computer wont switch off

[ann39]

hi i,m maxman writing this on behalf off ann you helped me in the past so thought you might be able to help
The problem is with this machine a acer extensa 5235 laptop is that it wont switch of it just wants to restart but with a error message and safe start up menu and then a restore fix all normal checks have been done with avg and m/s checks
here are dds log before installing wizip 16 for attach file thank you in advance for help

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Parent at 10:24:17 on 2011-11-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.953.44 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Netintelligence Home\LiteClient.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\srvmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Launch Manager\LManager.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Netintelligence Home\LiteClientAM.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Netintelligence Home\AMMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.nextgenerationlearning.org.uk/ourhomeaccess
mStart Page = hxxp://www.nextgenerationlearning.org.uk/ourhomeaccess
BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TE4470~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ba3HelperObj Class: {a17b153f-2267-4161-a165-73dcd6c31bef} - c:\progra~1\texthe~1\readan~1\ba3bho.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NIHomeAM] "c:\program files\netintelligence home\LiteClientAM.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [PLD_FrameworkRunOnce] c:\windows\system32\oem\_waitAndLaunch_PLD_Framework_NoWait.vbs
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\NIHLSP.DLL
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{976C358F-90C4-4DE6-9A37-386AD6063C28} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\parent\appdata\roaming\mozilla\firefox\profiles\g60k6171.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-19 165648]
R1 MpKsl091fb88b;MpKsl091fb88b;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\MpKsl091fb88b.sys [2011-11-7 28752]
R1 MpKslbab09aad;MpKslbab09aad;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\MpKslbab09aad.sys [2011-11-7 28752]
R1 MpKslcaf5c68f;MpKslcaf5c68f;c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\MpKslcaf5c68f.sys [2011-11-7 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-12-5 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 NILiteClient;Netintelligence Home Edition Client;c:\program files\netintelligence home\LiteClient.exe [2009-12-5 2359296]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-29 1153368]
R2 ServiceMonitor;Service Monitor;c:\windows\system32\srvmon.exe [2009-12-5 712704]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-12-5 51712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-19 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-5 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-9 533344]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-18 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-5 167424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-30 52224]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
.
=============== Created Last 30 ================
.
2011-11-07 09:57:23 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\MpKsl091fb88b.sys
2011-11-07 09:26:07 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\MpKslbab09aad.sys
2011-11-07 08:54:29 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\MpKslcaf5c68f.sys
2011-11-07 08:53:31 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\offreg.dll
2011-11-07 08:53:27 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1bfef89a-0444-4665-b7f9-7622e07677d8}\mpengine.dll
2011-11-06 21:53:40 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-06 21:33:47 -------- d-----w- c:\windows\system32\appmgmt
2011-10-15 08:32:42 -------- d-----w- C:\d5aa5267031d5ee99ae3ee09c17b
2011-10-13 11:47:57 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 11:47:57 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 11:47:55 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 11:47:55 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 11:47:50 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 09:50:43 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-10-11 09:50:38 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3b7b1676-c609-4437-baee-3d4960457801}\gapaengine.dll
.
==================== Find3M ====================
.
2011-09-07 12:55:23 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-29 17:33:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 17:12:31 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
============= FINISH: 10:27:13.95 ===============

[Blade81]

Hi,

System should have just one antivirus program installed only. That said, please decide between AVG and Microsoft Security Essentials.

The problem is with this machine a acer extensa 5235 laptop is that it wont switch of it just wants to restart but with a error message

What is the error?

[ann39]

Hi,

System should have just one antivirus program installed only. That said, please decide between AVG and Microsoft Security Essentials.


What is the error?

can turn m/s e off
the error on reboot is the dos screen saying "windows did not shut down properly " with start in safe mode etc .
don't know if this is a software or malware problem this machine will not shut down just restarts .

[Blade81]

Hi,

Disable automatic restart on error:
Click on the Start button->right click on Computer and select Properties.
In the task pane on the left, click the Advanced system settings link.
Locate the Startup and Recovery section near the bottom of the window and click on the Settings button.
In the Startup and Recovery window, locate and uncheck the check box next to Automatically restart.
Click OK in the Startup and Recovery window.
Click OK in the System Properties window.
You can now close the System window.


Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab, uncheck files option and then click scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

[ann39]

Hi,

Disable automatic restart on error:
Click on the Start button->right click on Computer and select Properties.
In the task pane on the left, click the Advanced system settings link.
Locate the Startup and Recovery section near the bottom of the window and click on the Settings button.
In the Startup and Recovery window, locate and uncheck the check box next to Automatically restart.
Click OK in the Startup and Recovery window.
Click OK in the System Properties window.
You can now close the System window.
logg as requested :

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab, uncheck files option and then click scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-12 19:27:00
Windows 6.1.7601 Service Pack 1
Running: nn9fej4l.exe; Driver: C:\Users\Parent\AppData\Local\Temp\kfldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x96C757A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x96C75848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x96C758E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x96C75980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C3F349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C78D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C80054 4 Bytes [A0, 57, C7, 96]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C80324 8 Bytes [48, 58, C7, 96, E4, 58, C7, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82C80398 4 Bytes [80, 59, C7, 96] {SBB BYTE [ECX-0x39], 0x96}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4680] ntdll.dll!LdrLoadDll 77A722B8 5 Bytes JMP 66B8FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4680] kernel32.dll!GetStartupInfoA + 238 75732048 7 Bytes JMP 6A3B2E30 C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Courier Plugin for Mozilla Firefox/WinZip Computing, S.L.)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5712] USER32.dll!GetWindowInfo 75D14B5E 5 Bytes JMP 66D089A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5712] USER32.dll!TrackPopupMenu 75D22228 5 Bytes JMP 66D08F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[552] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1228] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [7011B0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\ACPI_HAL \Device\0000022c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[Blade81]

Hi,

Does the system throw an error instead of automatic restart now when shutdown is attempted?

[ann39]

Help ! after recover install see thread :64327
every thing seemed fine and went on to install windows updates 91 in all, installed and it ask for a reboot;
on reboot a message came up reading "the computer restarted unexpectedly or encountered an unexpected error windows installation cannot proceed to install windows ,click ok to restart the computer and then restart the installation "
this repeats its self on a loop .
ive tried a safe mode restart only to get a fail " windows cannot complete windows install in safe mode please restart "
if i press an f key on reboot i get windows boot manger dos screen with an f8 advanced option and "tools " for memory diagnostics
on pressing f8 win 7 advanced menu comes up ive tryed last known good config (advanced ) to no avail and restore mode ,but trys to boot up in safe mode and then back to square 1 this is not good i can not send any loggs as i cannot get past this win7 install fail please help

[Blade81]

Hi,

It doesn't sound good at all. You may try Startup Repair to see if it's able to help.

[ann39]

Hi,

It doesn't sound good at all. You may try Startup Repair to see if it's able to help.

can not perform this as there is no option to restore /repair

[Blade81]

Hi,

Do you have the Windows 7 installation media available?