[ira_gaines]

For the past week I've experienced this problem. It's happened 3 times. My laptop display will freeze, start flashing and then go black. The computer doesn't actually shut down however. In the instances where I've been listening to something when this has happened the audio starts skipping as well. When I restart the pc, the user accounts menu screen is just bright blurry colours and sometimes criss crossed lines. I have to restart it several times to get to the account screen showing up correctly. Even then, when I try to go into an account the display unit freezes again. Eventually when I'm able to get into a user account the same thing will happen as soon as I open an application. When I used Safe Mode to get into accounts there are no problems however. I had to restart my laptop ten times this morning before I could get into an account normally without it freezing.

I thought this might be happening due to over-activity on the computer originally but in the last instance it happened while I was shutting down with only one application left open. In all instances I've had the laptop on for at least an hour. Also, internet explorer has always been open when it's happened.

I'd really appreciate any help with this. It's bad enough that the computer keeps freezing but to then take 40 minutes to restart it properly again is just ridiculous.

System specs: Windows Vista Home Premium 2007, Service Pack 2
Memory RAM: 2.00 GB
Processor: Intel ® Core 2 Duo CPU processor T7300 @ 2.00 GHz 2.00 GHz
System type: 32-bit operating system


Many Thanks

Edited by ira_gaines, 27 April 2012 - 03:18 AM.

[Advertisements]

I tried doing a virus scan with AVG twice to see if that might provide an answer. I ran it and left the room for a while. When I came back the computer was shut down. This happned twice. I thought to look at the power settings because the previous freezing I've mentioned never caused the pc to actually shut down. I looked in the Advanced Power settings which I'd never done before. It turns out that it was set for the Hard Disk to shut down 20 min after being inactive. I changed that. I also noticed that my Minimum Performance state is set to 5% and Maximum at 100% (I never unplug the laptop so these are all plugged in settings). I've also got my Adaptive Display set to ON. Should these be changed?

Thanks

[ira_gaines]

I tried doing a virus scan with AVG twice to see if that might provide an answer. I ran it and left the room for a while. When I came back the computer was shut down. This happned twice. I thought to look at the power settings because the previous freezing I've mentioned never caused the pc to actually shut down. I looked in the Advanced Power settings which I'd never done before. It turns out that it was set for the Hard Disk to shut down 20 min after being inactive. I changed that. I also noticed that my Minimum Performance state is set to 5% and Maximum at 100% (I never unplug the laptop so these are all plugged in settings). I've also got my Adaptive Display set to ON. Should these be changed?

Thanks

[RKinner]

Sorry you had to wait but you made two mistakes. First you didn't include an OTL log as required by the instructions at the top of the forum and second you answered your own post. (We look for posts with no replies when deciding who to help.)

Doesn't sound like malware but you never know.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Let's look for other problems as it sounds like it may just be overheating.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Wait until the computer has been on 30 minutes or so: Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.
The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

[ira_gaines]

Here are all the logs. I don't know if it makes a difference but I did all these while in safe mode because I haven't been able to get to the accounts screen normally today since this morning when it froze again.Like I mentioned in the original post everything's working fine in safemode. Thanks.

OTL Log 1:

OTL logfile created on: 05/05/2012 14:17:29 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.51% Memory free
4.23 Gb Paging File | 3.95 Gb Available in Paging File | 93.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 171.67 Gb Free Space | 73.72% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/05 13:41:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2009/04/11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 20:29:01 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 02:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/21 07:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\owner\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...CHBA_en-GBGB474
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 21:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/01 21:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/02 14:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2012/03/02 15:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/02 15:16:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/01 21:10:11 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/06/28 16:02:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/12 06:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/12 04:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B63089F7-28A4-4DEF-948B-796F4ABF3EAE}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 13:45:06 | 004,485,448 | ---- | C] (Piriform Ltd) -- C:\Users\owner\Desktop\spsetup116.exe
[2012/05/05 13:42:24 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\owner\Desktop\procexp.exe
[2012/05/05 13:41:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/05/04 16:15:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ImgBurn
[2012/05/04 16:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/05/04 16:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/05/01 16:01:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/28 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\NVIDIA
[2012/04/28 08:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2012/04/28 08:31:46 | 001,053,664 | ---- | C] (techPowerUp (www.techpowerup.com)) -- C:\Users\owner\Desktop\GPU-Z.0.6.0.exe
[2012/04/12 18:23:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 18:23:41 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 18:23:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 18:23:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 18:23:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 18:23:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 18:21:54 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 18:21:54 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 14:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 14:09:47 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 14:09:47 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 13:45:11 | 004,485,448 | ---- | M] (Piriform Ltd) -- C:\Users\owner\Desktop\spsetup116.exe
[2012/05/05 13:42:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\owner\Desktop\VEW.exe
[2012/05/05 13:42:47 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\owner\Desktop\procexp.exe
[2012/05/05 13:41:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/05/04 19:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 17:34:57 | 097,104,481 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/04 16:14:09 | 000,001,674 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/05/04 15:43:12 | 000,169,984 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/02 19:05:53 | 000,305,155 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/01 16:46:03 | 160,044,918 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/30 20:27:28 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/30 20:27:28 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/30 18:54:34 | 000,001,356 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2012/04/28 08:32:29 | 000,000,760 | ---- | M] () -- C:\Users\owner\Desktop\TechPowerUp GPU-Z.lnk
[2012/04/28 08:31:46 | 001,053,664 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\owner\Desktop\GPU-Z.0.6.0.exe
[2012/04/27 17:19:16 | 000,624,914 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/04/18 20:29:01 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/18 20:29:01 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/07 10:31:10 | 066,585,231 | ---- | M] () -- C:\Users\owner\Desktop\20080917.mp3
[2012/04/07 10:29:13 | 044,707,968 | ---- | M] () -- C:\Users\owner\Desktop\20070620.mp3
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/05 13:42:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\owner\Desktop\VEW.exe
[2012/05/04 16:14:09 | 000,001,674 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/05/04 16:14:09 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/05/01 16:01:34 | 160,044,918 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/28 08:32:29 | 000,000,760 | ---- | C] () -- C:\Users\owner\Desktop\TechPowerUp GPU-Z.lnk
[2012/04/07 10:22:14 | 066,585,231 | ---- | C] () -- C:\Users\owner\Desktop\20080917.mp3
[2012/04/07 10:21:58 | 044,707,968 | ---- | C] () -- C:\Users\owner\Desktop\20070620.mp3
[2011/07/02 13:28:03 | 000,169,984 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 11:13:40 | 000,000,760 | ---- | C] () -- C:\Users\owner\AppData\Roaming\setup_ldm.iss
[2011/06/28 13:10:00 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

< End of report >


OTL LOG 2:

OTL Extras logfile created on: 05/05/2012 14:17:29 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.51% Memory free
4.23 Gb Paging File | 3.95 Gb Available in Paging File | 93.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 171.67 Gb Free Space | 73.72% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AE4ABE7A-90D8-4356-9F22-BA659E97EE8C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D138DF96-E991-465C-96C7-8F67A3DF0337}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2EEC6B0-337A-4739-854D-0D9986BF67E8}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0674DF99-38B7-4A58-B59D-14711006462A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{0799D606-4F6D-40C9-BA11-0AB38FDB18A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1C600E14-3A96-4A15-A908-063500897D3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5048F375-FABE-4243-BA9F-B0C19E86691F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5AAE9BE3-551D-4D23-8424-037A50FE4EB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B51DDC1-AC1B-41CB-A8EA-F4E758106C93}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{67A7A5BE-29C8-4960-B4E9-67FF3038C58C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{8E454117-2FC9-4DB7-A917-81B5B0F952E0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{953C6762-E82F-4EF2-B150-EBABE7B03C10}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{97B3470A-6F5D-4ABE-A3D6-8230BFB5AC00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9A8F155A-8301-4677-9199-5DDDD07E529A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A94B43E5-F072-4210-91FB-FFE46B363FE1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BE6C5D7A-D0E3-4E7B-8293-5B1B5103189F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D21D7F8F-8471-485C-AC4D-73F4D7EC39BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D2AD6B6C-8AC4-436E-98F3-AFA149ECAE9E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D68A8F8E-911B-46AD-973B-8BD8D832FFE1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DBC95091-91D4-4A8A-9D2F-54FFF8845211}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E2148A97-B8A9-4C45-BBD6-F314EA5A6514}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E37259AC-02BD-4760-966E-F20C4B6D6DB0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{EB564EFD-04A4-4814-AE6D-1227D366CB69}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{FF3C422F-6A8E-4EE1-AB4A-084823A9789A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-06-26
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ImgBurn" = ImgBurn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SystemRequirementsLab" = System Requirements Lab
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XMedia Recode" = XMedia Recode 3.0.8.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/05/2012 06:37:49 | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 04/05/2012 10:25:27 | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 04/05/2012 10:43:08 | Computer Name = owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 04/05/2012 11:19:59 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2012 11:19:59 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2012 11:20:00 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2012 11:20:00 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2012 11:26:15 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2012 11:26:16 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2012 11:26:16 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 16/12/2011 03:59:59 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 16/12/2011 03:59:59 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/12/2011 04:00:38 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 16/12/2011 04:00:38 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/12/2011 04:01:22 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 16/12/2011 04:01:22 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/12/2011 04:03:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 16/12/2011 04:03:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/12/2011 16:33:31 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 24/12/2011 05:54:36 | Computer Name = owner-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >


VEW Log 1:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/05/2012 14:38:26

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2012 13:16:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 05/05/2012 13:13:02
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6

Log: 'System' Date/Time: 05/05/2012 13:13:02
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 05/05/2012 13:12:25
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 05/05/2012 13:12:24
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Log: 'System' Date/Time: 05/05/2012 13:12:23
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/05/2012 13:12:16
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 05/05/2012 13:12:07
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

Log: 'System' Date/Time: 05/05/2012 12:39:40
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6

Log: 'System' Date/Time: 05/05/2012 12:39:40
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 05/05/2012 12:39:21
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 05/05/2012 12:38:56
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 05/05/2012 12:38:54
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Log: 'System' Date/Time: 05/05/2012 12:38:53
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/05/2012 12:38:45
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

Log: 'System' Date/Time: 05/05/2012 12:38:46
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 05/05/2012 12:32:31
Type: Error Category: 0
Event: 13 Source: ACPI
: The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Log: 'System' Date/Time: 05/05/2012 12:24:14
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

Log: 'System' Date/Time: 05/05/2012 06:56:48
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 07:54:13 on 05/05/2012 was unexpected.

Log: 'System' Date/Time: 05/05/2012 06:48:56
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 07:47:47 on 05/05/2012 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2012 13:11:43
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 05/05/2012 13:11:26
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 13:09:23
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 13:04:38
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:59:04
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:53:13
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:38:22
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 05/05/2012 12:38:05
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:35:30
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:32:25
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:31:31
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 05/05/2012 12:31:31
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/05/2012 12:29:05
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:25:57
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 12:24:15
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/05/2012 12:23:50
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 05/05/2012 12:23:33
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 06:58:09
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 06:57:20
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/05/2012 06:57:20
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll


VEW Log 2:


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/05/2012 14:39:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2012 13:12:23
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 05/05/2012 12:38:53
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 04/05/2012 15:26:16
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 15:26:16
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 15:26:15
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 15:20:00
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 15:20:00
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 15:19:59
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 15:19:59
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\OWNER\DESKTOP\MEMTEST86+-4.20.ISO\MT420.ISO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 04/05/2012 14:43:08
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 04/05/2012 14:25:27
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 04/05/2012 10:37:49
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 03/05/2012 17:06:34
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application mpc-hc.exe, version 1.5.2.3268, time stamp 0x4e070934, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0x1500, application start time 0x01cd294e65977100.

Log: 'Application' Date/Time: 01/05/2012 15:47:17
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 30/04/2012 17:06:08
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 30/04/2012 16:51:31
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 27/04/2012 08:09:23
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 27/04/2012 06:56:17
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 27/04/2012 06:43:01
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 25/04/2012 19:30:16
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2012 13:12:14
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 05/05/2012 12:48:47
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 05/05/2012 12:48:46
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 05/05/2012 12:38:44
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 15:34:27
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 04/05/2012 15:17:01
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 15:17:00
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 14:43:00
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 14:37:23
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 14:37:22
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 14:25:18
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 10:44:04
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 10:44:03
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/05/2012 10:37:40
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/05/2012 20:22:33
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 01/05/2012 15:48:09
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/05/2012 15:48:09
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/05/2012 15:47:05
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 30/04/2012 18:00:01
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 30/04/2012 18:00:01
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Process Explorer Log:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 98.46 0 K 12 K
procexp.exe 1836 0.77 18,164 K 25,396 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
csrss.exe 488 0.77 2,028 K 8,304 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 1640 < 0.01 35,500 K 49,816 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
services.exe 572 < 0.01 2,680 K 5,284 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 816 < 0.01 10,152 K 18,596 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 188 < 0.01 37,404 K 55,736 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1020 < 0.01 14,080 K 13,780 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
WmiPrvSE.exe 1236 2,788 K 5,268 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 540 1,264 K 4,192 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 496 1,132 K 3,724 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
System 4 0 K 15,420 K
svchost.exe 792 2,720 K 5,448 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 736 2,320 K 5,300 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 944 13,200 K 17,240 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 976 7,672 K 11,760 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 920 6,896 K 7,820 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1036 3,320 K 5,768 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1212 3,960 K 7,940 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1312 1,544 K 4,436 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 384 284 K 740 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 592 1,500 K 3,552 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 584 3,112 K 2,040 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 316 1,132 K 3,656 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 452 1,508 K 5,816 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows




VEW Log 3:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/05/2012 16:57:04

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2012 15:22:59
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 05/05/2012 15:22:49
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6

Log: 'System' Date/Time: 05/05/2012 15:22:49
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 05/05/2012 15:22:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 05/05/2012 15:22:08
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Log: 'System' Date/Time: 05/05/2012 15:22:07
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 05/05/2012 15:22:01
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 05/05/2012 15:21:55
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

Log: 'System' Date/Time: 05/05/2012 15:19:16
Type: Error Category: 0
Event: 13 Source: ACPI
: The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2012 15:21:32
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 05/05/2012 15:21:14
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 15:19:21
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/05/2012 13:53:19
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


VEW Log 4:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/05/2012 17:20:11

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2012 15:22:07
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2012 15:21:59
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 05/05/2012 13:53:18
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 05/05/2012 13:53:17
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

[RKinner]

I see we got moved to the malware forum. Didn't realize when I replied that you were in the Vista forum. They don't allow OTL logs there.

I don't see any obvious signs of malware. Sounds to me like it is getting hot but I don't think Speccy will run in Safe Mode and it's what would tell me the temp.

I do see some problems in your events logs that looks a bit odd:

The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Give me the make and model of your PC and service tag if it has one. I'll look and see if there is a newer BIOS available. I think I'll look for a new graphics driver while there since safe mode doesn't really use the graphics driver much since you are in VGA mode.

Log: 'Application' Date/Time: 05/05/2012 15:22:07
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

The only report I see of this where they fixed it said the RAM was bad but I see you have tried the MEMTEST86. Did you try the builtin Vista memory test?
http://www.howtogeek...iagnostic-tool/

This actually smells like a software bug on Microsoft's part. Are you uptodate on your Windows Update?

Laptops are prone to overheating which is actually what this sounds like. Make sure the vents are not blocked with dust.

Download Speedfan:


http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check the Automatic Fan Speed box.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). This seems to let the heat get out faster.

This may not work in Safe Mode. There is a option in the safe mode menu to run in VGA mode. You might try that and see if it works.

If it is a program causing this and not your graphics/video driver then this might help:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.

[ira_gaines]

I see we got moved to the malware forum. Didn't realize when I replied that you were in the Vista forum. They don't allow OTL logs there.

I don't see any obvious signs of malware. Sounds to me like it is getting hot but I don't think Speccy will run in Safe Mode and it's what would tell me the temp.

I do see some problems in your events logs that looks a bit odd:

The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Give me the make and model of your PC and service tag if it has one. I'll look and see if there is a newer BIOS available. I think I'll look for a new graphics driver while there since safe mode doesn't really use the graphics driver much since you are in VGA mode.

Acer Aspire 7720g.

Log: 'Application' Date/Time: 05/05/2012 15:22:07
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

The only report I see of this where they fixed it said the RAM was bad but I see you have tried the MEMTEST86. Did you try the builtin Vista memory test?
http://www.howtogeek...iagnostic-tool/

I did download Memtest86 but didn't actually run the test. I've run the Vista Test now though. It didn't find any problems.

This actually smells like a software bug on Microsoft's part. Are you uptodate on your Windows Update?

I updated last week after this had started happening.

Laptops are prone to overheating which is actually what this sounds like.
Make sure the vents are not blocked with dust.

I opened up the panel covering the fan today and also unscrewed the box with the propellor. All the dust is gone now.

Download Speedfan:


http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check the Automatic Fan Speed box.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). This seems to let the heat get out faster.

This may not work in Safe Mode. There is a option in the safe mode menu to run in VGA mode. You might try that and see if it works.

It did work in Safe Mode and it's staying at around 45C.

[RKinner]

Acer has one BIOS for download. It's version 1.45

What version do you have? I presume it will tell you if you reboot and do whatever it tells you to get into the BIOS/CMOS setup. To get it you need to go to http://us.acer.com/a...content/drivers then click on Notebook then on Aspire then on 7720G then on BIOS. The download button is actually an orange arrow on the left. Click on it. Save the file, right click on it and Run As Admin. (Best to close all other programs before trying to update the BIOS).

They also have a VGA driver as they call it. Problem is they have three and without the speccy log I can't tell what you have. You can right click on Computer and select Manage then Device Manager and look under Display Adapter and see what it says you are using. (ATI, Intel, Nvidia) Then go back to the Acer site and instead of clicking on BIOS, Click on Driver, (May need to select your operating system first) then on the right is a scroll bar. Slide it down until you find the VGA for your PC. It will be a zip file so you will need to Save the file, right click on it and Run As Admin.

IF that doesn't help then let's run some scans:



Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron

[ira_gaines]

Acer has one BIOS for download. It's version 1.45

What version do you have? I presume it will tell you if you reboot and do whatever it tells you to get into the BIOS/CMOS setup. To get it you need to go to http://us.acer.com/a...content/drivers then click on Notebook then on Aspire then on 7720G then on BIOS. The download button is actually an orange arrow on the left. Click on it. Save the file, right click on it and Run As Admin. (Best to close all other programs before trying to update the BIOS).

They also have a VGA driver as they call it. Problem is they have three and without the speccy log I can't tell what you have. You can right click on Computer and select Manage then Device Manager and look under Display Adapter and see what it says you are using. (ATI, Intel, Nvidia) Then go back to the Acer site and instead of clicking on BIOS, Click on Driver, (May need to select your operating system first) then on the right is a scroll bar. Slide it down until you find the VGA for your PC. It will be a zip file so you will need to Save the file, right click on it and Run As Admin.

My BIOS version is Acer V1.17. Does this make a difference?

My VGA is NVIDIA.

On the website it says that installing these could be dangerous. Am I okay to do it?

Thanks

[RKinner]

IF you have 1.17 then it's definitely a good idea to get 1.45. It isn't that dangerous on a laptop because you have a battery (tho you should do it with the laptop plugged into the wall and not rely on the battery). On a desktop, if the power goes off at the wrong time it can leave you with a boat anchor.

The NVidia update should be no problem. If it goes bad you can always use safe mode or vga mode to boot.

I'd do the BIOS first and make sure that went well before going on to the Nvidia.

[ira_gaines]

IF you have 1.17 then it's definitely a good idea to get 1.45. It isn't that dangerous on a laptop because you have a battery (tho you should do it with the laptop plugged into the wall and not rely on the battery). On a desktop, if the power goes off at the wrong time it can leave you with a boat anchor.

The NVidia update should be no problem. If it goes bad you can always use safe mode or vga mode to boot.

I'd do the BIOS first and make sure that went well before going on to the Nvidia.

When I click on the BIOS 1.45 icon, either running as manager or not, a message comes up saying "InsydeFlash cannot load the driver. Please close all applications. If you are running this utility in Vista, please run as administrator". This is in Safe Mode. I haven't seen normal windows for days.

[RKinner]

Yes I expect the BIOS will not work in Safe Mode.

I assume you have downloaded the Nvidia driver.
Can you right click on (My) Computer and select Manage then Device Manager then find the Graphics Adapter and open it up. Find the Nvidia adapter and right click on it and uninstall then see if you can boot into regular mode. Also see if you can boot into VGA mode from the Safe Mode menu.

[ira_gaines]

Yes I expect the BIOS will not work in Safe Mode.

I assume you have downloaded the Nvidia driver.
Can you right click on (My) Computer and select Manage then Device Manager then find the Graphics Adapter and open it up. Find the Nvidia adapter and right click on it and uninstall then see if you can boot into regular mode. Also see if you can boot into VGA mode from the Safe Mode menu.

I'll try disabling the Nvidia driver. What's VGA mode. On Msconfig there are a number of options under Safe Boot. None of them says VGA. There's Minimal, Alternate Shell, Active Directory Repair, Network, No Gui Boot, Boot Log, Base Video, OS Boot Information.

[RKinner]

Probably Base Video.

[ira_gaines]

Okay, well it's definately a graphics driver issue.

I uninstalled the graphics driver and restarted the computer and was able to log into my accounts normally. I then uploaded the newest Nvidia update from the Acer website. Everything was working for the past 3 days fine with no crashes, except that every time I log into an account it really struggles to get in. The Screen often goes from Green to black several times before the account finally opens. Once it does a message comes up saying "Display Driver Stopped Responding and has recovered-Display Driver nvlddmkm stopped responding and has successfully responded". Now this morning, it had a really hard time getting but wasn't able to and went the "blue screen of death instead". I've uninstalled and reinstalled the driver and update but it's still always coming up with the Driver stopped window and it's gone to BSOD again once.

[RKinner]

Did you try the newest BIOS?

Did you try changing the settings on the graphics adapter? Perhaps they are set too high. You might back off the resolution or the number of colors or try a different refresh rate. Sometimes they have an accelerator setting or performance which can also be reduced.

You can get to the settings from the Control Panel or by following the instructions here:
http://www.cgl.ucsf....tingsvista.html