[Solved] Laptop Freezes and then screen goes blue and it dumps memory

[babyhornetdan]

Can someone help me?? please!

 

When i load my Toshiba Satellite L300 it does not let me open many programs (only my anti-virus and control panel). When i load my Anti-virus (avast) it runs very slowly and then gets half way through and the screen suddenly goes blue and it says the system has shut down to prevent harm. It then dumps memory and restarts. I can start it in safe mode but when i run the anti virus it says it is clear. I am using Windows Vista home premium.

 

Can anyone suggest whats wrong and what i need to do. I dont know where the problem lies.

 

Thanks in advance.

[KenB]

Hi,

 

Start up in Safe Mode with Networking.

Download MBAM from here:

http://www.malwarebytes.org/products/malwarebytes_free

You want the free version.

 

Install > Update > Run

 

If it finds anything post the log here.

Note:

This is not an AntiVirus tool it locates Malware.

[babyhornetdan]

I ran it as it said to and it gave me this

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

http://www.malwarebytes.org

 

Database version: 7677

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.19120

 

08/09/2011 18:17:14

mbam-log-2011-09-08 (18-17-14).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 246003

Time elapsed: 29 minute(s), 52 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[KenB]

Thanks for the log.

 

It is not showing any malware.

 

Start in Safe Mode. ( assuming unstable in normal mode? )

Once booted ...

Start ....in the run box type .....cmd .... ( DO NOT PRESS ENTER )

Where "CMD" shows top left - right click on this and click on "Run as Administrator"

 

At the command prompt type in ..

sfc /scannow

Note - there is a space after sfc.

The scan will take some time to complete.

 

You may need the Vista Installation Disk - ( I suspect that you will not have this )

Run the scan anyway.

 

If you are still having problems can you post the error message that you get when it Blue-Screens.

Assume that this is a STOP error ?

[babyhornetdan]

Yeah its very unstable in normal mode. It usually only lasts 5mins.

 

The message changes everytime, but i can have a look next time and give you an idea. One i can remember was "incorrect (X) header.

 

The system scan says windows resource protection found no integrity violations.

[babyhornetdan]

Has anyone else got any ideas?? I have run the scans in normal mode too but nothing is found.

[KenB]

i can have a look next time and give you an idea.

I am still waiting for you to post the STOP error from the Blue Screen.

 

Has anyone else got any ideas??

If anybody else wants to jump in please feel free.

[babyhornetdan]

ok i will see if i can get it.

[babyhornetdan]

I cant read it quick enough to get it all. But the last one i remember was Incorrect (something) Header. I cant remember exactly what it was though.

[babyhornetdan]

The only thing i can read is an error has occured and it has shut down to prevent further harm. The other message actually changes and i dont always get the same one.

[babyhornetdan]

I have just run OTL and it has given me this

 

 

OTL logfile created on: 09/09/2011 19:14:07 - Run 1

OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Daniel\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19120)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.87 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 77.96% Memory free

4.00 Gb Paging File | 3.70 Gb Available in Paging File | 92.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110.32 Gb Total Space | 82.28 Gb Free Space | 74.58% Space Free | Partition Type: NTFS

 

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Daniel\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (clr_optimization_v4.0.30319_32) -- File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (RapportCerberus_29574) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ()

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )

DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW23B.sys (Marvell Semiconductor, Inc)

DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (PRISM_A02) -- C:\Windows\System32\drivers\WUSB20XP.sys (Cisco-Linksys, LLC.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 26 0C A7 4C 3B CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/11 18:06:37 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BD616C-E7C3-40A3-BADB-D9627EE0FB1C}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{355862F7-8EB2-4956-8F18-D857323F748E}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41B0CAB3-07E7-457C-9526-06CA6B418EEE}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58C8C110-BF6D-4232-A8FF-8E82D1A68931}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9F36415-A6AD-4AF7-B251-43D47E2B0098}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Daniel\Pictures\Pics\pretty pics\imagesCA9OUN8H.jpg

O24 - Desktop BackupWallPaper: C:\Users\Daniel\Pictures\Pics\pretty pics\imagesCA9OUN8H.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpReg: HFALoader - hkey= - key= - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

 

CREATERESTOREPOINT

Error creating restore point.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/09/09 18:25:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/09/09 00:01:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AFD6A92E-C373-429B-9AF4-C4BC9693FA47}

[2011/09/08 17:46:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes

[2011/09/08 17:46:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/09/08 17:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/09/08 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/09/08 17:46:14 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/09/08 17:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/09/06 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ElevatedDiagnostics

[2011/09/06 15:02:44 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx

[2011/09/06 15:02:44 | 000,009,728 | ---- | C] (TOSHIBA Corp.) -- C:\Windows\System32\TCMSVR.dll

[2011/09/06 15:02:44 | 000,007,168 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\FwLnk.sys

[2011/09/06 15:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA

[2011/09/06 14:42:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{67016818-4E77-4BD8-8662-7A5BC314E135}

[2011/09/06 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{CF76CAF3-995D-4155-8850-45CFACB80D92}

[2011/09/05 23:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2011/09/02 20:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamsterSoft

[2011/09/02 20:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\HamsterSoft

[2011/09/02 20:12:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\OpenCandy

[2011/09/02 20:12:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\OpenCandy

[2011/09/02 20:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

[2011/09/02 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{123CE77B-7D48-44BD-B943-2290CBC385DA}

[2011/09/02 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B3D4B565-73E3-4FB8-A07D-0C890280BB91}

[2011/08/30 23:07:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/08/25 20:15:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2BF511B1-5350-49B9-907B-EF3BA8C56C63}

[2011/08/25 20:15:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{91032D0E-9723-4E5C-8FA4-B75067D55E28}

[2011/08/23 08:04:58 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/08/19 10:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2011/08/19 10:00:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D5671073-93E7-4526-B857-3B29E40BAC04}

[2011/08/19 09:56:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{EB7967C6-3382-4A25-BA12-4C1D3D154D83}

[2011/08/18 15:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011/08/18 15:44:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Adobe

[2011/08/18 15:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2011/08/18 15:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2011/08/18 15:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2011/08/12 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{90999D06-3847-4ABB-AB70-A0C23A7787B8}

[2011/08/12 22:37:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{81720306-C7EC-48F9-8584-3327AB28BA22}

[2011/08/12 16:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2011/08/12 09:13:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{62F11370-B93A-42B6-86A0-5F253FE33C7B}

[2011/08/12 09:12:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{207F9C52-6028-4C64-BABB-C75E64733B2F}

[2011/08/11 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2011/08/11 18:06:25 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2011/08/11 18:06:10 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2011/08/11 18:06:10 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2011/08/11 18:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real

[2011/08/11 18:06:06 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2011/08/11 18:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Real

[2011/08/11 18:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2011/08/11 18:05:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Real

[2011/08/11 13:43:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{ADB00154-34BA-4BEA-863D-4799C3A6DA4D}

[2011/08/11 13:43:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BDEED3D4-0C1C-4AB6-BADE-F15D1C2F7E0B}

[2011/08/10 23:56:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{49586533-F9F0-4FA6-A7BC-3BBDE393C778}

[2011/08/10 23:56:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E520E43B-E8EF-454F-959F-B0226E19086A}

[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/09/09 18:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/09 18:34:50 | 000,006,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/09 18:34:50 | 000,006,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/09 18:21:40 | 000,618,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/09/09 18:21:35 | 000,116,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/09/09 18:12:55 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4143830783-3414623999-3149260129-1000UA.job

[2011/09/09 18:07:00 | 235,444,108 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/09/09 14:40:11 | 000,000,680 | ---- | M] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2011/09/08 17:46:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/08 01:33:05 | 000,001,585 | ---- | M] () -- C:\Users\Daniel\AppData\Local\HamsterFreeArchiver.cfg

[2011/09/06 00:52:56 | 000,270,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/09/05 23:35:39 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\{A0631BAA-6D93-45D0-97FB-8680B893898F}.job

[2011/09/02 20:13:14 | 000,002,000 | ---- | M] () -- C:\Users\Daniel\Desktop\Hamster Free ZIP Archiver.lnk

[2011/08/23 08:04:58 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/08/19 10:01:09 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2011/08/19 10:01:09 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2011/08/12 01:25:01 | 000,013,312 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/11 18:06:57 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk

[2011/08/11 18:06:56 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2011/08/11 18:06:25 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2011/08/11 18:06:10 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2011/08/11 18:06:10 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2011/08/11 18:06:07 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2011/08/11 16:11:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4143830783-3414623999-3149260129-1000Core.job

 

========== Files Created - No Company Name ==========

 

[2011/09/08 17:46:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/08 01:18:49 | 235,444,108 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/09/05 23:35:39 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\{A0631BAA-6D93-45D0-97FB-8680B893898F}.job

[2011/09/02 20:13:31 | 000,001,585 | ---- | C] () -- C:\Users\Daniel\AppData\Local\HamsterFreeArchiver.cfg

[2011/09/02 20:13:14 | 000,002,000 | ---- | C] () -- C:\Users\Daniel\Desktop\Hamster Free ZIP Archiver.lnk

[2011/08/18 15:43:49 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2011/08/18 15:43:49 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2011/08/11 18:06:57 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk

[2011/08/11 18:06:56 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2011/08/02 11:57:41 | 000,163,142 | ---- | C] () -- C:\Windows\hpoins28.dat

[2011/08/02 11:57:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat

[2011/07/06 08:54:18 | 000,013,312 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/05 19:13:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/07/05 19:13:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/07/05 19:13:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/07/05 18:53:01 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2008/09/12 14:19:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,270,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,618,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,116,998 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2011/07/06 03:37:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011/09/09 18:44:07 | 2322,862,080 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll

[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll

[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %PROGRAMFILES%\* >

[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/08/06 03:21:27 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

 

< End of report >

[babyhornetdan]

And this

 

 

OTL Extras logfile created on: 09/09/2011 19:14:07 - Run 1

OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Daniel\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19120)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.87 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 77.96% Memory free

4.00 Gb Paging File | 3.70 Gb Available in Paging File | 92.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 110.32 Gb Total Space | 82.28 Gb Free Space | 74.58% Space Free | Partition Type: NTFS

 

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{7DEFF4D4-E0AA-4535-87CA-DB6F8072B1B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B995867D-2E6A-4EA6-81DA-17E93940A0E2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{087A7BF7-2494-4014-8AE9-0C2B20D1038D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{08D0B428-B4C6-4087-B875-3FB5C9353184}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0B84E7F4-C80B-4BF8-A86A-EBA746CF8357}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{13AA9E99-60EC-4904-AC55-F0B591216A03}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{319DF164-E2BD-4FC2-AC4D-1AF50EF5BFAC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5DEF1473-A355-43D6-BA98-12D7BB0E1389}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6428736F-CBF1-4A5C-B52F-1739FF7E9CD3}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |

"{86FC2728-18CF-40E8-BF3F-E0C167D8751E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DE6E0F7C-C0AF-4A81-B4FC-8CA019B0510C}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{E2663A65-1877-40FA-8519-11B5DD7E200E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{E98D6158-355F-4853-8910-978BBFCC8489}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F4DDE573-32FC-423F-A8E4-D31725E0BDF8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password

"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari

"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"avast" = avast! Free Antivirus

"Hamster Free ZIP Archiver_is1" = Hamster Free ZIP Archiver 1.2.0.6

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"McAfee Security Scan" = McAfee Security Scan Plus

"Rapport_msi" = Rapport

"RealPlayer 12.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Veetle TV" = Veetle TV

"Warlords Battlecry II" = Warlords Battlecry II

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09/09/2011 10:20:59 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4609

Description =

 

Error - 09/09/2011 10:21:57 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/09/2011 12:50:50 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/09/2011 13:07:25 | Computer Name = Daniel-PC | Source = .NET Runtime | ID = 1024

Description =

 

Error - 09/09/2011 13:07:52 | Computer Name = Daniel-PC | Source = VSS | ID = 8194

Description =

 

Error - 09/09/2011 13:08:15 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/09/2011 13:22:58 | Computer Name = Daniel-PC | Source = System Restore | ID = 8193

Description =

 

Error - 09/09/2011 13:45:01 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4609

Description =

 

Error - 09/09/2011 13:45:58 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 09/09/2011 14:15:47 | Computer Name = Daniel-PC | Source = System Restore | ID = 8193

Description =

 

[ System Events ]

Error - 06/09/2011 10:39:30 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 06/09/2011 11:10:06 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

Error - 07/09/2011 07:14:00 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

Error - 07/09/2011 07:14:08 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

Error - 07/09/2011 07:14:09 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

Error - 07/09/2011 07:14:13 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

Error - 07/09/2011 07:14:50 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001

Description =

 

Error - 07/09/2011 07:14:50 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 07/09/2011 07:33:51 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

Error - 07/09/2011 20:05:13 | Computer Name = Daniel-PC | Source = DCOM | ID = 10005

Description =

 

 

< End of report >

[KenB]

I would still like to see the STOP error.

 

Try this:

Start ....type in .....system ......DO NOT press ENTER

You will get a list of about 4 options ( top left of screen )

Click on the one that says ONLY "system"

 

Then click on "Advanced System Settings"

In the Startup and Recovery box click on "Settings"

 

Uncheck "Automatically Restart" > OK

 

This should give you the Blue Screen and the STOP error instead of restarting.

[babyhornetdan]

It came up with *** STOP: 0x0000008E (0xC0000005, 0x8266D61A, 0x819E9BCC, 0x00000000)

 

I hope this helps. Thank you for your help. It is much appreciated.

[babyhornetdan]

However, i have just tried again and got a different message. This time it came up with

KERNEL_DATA_INPAGE_ERROR

 

*** STOP: 0x0000007A (0xC044F860, 0xC0000185, 0x04B238C0, 0x89F0C000)

[KenB]

Hi again,

 

The STOP errors you give me can be caused by hardware / drivers / system files / virus - not much help I am afraid.

 

You may have to do this from Safe Mode

 

You said earlier that it "Dumps Memory".

Start > type in .......minidump

Click on the minidump folder ( top left of screen )

 

You will probably have a number of files in the folder > select the most recent.

Can you copy this and post it here please ?

 

=====================

 

Also....

Start > type in .......msconfig.......ENTER

Click on "Startup" tab

Make a note of what is checked / ticked

Uncheck everything > OK

 

Restart in Normal Mode.

 

Note:

Most of what was checked is not needed.

The only things that do need to be checked is your firewall ( if it is listed there ) and your AntiVirus.

Once you have tried the system with all unchecked you can go back and check the options you want to run.

 

If the system runs OK with all unchecked one of the startup options is obviously the cause.

 

================

 

Start > type in .......devmgmt.msc .....ENTER

Click the + next to each of the devices listed.

Are there any yellow exclamation marks ?

[babyhornetdan]

It wont let me copy the minidump. It does not recognise the file and when i open it in any other file it is encoded.

 

It did not work when i disabled the things but it came up with a different STOP message MEMORY_MANAGEMENT

 

***STOP:0x0000001A (0x00041287, 0x0E72325C, 0x00000000, 0x00000000)

 

There are no exlamation marks on any of the devices.

[babyhornetdan]

Please can someone help. I have tried everything suggested and nothing has worked. Any scans i run come up clear, but each time i start up it does the same thing.

[KenB]

Hi

 

As you have no doubt guessed - STOP errors are not easy to diagnose.

 

Lets try looking at the Services to see if one of them is causing the problem.

 

Start ...type in ....services....ENTER

Make a note of the first 10 - 15 services and write down if they are Auto / Manual / Disabled.

Double click on a service and select "Disable" from the dropdown menu > OK

Do this with the 10 - 15

 

Shut down and re-boot in Normal mode.

 

If you get the same problem > reset the first 10 - 15 and disable the next 10 - 15.

Obviously make a note of the settings first.

 

Continue doing this.

 

If the system runs normally at some point you have discovered that one of the last 10 - 15 services is the problem.

It is then a process of elimination.

 

Sorry this is so long-winded but itwill either locate the problem or eliminate Services from the equation.

[Boomer]

If your system seems stable in safe mode, and safe mode loads with minimal drivers to run the system….. it could be a driver issue. I will give you a step by step on how to use windows debugging tools to view mini dumps, and if you post the findings, we may come closer to the source of the problem.

Step 1. Goto - http://msdn.microsoft.com/en-us/windows/hardware/gg463016.aspx

Step 2. Download Debugging tools from windows SDK.

Step 3. When prompted by the installer uncheck everything except ‘debugging tools for windows’.

Step 4. Once installed open Windbg and then press Ctrl + S shortcut to open the ‘symbol file path’ box.

Step 5. Into this box copy and paste the following - SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Step 6. Click ‘ok’ and then go ‘file’ and then ‘saveworkspace’.

Ok we’re ready…..

Locate Windbg through the start bar and right click and run as administrator, then under the file option select ‘open crash dump’. Locate your minidump files. The debugger will autorun, once it has stopped click ‘!analyze –v’. (highlighted blue)

Now post us your findings for each minidump.

Edited September 13, 2011 by Boomer

[babyhornetdan]

I have finally finished all the services, and the problem changed slightly. It will let me run an anti-virus scan now and it comes up clear, however it will not run the Malwarebytes. Also it does not show the STOP error.

[babyhornetdan]

It wont allow me to download the debugging tools for some reason.

 

Any other ideas? or am i best to get a new machine?

[Boomer]

Did you try downloading debugging tools in safe mode with networking?

From what i can understand your system is stable in safe mode, is thiscorrect?

Windows debugger, once installed will debug your memory dump files andcould pinpoint the exact problem including the name of the drivers responsible. Withthese names you can then update/roll back drivers responsible, or disablehardware or drivers responsible. This could stabilize or even solve your systemissues.

Do you have another working PC available to you?

Try disabling your anti-virus and see how your system runs.

As long as this is not a hardware issue, your system is fixable it just depends on what measures need to be taken in order to achieve this.

i recommend you back up any important files at this point (if you havent already done so).

[babyhornetdan]

I did try to download the the debugging tools in safe mode with networking. Its the only way i can get it to work at all. Everything that should work works in safe mode with networking.

 

I dont have another Pc available unfortunately. I am wary of disabling the anti virus, is it safe??

 

All files are backed up and safe.

[KenB]

I am wary of disabling the anti virus, is it safe??

As long as you don't access the net - it is worth a try.

(don't forget to enable again :) )

 

the problem changed slightly. It will let me run an anti-virus scan ..........will not run the Malwarebytes

Did you make a note of the service that caused the change as suggested?

Was this in normal or safe mode?

Have you reset all services again ?

 

You ran MBAM early in the thread and can't run it now ? Strange.

Which service caused this?