not reseat hard drive go back to bios if it already detected run diagnostics, if no more error detected and load the OS.if cant proceed to PC restore
verify media to check if ders a cd came to the computer (driver disk) cyber link DVD decoder, roxio DVD burner
*check the invoice date. if within 2 year we can send pre loaded HD.
*if way over 2 years will send blank HD.*******0146 DST Log contains previous error(s). RUNS CUSTOM TEST or quick test in HD
if FAILS, verify media to check if ders a cd came to the computer (driver disk) cyber link DVD decoder, roxio DVD burner
*check the invoice date. if within 2 year we can send pre loaded HD.
*if way over 2 years will send blank HD.If PASSED, set customer expectation to backed up files since OS is the problem. go OSRI PC RESTORE REINSTALLATION
*******OTHER ERROR verify media
tap F12 for desktops
hold and press =Fn and power button for portables2. if encounter error message,
*blue screen, ask them to read stop collen and google it.most of the problem need re-installation of operating system... =))
We are presently working this thread and reinstall of the os is certainly not required at this time.
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8117
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154
08/11/2011 21:24:08
mbam-log-2011-11-08 (21-24-07).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 335643
Time elapsed: 2 hour(s), 18 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-09 09:44:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: bg8cl6p8.exe; Driver: C:\Users\Gareth\AppData\Local\Temp\fwddapow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A3811E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A381212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A3811FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A3811D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
The second scan on GMER has been running for a few hours now, as soon as its finished I will post the log. David
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
GMER scan finally finished after 5.5 hours or so. Came on here to upload the log and the computer randomly restarted. My cousin has mentioned this previously but i was unaware it was still a problem. Not sure if that will help in identifying what is wrong with it.
GMER log report below.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-09 16:18:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: bg8cl6p8.exe; Driver: C:\Users\Gareth\AppData\Local\Temp\fwddapow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A3811E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A381212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A3811FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A3811D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Files - GMER 1.0.15 ----
File C:\Users\Gareth\AppData\Local\Temp\PandoHHHD2LC4.dmp 0 bytes
---- EOF - GMER 1.0.15 ----
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
signing out for tonight, will look at any comments tomorrow. Thanks in advance. David
daiharrison
Junior Poster in Training
55 posts since Nov 2010
Reputation Points: 10
Solved Threads: 0
This question has already been solved
You
© 2012 DaniWeb® LLC
