microsoft programs open, two seconds later error message appears saying that it has stopped working and then the program closes; this happens with saved files and new documents; the same also with internet explorer.
occasional freezing of whole pc; only solution is to turn off at wall. occasional blue screen appears with white text and then shuts down with no warning.


DDS (Ver_10-03-17.01) - NTFSx86
Run by username at 18:41:11.12 on 10/06/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.195 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\username\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://www.mail.reading.ac.uk/
uDefault_Page_URL = hxxp://www.orange.co.uk
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\username\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2010-6-1 18432]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-10 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-5-10 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-10 297752]

=============== Created Last 30 ================

2010-06-09 06:01:51 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 06:01:18 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 06:01:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 06:01:13 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 06:01:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-09 06:00:22 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-07 02:22:54 0 d-----w- c:\program files\Windows Portable Devices
2010-06-07 02:22:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-07 02:22:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-07 02:06:18 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-07 02:06:18 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-07 02:06:17 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-07 02:04:55 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-06-04 02:05:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-04 02:05:03 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-04 02:05:02 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-01 10:00:36 122880 ----a-w- c:\windows\system32\Nsvideo.dll
2010-06-01 10:00:36 0 d-----w- c:\program files\common files\NewSoft
2010-06-01 09:52:32 0 d-----w- c:\programdata\muvee Technologies
2010-06-01 09:49:49 0 d---a-w- c:\programdata\TEMP
2010-06-01 09:40:19 18432 ----a-w- c:\windows\system32\drivers\Achernar.sys
2010-06-01 08:49:24 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-01 08:49:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-01 08:49:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-31 20:37:33 0 d-----w- c:\windows\system32\eu-ES
2010-05-31 20:37:33 0 d-----w- c:\windows\system32\ca-ES
2010-05-31 20:37:32 0 d-----w- c:\windows\system32\vi-VN
2010-05-31 20:08:04 0 d-----w- c:\windows\system32\EventProviders
2010-05-31 20:03:59 378368 ----a-w- c:\windows\system32\imapi2.dll
2010-05-31 20:02:59 876032 ----a-w- c:\windows\system32\wer.dll
2010-05-31 20:01:43 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-31 10:17:02 0 d-----w- c:\users\username\Office Genuine Advantage
2010-05-27 07:30:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 07:26:38 738816 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-06-07 02:22:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-07 02:22:48 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-07 02:22:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-07 02:22:48 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-31 20:26:35 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-12 10:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2008-12-25 07:59:17 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-02 19:50:39 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-02 19:50:39 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-02 19:50:39 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:45:19.24 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/11/2007 06:53:27
System Uptime: 06/10/2010 18:25:13 (-2832 hours ago)

Motherboard: Hewlett-Packard | | 30D9
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | CPU | 1600/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 103 GiB total, 49.143 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 2.992 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BBC iPlayer Desktop
Bonjour
Conexant HD Audio
EPSON Printer Software
ERUNT 1.1j
ESU for Microsoft Vista
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 G2
HP Update
HP User Guides 0078
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 6
LightScribe 1.6.43.1
Macromedia Flash Player 8
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
NetWaiting
Network Play System (Patching)
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Orange Livebox
Presto! VideoWorks 6
PSSWCORE
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Spybot - Search & Destroy
The Sims 2
The Sims Makin' Magic
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
Virtual DrumX
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool

==== End Of File ===========================

Hi,

Does such thing happen only with some specific programs?

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

hi there, Many thanks for reply.
I'm not sure if i was meant to, but i have put the log into a word document within the zipped file, as i could not paste the log into the zipped file alone.

the programs which close, close randomly; sometimes all programs are fine, sometimes only microsoft word will close upon opening, sometimes only internet explorer (which has been happening more often). the blue screen and automatic freeze or shut down seems only to happen after i have shut down my computer, and not if i have put it into hibernate and then woken it up.

again, thanks for help.

Hi again,

Let's update current software version + do some scanning.

Uninstall old Adobe Reader versions and get the latest one (both 9.3 and update 9.3.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall Macromedia Flash Player 8.

Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report & a fresh dds.txt log.

Hi, Many Apologies it has taken me so long to reply.
i have had numerous problems carrying out the instructions;
firstly, installing adobe 9.3 this error came up (in the attatched document screen shot).
i then uninstalled macromedia flash player 8.
i then uninstalled other flash players, as per instructions.
i downloaded the new java successfully, following all instructions and restarted my PC. when i double clicked on the desktop file, but an error message came up, saying the file could not be opened.
obviously, i had already removed all java, so when revisited the original java link to download it, they redirected me to download java first. i clicked download and saved to desktop, but upon opening my desktop, the file could not be found. i re-tried this saving proces several times, saving in different places, but the file could not be found.
unfortunately, the same thing happened with ATF (Atribune Temp File) Cleaner© by Atribune; it could not be found upon saving to desktop.
i then attempted the Kaspersky Online Scanner , following the instructions in the screen shot, but the website would not give me the option to accept; as shown in the other attatched doc.

Thanks so much for your help, Many apologies for the delay.

Hi,

Could you uninstall AVG for now and then try to follow those steps again, please? I've seen this kind of behaviour (file disappearing etc) occuring with Vista + AVG combination.

So Sorry it took me so long to reply; my computer kept freezing so i had to restart the scan's etc.
i have posted them into two seperate notepad files, within the zipped folder. this time, after uninstalling AVG, everything worked perfectly; Many Thanks

Hi,

Delete these files if found:
C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\2ff2a511-3c690b97
C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-53c0d751

Post fresh dds.txt log (your previous post contained GMER log instead of it).

Hi,
Have deleted those two, but not the duplicate files with .IDX extention. hope thats ok, the scan is within the zipped folder, many appologies for doing the wrong one;
Thanks again

Hi,

Download and install Adobe Reader update 9.3.2 here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows).

Any issues left?

Many Thanks, have installed adobe; the freezing was still happening this morning, but can't tell if it's all sorted now, as the problems were often but sporadic; sometimes the programs/ PC would close, sometimes not etc.
would it be ok if i report back within 3 days? then i can be more definate with whether the problems have gone.

That sounds like a good plan :)

Hi,
Unfortunately no change with the problems after a shut down, or with Microsoft Internet closing, and plenty of error messages appearing.
Many Thanks

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi, Many thanks for reply;
attatched are two DDS logs, and the combofix log.
Thanks again

Hi,

Upload c:\windows\System32\termsrv.dll file to http://www.virustotal.com and post back the results.


Run a disk check for all your hard drive partitions. Instructions (method one) here (http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html).

Then defrag those partitions.

Antivirus Version Last Update Result
a-squared 5.0.0.30 2010.06.28 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.28 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.27 -
Avast 4.8.1351.0 2010.06.28 -
Avast5 5.0.332.0 2010.06.28 -
AVG 9.0.0.836 2010.06.28 -
BitDefender 7.2 2010.06.28 -
CAT-QuickHeal 10.00 2010.06.28 -
ClamAV 0.96.0.3-git 2010.06.28 -
Comodo 5246 2010.06.28 -
DrWeb 5.0.2.03300 2010.06.28 -
eSafe 7.0.17.0 2010.06.28 -
eTrust-Vet 36.1.7671 2010.06.28 -
F-Prot 4.6.1.107 2010.06.28 -
F-Secure 9.0.15370.0 2010.06.28 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.28 -
Ikarus T3.1.1.84.0 2010.06.28 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.28 -
McAfee 5.400.0.1158 2010.06.28 -
McAfee-GW-Edition 2010.1 2010.06.28 -
Microsoft 1.5902 2010.06.28 -
NOD32 5234 2010.06.28 -
Norman 6.05.10 2010.06.28 -
nProtect 2010-06-28.01 2010.06.28 -
Panda 10.0.2.7 2010.06.28 -
PCTools 7.0.3.5 2010.06.28 -
Prevx 3.0 2010.06.28 -
Rising 22.54.00.04 2010.06.28 -
Sophos 4.54.0 2010.06.28 -
Sunbelt 6517 2010.06.28 -
Symantec 20101.1.0.89 2010.06.28 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.28 -
VBA32 3.12.12.5 2010.06.28 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.28 -
Additional information
File size: 449024 bytes
MD5...: df4363ffdccb9b8bfc86a026c0573aee
SHA1..: 958d4967004d80e60674867d2496048318d6ee85
SHA256: a2eac54665b25d44fb37efc62c67779105f26e2e3e3eb713935126c45a4356c6
ssdeep: 6144:WOM4qrbDFKQa95qpUhSZQdC9pRPY8T2YicSH1QdwW6T4kIrTeWFUgN56/YS
tg4w+:WVbr3FKNIyhYT2k7hJCWH6/YStgr

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1327a
timedatestamp.....: 0x49e0381b (Sat Apr 11 06:26:35 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5f524 0x5f600 6.70 8818094f7da78be3fb835170cf25eb46
.data 0x61000 0x7a40 0x7a00 0.41 6d6fea80b826a746d380f1f35fb9290d
.rsrc 0x69000 0x20c0 0x2200 3.73 c31149062805cda35ce701c238d82561
.reloc 0x6c000 0x4254 0x4400 6.67 05697605303023e7840e2111f3dd6c27

( 9 imports )
> msvcrt.dll: _onexit, _errno, wcscpy_s, _lock, __dllonexit, _unlock, _except_handler4_common, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, realloc, wcscat_s, _wcsnicmp, _vsnprintf, qsort, iswspace, wcschr, _wcsicmp, _resetstkoflw, wcstok, wcsncpy_s, memcpy_s, free, malloc, memcpy, _vsnwprintf, memset, ___U@YAPAXI@Z, __2@YAPAXI@Z, _purecall, ___V@YAXPAX@Z, __3@YAXPAX@Z
> ntdll.dll: RtlReleaseResource, RtlMapGenericMask, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlCreateUserSecurityObject, RtlGetOwnerSecurityDescriptor, RtlGetControlSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlCopySecurityDescriptor, RtlGetGroupSecurityDescriptor, NtQueryInformationProcess, RtlCopySid, NtQueryInformationToken, NtOpenProcessToken, NtOpenProcess, RtlAcquireResourceShared, RtlAcquireResourceExclusive, RtlRaiseException, RtlLengthSid, NtDuplicateToken, DbgPrint, RtlEqualSid, RtlNtStatusToDosError, NtQueryVirtualMemory, RtlFreeSid, RtlCompareMemory, RtlExtendedLargeIntegerDivide, RtlInitString, NtDuplicateObject, NtClose, NtQueryLicenseValue, RtlAdjustPrivilege, RtlNumberGenericTableElements, RtlClearBits, RtlAreBitsSet, RtlFindClearBitsAndSet, RtlLookupElementGenericTable, RtlInitializeGenericTable, RtlDeleteElementGenericTable, RtlEnumerateGenericTable, RtlInsertElementGenericTable, RtlInitializeBitMap, RtlDeleteResource, RtlInitializeResource, NtQuerySystemTime, NtQuerySystemInformation, RtlInitUnicodeString, NtCreateFile, RtlAllocateAndInitializeSid
> ADVAPI32.dll: RegConnectRegistryW, CheckTokenMembership, CreateWellKnownSid, MakeSelfRelativeSD, MakeAbsoluteSD, GetTokenInformation, CloseServiceHandle, NotifyServiceStatusChangeW, QueryServiceConfigW, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, GetSecurityDescriptorDacl, BuildTrusteeWithSidW, SetNamedSecurityInfoW, GetFileSecurityW, GetAclInformation, GetAce, EqualSid, SetThreadToken, CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, InitiateSystemShutdownExW, ConvertSidToStringSidW, ImpersonateLoggedOnUser, CreateProcessAsUserW, RevertToSelf, RegEnumKeyExW, AllocateAndInitializeSid, SetEntriesInAclW, RegisterEventSourceW, DeregisterEventSource, ReportEventW, QueryTraceW, EnableTrace, StartTraceW, ControlTraceW, IsValidSecurityDescriptor, OpenProcessToken, GetSecurityDescriptorLength, AccessCheckAndAuditAlarmW, LsaGetUserName, LsaFreeMemory, LookupAccountSidW, DuplicateToken, DuplicateTokenEx, ControlService, EventUnregister, EventRegister, EventWrite, TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, SetServiceStatus, SetServiceBits, RegisterServiceCtrlHandlerW, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, EventWriteStartScenario, EventActivityIdControl, EventWriteEndScenario, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor
> RPCRT4.dll: RpcImpersonateClient, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcServerListen, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, I_RpcBindingInqLocalClientPID, I_RpcBindingIsClientLocal, RpcServerRegisterAuthInfoW, RpcServerInqDefaultPrincNameW, UuidToStringW, UuidFromStringW, RpcServerInqCallAttributesW, RpcStringFreeW, RpcRevertToSelf, RpcServerUnregisterIfEx, NdrServerCall2
> ICAAPI.dll: IcaStackConnectionClose, IcaStackConnectionWait, IcaStackConnectionAccept, IcaStackLock, IcaStackUnlock, IcaStackConnectionRequest, _IcaStackIoControl, IcaPushConsoleStack, IcaStackClose, IcaStackDisconnect, IcaOpen, IcaStackOpen, IcaChannelClose, IcaStackTerminate, IcaChannelIoControl, IcaStackIoControl, IcaIoControl, IcaClose, IcaChannelOpen
> WS2_32.dll: -, -, GetNameInfoW
> WINTRUST.dll: CryptCATAdminCalcHashFromFileHandle, WinVerifyTrust, CryptCATAdminAcquireContext, CryptCATCatalogInfoFromContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, CryptCATAdminReleaseContext, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain
> PSAPI.DLL: EnumProcessModules
> KERNEL32.dll: GetSystemTime, SystemTimeToFileTime, FormatMessageW, GetSystemDirectoryW, HeapFree, GetProcessHeap, HeapAlloc, IsDebuggerPresent, CreateProcessW, SleepEx, LocalSize, RtlCaptureStackBackTrace, QueryDosDeviceW, CreateFileW, OpenProcess, RegisterWaitForSingleObject, VerifyVersionInfoW, VerSetConditionMask, OutputDebugStringA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetVersionExA, LoadLibraryA, DelayLoadFailureHook, InterlockedExchange, CompareFileTime, InterlockedCompareExchange, CreateDirectoryW, GetComputerNameW, GetSystemTimeAsFileTime, GetModuleHandleExW, ExpandEnvironmentStringsW, ProcessIdToSessionId, SetLastError, GetVersionExW, GetModuleFileNameW, GetLastError, GetExitCodeThread, WaitForMultipleObjects, LocalAlloc, LocalFree, InterlockedIncrement, GetModuleHandleW, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, Sleep, DebugBreak, DisableThreadLibraryCalls, UnregisterWait, CloseHandle, WaitForSingleObject, SetEvent, ExitThread, CreateThread, CreateEventW, GetProcAddress, LoadLibraryW, FreeLibrary, DuplicateHandle, GetCurrentProcess, GetCurrentProcessId, DeviceIoControl, MultiByteToWideChar, InterlockedDecrement, GetCurrentThread, lstrcmpW, ResetEvent, lstrlenW, lstrcmpiW, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW

( 2 exports )
ServiceMain, SvchostPushServiceGlobals

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows OCX File (68.1%)
Win32 Executable MS Visual C++ (generic) (20.7%)
Win32 Executable Generic (4.7%)
Win32 Dynamic Link Library (generic) (4.1%)
Generic Win/DOS Executable (1.1%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Terminal Server Remote Connections Manager
original name: termsrv.dll
internal name: termsrv.dll
file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

-----------------------------------------------------------------------

this is the file results; i will post directly with results of defrag

tried to restart computer after scheduling a disk check, but blue screen appeared as it was shutting down telling me this was an emergency shut down etc. so i will restart again, to enable the disk check. appologies for fragmented posts, but there is no way to store information between shut downs. thanks

hi again, after restarting a second time to allow disk check, disk check was interupted by the blue screen again, which ensued an emergency shut down. apart from this, i am uncertain as to how to defrag those partitions, as no option is given during disk check. Many Thanks

Please note down the error message on blue screen. There may be some issue with hardware.

Unless there is some way of freezing the blue screen, i am always unable to read even the first line, let alone print screen etc as it flashes up blue with white writing for only half a second or so. the only words i can gather is emergency and shut down. i will restart again now and post if i can recover any more of the writing. Many Thanks

no, nothing that time. the only other text is on a windows error message which appears upon desktop afterwards which says something like windows had to close unexpectedly etc. also i keep getting error messages saying windows licencing error flash up after restart, and one of the times i restarted a window appeared asking if i would like to verify my product key for windows now or later. i clicked later and the desktop appeared as normal, but without background and sometimes with larger text. hope this helps

Hi,

To prevent system from automatic reboot during error please disable automatic restart by following steps here (http://pcsupport.about.com/od/windowsvista/ht/arestartvista.htm?rd=1).

ok, have done. do you want me to now restart to see if i can get the text on the blue screen?

Try to check the disk again (it was this piece of action that triggered blue screen last time, wasn't it?).

hi,
the disk check said; the volume is clean; windows has finished checking the disk, immediately. then a grey and black screen popped up saying; windows failed to start. a recent hardware or software change might be the cause. and then launched startup repair automatically. after startup repair had checked for problems, it flashed up; windows cannot repair this automatically.

no blue screen this time; i think its more the shutting down that triggers it randomly, not nesesarily the disk check, as it didnt happen then.
forgive me, but im still unsure as to how to defrag the partitions?
Many Thanks

Hi,

Defragging can be launched by doing this:
1. Right click hard drive in my computer window and select properties.
2. Click Tools-tab and you should find a button to launch defragging process.

defrag completed; took several hours. there was no log or message at the end, i suppose thats normal?

Yes, that's normal.

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK


Still symptoms left?

Hi,
have uninstalled combofix, may i wait two days just to make certain its fixed? Many Thanks for your patience.

Yes, let's see the situation again after a few days.

hi,
shut down last night and started up this morning.as it was starting up, an unscheduled disk check popped up saying; one of the disks needs to be checked for consistency.once finished, it got through whole process of starting up until desktop appeared and then the blue screen came up. it said;
a problem has been detected and windows has been shtu down to prevent damage. if this is the first time you have seen this error screen then restart your PC. if this screen appears again, run a system diagnostic utility run a memory check and check for faulty or mismatched memory. try changing video adapter.disable or remove any newly installed hardware or software; collecting data for crash dump, beggining dump of physical memory. contact your system administrator or technical support group for further assistance.

my computer since it has started keeps freezing for periods of five or so seconds, consistently every minuite or so, which is unlike it to dos so.
hope that is useful, unfortunately, it seems its still behaving badly.
Many, Many thanks for your continued patience

Hi,

To me it looks more evident that there're deeper than malware related issues there. It would probably be better to post a forum that has areas for non malware issues too. One this kind of forum would be Tech Support Guy (http://forums.techguy.org).

Hi, have posted on there now. Many thanks for all your help, very much appreciated

You're welcome. Hopefully the thing gets sorted out :)

I'll close the topic here now.