[Essexboy]

Update the other drivers

Then try a video again please

Do you have a folder called C:\Windows\minidump ? If so zip the last 4 or 5 minidumps and attach them here please

[Advertisements]

I can't attach the mini dump files. Do you know how to turn of the administrator permission thing?

[missytrix24]

I can't attach the mini dump files. Do you know how to turn of the administrator permission thing?

[missytrix24]

Sorry I couldn't do it the other way, but I ran this program called Nirsoft blue screen view and it gives you a log of your crashes. I don't know how to attach the file, but I have attached print screens of the last five crashes

Attached Thumbnails

• 
• 
• 
• 
• 

[Essexboy]

Seems to mainly tcpip so I will confirm it is legit

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[missytrix24]

here is the result of the combofix log:

ComboFix 13-01-24.02 - rangikudoug 24/01/2013 16:52:45.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1789.725 [GMT 0:00]
Running from: c:\users\rangikudoug\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\0tbpw.pad
D:\Autorun.inf
D:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 17:08 . 2013-01-24 17:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-01-24 14:25 . 2013-01-24 14:25 -------- d-----w- c:\windows\system32\RTCOM
2013-01-24 14:24 . 2000-01-01 00:00 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2013-01-24 14:24 . 2000-01-01 00:00 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2013-01-24 14:24 . 2000-01-01 00:00 819648 ----a-w- c:\windows\system32\tadefxapo2.dll
2013-01-24 14:24 . 2000-01-01 00:00 58264 ----a-w- c:\windows\system32\TepeqAPO.dll
2013-01-24 14:24 . 2000-01-01 00:00 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2013-01-24 14:24 . 2000-01-01 00:00 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2013-01-24 14:24 . 2000-01-01 00:00 1379760 ----a-w- c:\windows\system32\tosade.dll
2013-01-24 14:24 . 2000-01-01 00:00 134584 ----a-w- c:\windows\system32\tadefxapo.dll
2013-01-24 14:24 . 2000-01-01 00:00 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2013-01-24 14:24 . 2000-01-01 00:00 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2013-01-24 14:22 . 2000-01-01 00:00 7783768 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2013-01-24 14:16 . 2013-01-24 14:16 -------- d-----w- c:\program files\Realtek
2013-01-24 14:15 . 2013-01-24 14:26 -------- d--h--w- c:\program files\Temp
2013-01-24 14:08 . 2013-01-24 16:40 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-01-24 14:07 . 2013-01-24 14:07 -------- d-----w- c:\users\rangikudoug\AppData\Local\SlimWare Utilities Inc
2013-01-24 14:07 . 2013-01-24 14:07 -------- d-----w- c:\program files\SlimDrivers
2013-01-24 13:42 . 2013-01-24 13:42 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D6B6A81-2060-43AD-931C-0E99D7F27A85}\offreg.dll
2013-01-22 07:42 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D6B6A81-2060-43AD-931C-0E99D7F27A85}\mpengine.dll
2013-01-17 20:10 . 2013-01-17 20:10 -------- d-----w- C:\_OTL
2013-01-17 09:11 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-17 09:08 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-17 09:06 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-16 21:30 . 2013-01-16 21:30 -------- d-----w- c:\program files\NirSoft
2012-12-31 07:11 . 2012-12-31 07:11 -------- d-----w- c:\program files\RealNetworks
2012-12-31 07:11 . 2012-12-31 07:11 -------- d-----w- c:\programdata\RealNetworks
2012-12-31 07:10 . 2012-12-31 07:10 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-12-31 07:09 . 2012-12-31 07:09 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-24 14:24 . 2008-06-25 12:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-12-31 07:08 . 2003-03-18 21:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-31 07:08 . 2003-02-21 05:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 13:12 . 2012-12-21 10:21 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 10:21 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 06:41 . 2012-05-08 11:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 06:41 . 2012-05-08 11:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09 . 2012-12-12 08:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 08:59 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 08:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 08:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 08:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 06:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18 . 2012-12-12 06:54 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 06:54 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-07-14 00:15 . 2012-08-04 13:31 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-06-25 12:56 . 2008-06-25 12:56 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-10-12 1398680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2011-09-15 206120]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-31 295072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 10996368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^rangikudoug^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seagate 2GHY47P5 Product Registration.lnk]
path=c:\users\rangikudoug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate 2GHY47P5 Product Registration.lnk
backup=c:\windows\pss\Seagate 2GHY47P5 Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-04-07 14:09 306112 ----a-w- c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-06-25 12:56 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-13 00:15 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-05-12 23:44 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2012-10-02 19:29 2853224 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 23:06 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-07 20:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-17 14:19 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 20:17]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 20:17]
.
2013-01-24 c:\windows\Tasks\Recovery DVD Creator-Rangiku.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-06-25 10:13]
.
2013-01-24 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-12-16 12:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\rangikudoug\AppData\Roaming\Mozilla\Firefox\Profiles\whmdh52l.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: !HIDDEN! 2012-04-29 17:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
AddRemove-RealPlayer 16.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1384766853-3730318048-2777797473-1001\Software\SecuROM\License information*]
"datasecu"=hex:34,0e,fe,18,2d,12,f0,c5,05,29,66,99,3a,5d,f8,1a,28,38,d7,b5,94,
42,52,09,72,6e,b3,84,a1,5f,18,04,fa,71,54,98,32,13,ee,8d,1e,4c,6b,86,a1,ee,\
"rkeysecu"=hex:82,29,c2,7c,2f,1f,28,af,a8,c6,3d,94,d1,01,a7,45
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-24 17:12:13
ComboFix-quarantined-files.txt 2013-01-24 17:12
.
Pre-Run: 111,527,780,352 bytes free
Post-Run: 113,705,160,704 bytes free
.
- - End Of File - - C76D50A52F6F4A30310850F97D0850BF

awaiting your advice

[Essexboy]

No drivers are reported as compromised

Start an elevated command prompt :

Go Start > All Programs > Accessories
Right click command prompt and select "Run as Administrator"
In the black box that opens type the following command

sfc /scannow

This will check the veracity of all windows drivers and files.. I do not believe we are looking at malware
Let me know if there is any change once the sfc has completed

[missytrix24]

I've attached the result of the scan. The computer hasn't crashed for most of the day.

Attached Thumbnails

• 

[Essexboy]

Could you now try a video (with crossed fingers )

[missytrix24]

funny you should ask. I just did and it crashed within 5 minutes! But this time the blue screen didn't come up, it just went off and restarted and on boot-up asked if I wanted to strat windows normally. I'm not sure whats wrong...

[missytrix24]

but last night I managed to watch at least 3 hours of video without fault and closed my session with a normal shut down

[Essexboy]

Could you use it as normal for the next day or so and let me know if there is an improvement, then if you are happy I will tidy up

[missytrix24]

ok. Sorry for the delay in my response, I was away for the weekend but will see how I go. If all is well, could you please advise me on some regular clean up/checking system I could be using to help reduce these faults

[Essexboy]

Certainly, it is all part of the after service

[missytrix24]

Ok, for the past couple of days I've had no crashing other than the internet that seems to do that intermittently every so often. But I can watch videos, even those streamed from online, and I can start up and shut down normally. Please can you send me the tidy?

[Essexboy]

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall
  (Notice the space between the "x" and "/")
  then click OK
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe