[PAWSGK]

Here you go

Attached Files

•  avptool_sysinfo.zip   18.56KB   105 downloads

[Advertisements]

Here it is

Attached Files

•  avptool_sysinfo.zip   18.56KB   83 downloads

[PAWSGK]

Here it is

Attached Files

•  avptool_sysinfo.zip   18.56KB   83 downloads

[Essexboy]

Was that when you did this part ?

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post


Megaupload

[PAWSGK]

Yes

[Essexboy]

Hm as the analysis is showing nothing untoward

Could you restart the computer in safe mode please and then retry combofix

[PAWSGK]

ComboFix 11-10-28.04 - Pawsgkacademy 10/28/2011 16:03:25.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1575 [GMT -5:00]
Running from: c:\users\Pawsgkacademy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 21:10 . 2011-10-28 21:10 -------- d-----w- c:\users\Pawsgkacademy\AppData\Local\temp
2011-10-28 21:10 . 2011-10-28 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 20:58 . 2011-10-28 20:58 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DD83C3E-AACD-4BA8-95AD-28A62D780ACB}\offreg.dll
2011-10-28 20:30 . 2011-10-28 20:30 -------- d-----w- C:\found.002
2011-10-28 12:59 . 2011-10-28 12:59 -------- d-----w- C:\80b4a01ff10f54730f
2011-10-28 12:59 . 2011-10-28 12:59 -------- d-----w- c:\windows\CheckSur
2011-10-27 08:10 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-10-27 08:08 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-10-27 08:08 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-10-27 08:08 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-10-27 08:08 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-10-27 08:08 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-10-27 08:08 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-10-27 08:08 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-10-27 08:08 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-10-27 08:08 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-10-27 08:08 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-10-27 08:08 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-10-27 08:07 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-10-27 08:06 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-10-27 08:06 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-10-27 08:06 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-10-27 08:06 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-10-27 08:06 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-10-27 08:06 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-10-27 02:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-26 21:40 . 2011-10-26 21:40 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-26 13:20 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-26 13:20 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-26 05:20 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 05:20 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 05:18 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-26 05:17 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-26 05:17 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-26 05:17 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-26 05:17 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 05:17 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-26 05:17 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-26 05:17 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 05:17 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-26 05:15 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-10-26 05:15 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-26 05:15 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-26 05:15 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-26 05:12 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-10-26 05:12 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-10-26 05:12 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-10-26 05:12 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-10-26 05:11 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-26 05:11 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-10-26 05:11 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-26 05:11 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-26 05:11 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-10-26 05:11 . 2011-10-07 01:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DD83C3E-AACD-4BA8-95AD-28A62D780ACB}\mpengine.dll
2011-10-26 05:11 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-26 05:10 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-26 05:10 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-10-26 05:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-26 05:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-26 05:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-26 05:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-26 04:56 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-26 04:56 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-26 04:56 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:56 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:55 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-26 04:35 . 2011-10-26 04:35 -------- d-----w- C:\_OTL
2011-10-22 01:42 . 2011-10-22 01:42 -------- d-----w- C:\found.001
2011-10-21 21:42 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-21 21:42 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-21 21:42 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-21 12:57 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-21 03:46 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 01:48 . 2010-03-09 09:46 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 22:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpScrex"="c:\programdata\TpScrex\TpScrex.exe" [2011-10-21 11776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133912]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-13 113664]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-2-19 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-19 50688]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-2-19 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-12-18 10:24 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 09:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 20:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-19 19:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-08 691696]
R1 MpKsl29c037c4;MpKsl29c037c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9863CAD8-F950-4C94-8F0B-61D9C77B8EA3}\MpKsl29c037c4.sys [x]
R1 MpKsl40fb1aa5;MpKsl40fb1aa5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9863CAD8-F950-4C94-8F0B-61D9C77B8EA3}\MpKsl40fb1aa5.sys [x]
R1 MpKsl482e286f;MpKsl482e286f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DD83C3E-AACD-4BA8-95AD-28A62D780ACB}\MpKsl482e286f.sys [2011-10-28 28752]
R1 MpKsl74c7002b;MpKsl74c7002b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9863CAD8-F950-4C94-8F0B-61D9C77B8EA3}\MpKsl74c7002b.sys [x]
R1 MpKslc20ca304;MpKslc20ca304;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9863CAD8-F950-4C94-8F0B-61D9C77B8EA3}\MpKslc20ca304.sys [x]
R1 MpKslf586b558;MpKslf586b558;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBC3BBA3-7CC1-4BF0-A7F6-2F9BBED491E0}\MpKslf586b558.sys [x]
R1 MpKslfcb5be5d;MpKslfcb5be5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9863CAD8-F950-4C94-8F0B-61D9C77B8EA3}\MpKslfcb5be5d.sys [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-23 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-10-24 63360]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-24 218592]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085613422-3362866631-1568316703-1000Core.job
- c:\users\Pawsgkacademy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 15:42]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085613422-3362866631-1568316703-1000UA.job
- c:\users\Pawsgkacademy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 15:42]
.
2010-10-24 c:\windows\Tasks\RegInOut Scheduled Scan - Pawsgkacademy.job
- c:\program files\RegInOut\RegInOut.exe [2010-08-24 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://pawsgkacademy.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 16:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-28 16:13:23
ComboFix-quarantined-files.txt 2011-10-28 21:13
.
Pre-Run: 47,649,112,064 bytes free
Post-Run: 47,801,843,712 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - C9DA8B04F6810E5A2BEF9C49AEA5003E

[Essexboy]

Do you still get the freezes and the BSOD ? As I feel we may be looking at either hardware or a driver conflict

[PAWSGK]

Yes, I am getting both. I take it the logs look clean?

[Essexboy]

Yep no apparent malware

Step 1: Start the System Configuration Utility
To start the System Configuration Utility, click Start , type msconfig, and then press enter. If you are prompted for a password or confirmation, please provide it and continue.

Step 2: Configure selective startup options

• In the System Configuration Utility dialog box, click Selective Startup on the General tab.
• Click to clear the Load Startup Items check box.
• Note The Use Original Boot.ini check box is unavailable.
• Click the Services tab.
• Click to select the Hide All Microsoft Services check box.
• Click Disable All, and then click OK.
• When you are prompted, click Restart.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

Now we get to the tedious part:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem

[PAWSGK]

It's sits on the welcome page and won't start up

[Essexboy]

OK go to safe mode and then reset the services whilst I have a thunk about it

[PAWSGK]

I have to leave for the rest of the morning so you have a few hours. Won't be back till around 12:00 Central

[Essexboy]

No probs - I am on GMT

[PAWSGK]

Any thoughts?

[Essexboy]

First one is did you hide the MS services before disabling the remainder - silly question but I need to be sure

Could you download and then install Drivermax

Once installed then run - once it has finished it will take you to a web page with a list of all your drivers
Could you link me to that page please