rebooting and blue screening

yes I uninstalled MSSE and installed avast when you first told me to. MSSE does not show up in my "Add/Remove Programs" screen nor can I find any forders or services running.

the machine still dies and reboots upon the same actions mentioned before (activating the "Space" screensaver, scrolling on the PC Check Utility Screen...)
 
Hi fscali:

Let's remove the leftover.

1. ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: 
    KillAll::

Driver::
Lbd
MBAMSwissArmy
"Lavasoft Kernexplorer"
"Lavasoft Ad-Aware Service"

File::
c:\windows\system32\drivers\mbamswissarmy.sys
c:\windows\system32\DRIVERS\Lbd.sys

Folder::
"c:\documents and settings\fred\Application Data\Malwarebytes"
"c:\documents and settings\All Users\Application Data\Malwarebytes"
"c:\program files\Lavasoft"
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    ComboFixScriptDrag.gif


    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  5. Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **



In my opinion, better don't add any website in Trusted zone except your ISP.

2. Fix HiJackThis Entries
  • Open HiJackThis
  • Click on do a system scan only
  • Place a checkmark next to these lines(if still present):

    O15 - Trusted Zone: *.aa.com
    O15 - Trusted Zone: http://www.ancestry.com
    O15 - Trusted Zone: *.army.mil
    O15 - Trusted Zone: *.dau.mil
    O15 - Trusted Zone: *.disa.mil
    O15 - Trusted Zone: http://www.dsw.com
    O15 - Trusted Zone: http://www.keysenergy.com
    O15 - Trusted Zone: http://www.mymonthlycycles.com
    O15 - Trusted Zone: *.navyfcu.org
    O15 - Trusted Zone: *.noaa.gov
    O15 - Trusted Zone: *.osd.mil
    O15 - Trusted Zone: *.southcom.mil
    O15 - Trusted Zone: *.ugov.gov
    O15 - Trusted Zone: *.usmc.mil
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) -
  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.


3. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    Click to expand...
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



4. Since your computer is still giving BSOD, can you kindly upload another new minidump file?

thanks,
torreattack
 
Log below. Looks like we got rid of the additional MBAM files but not the MSSE.
Will run ESET next.

ComboFix 12-07-14.01 - fred 07/15/2012 12:25:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1405 [GMT -4:00]
Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fred\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\system32\drivers\mbamswissarmy.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Malwarebytes
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-08.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-10.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-11.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-12.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\documents and settings\fred\Application Data\Malwarebytes
c:\documents and settings\fred\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-07-08 (16-51-55).txt
c:\windows\system32\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_LBD
-------\Legacy_MBAMSWISSARMY
-------\Service_Lavasoft Ad-Aware Service
-------\Service_Lavasoft Kernexplorer
-------\Service_Lbd
-------\Service_MBAMSwissArmy
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-14 10:03 . 2012-07-14 10:03 -------- d-----w- c:\program files\Trend Micro
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:28 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 23:28 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_11.39.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-15 16:43 . 2012-07-15 16:43 16384 c:\windows\temp\Perflib_Perfdata_530.dat
+ 2012-07-13 05:21 . 2012-07-13 05:21 22016 c:\windows\Installer\172bc29.msi
+ 2012-07-11 23:28 . 2012-07-11 23:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-06 18:40 . 2012-07-11 23:28 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-06 18:40 . 2012-06-29 23:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-11 23:28 . 2012-07-11 23:28 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 2:51 PM 21744]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:28]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2012-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-15 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-06-19 c:\windows\Tasks\scali incremental.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
.
2012-07-15 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aa.com
Trusted Zone: ancestry.com\www
Trusted Zone: army.mil
Trusted Zone: citimortgage.com\www
Trusted Zone: dau.mil
Trusted Zone: disa.mil
Trusted Zone: dsw.com\www
Trusted Zone: google.com\mail
Trusted Zone: keysenergy.com\www
Trusted Zone: mymonthlycycles.com\www
Trusted Zone: navyfcu.org
Trusted Zone: noaa.gov
Trusted Zone: osd.mil
Trusted Zone: paypal.com\www
Trusted Zone: southcom.mil
Trusted Zone: southcom.mil\owa.jiatfs
Trusted Zone: ugov.gov
Trusted Zone: usmc.mil
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 12:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(5040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-15 12:52:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 16:51
ComboFix2.txt 2012-07-14 10:25
ComboFix3.txt 2012-07-11 11:45
.
Pre-Run: 43,810,926,592 bytes free
Post-Run: 43,780,136,960 bytes free
.
- - End Of File - - 9840933087256F4E2AD8B77AEE8439AA
 
Here's my ESET log. Nothing found. Combofix log is in the next post.
I am not getting BSODs anymore. When it crashes it just reboots immediately.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9a594ec0afa3b94f80442e8747082d1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-15 09:12:28
# local_time=2012-07-15 05:12:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=136413
# found=0
# cleaned=0
# scan_time=5186
 
torreattack,
a little more info on the crash/reboot: I'm not getting the BSOD, it just does an immediate power off reboot. it is different than a soft reboot because the power indicator light goes completely out for about a half second as the machine completely powers off.
two other posts below.
thanks,
Fred
 
Hi fscali:

avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.
Click to expand...
Sorry for the misunderstanding. I though you mean you had uninstall MSE and MBAM. You may reinstall MBAM back if you want to.


I am not getting BSODs anymore. When it crashes it just reboots immediately.
Click to expand...
Glad to hear the BSOD problem solved. As for the reboot problem, I don't think it is caused by malware. Your logs look ok to me.


I will try my luck to deal with the reboot problem with the following method, if still fail to solve, I had no choice but sent you to other expert. Sorry.

1. Do you have a Genuine XP CD-ROM and if so does it it include a Service Pack and if so which one?


2. System File Check:
You must login as administrator to perform this.

Close all open applications/windows etc.
  • Click on Start >> Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.



3. Farbar Service Scanner (FSS)
Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services (checked by default)
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press the "Scan" button.
    When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  • Please copy and paste the contents of the FSS.txt log to your reply.
    Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.


4. VEW - Vino's Event Viewer
Please download VEW.exe... by Vino Rosso. Save it to your desktop.
  1. Double click on VEW.exe to start the program. If you recieve an "Open File" security warning, press Run.
  2. In the "Select log to query" section check:
    • Application
    • System
  3. In the "Select type to list" section check:
    • Error
    • Information
    • Warning
  4. In the "Number or dates of events" section check :
    • Number of events... then enter 20 in the entry box.
  5. Press the Run button.
    When the process completes, it only takes a few seconds...
  6. Notepad will open with a report file named: VEW.txt... located on %SystemDrive%\VEW.txt ... usually C:\VEW.txt.
  7. Please copy and paste the contents of the VEW.txt file, in your next reply.

thanks,
torreattack
 
torreattack
no need to appologize. I appreciate the time you are taking to assist!

1. I have the Dell reinstallation disc for XP but...
2. When I run the SFC it askes specifically for the SP3 disc and I guess the one I have is not the right one so I can not complete the SFC.

3. and 4. the FSS and VEW logs are below:

Farbar Service Scanner Version: 08-07-2012
Ran by fred (administrator) on 16-07-2012 at 20:21:42
Running from "C:\Documents and Settings\fred\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Demand. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****







Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/07/2012 8:24:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 8:23:20 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:23:04 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:21:16 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:17:51 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:17:16 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:16:02 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:13:03 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:09:22 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 734037209.

Log: 'Application' Date/Time: 16/07/2012 8:09:18 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/07/2012 8:08:20 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/07/2012 8:07:19 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/07/2012 7:49:35 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 6:09:52 AM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 9:23:27 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:38:51 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:18:58 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:12:38 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:11:08 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:07:29 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 5:22:25 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 8:13:08 PM
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:56 PM
Type: information Category: 3
Event: 3044 Source: Windows Search Service
The gatherer index resumed.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 16/07/2012 8:12:53 PM
Type: information Category: 0
Event: 0 Source: iPod Service
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:25 PM
Type: information Category: 1
Event: 1003 Source: Windows Search Service
The Windows Search Service started.


Log: 'Application' Date/Time: 16/07/2012 8:12:17 PM
Type: information Category: 3
Event: 302 Source: ESENT
Windows (3252) Windows: The database engine has successfully completed recovery steps.

Log: 'Application' Date/Time: 16/07/2012 8:12:16 PM
Type: information Category: 3
Event: 301 Source: ESENT
Windows (3252) Windows: The database engine has begun replaying logfile C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log.

Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
Type: information Category: 3
Event: 300 Source: ESENT
Windows (3252) Windows: The database engine is initiating recovery steps.

Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
Type: information Category: 1
Event: 102 Source: ESENT
Windows (3252) Windows: The database engine started a new instance (0).

Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
Type: information Category: 1
Event: 100 Source: ESENT
SearchIndexer (3252) The database engine 5.01.2600.5512 started.

Log: 'Application' Date/Time: 16/07/2012 8:12:14 PM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: information Category: 0
Event: 0 Source: MSCamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: information Category: 0
Event: 0 Source: MSCamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: information Category: 0
Event: 0 Source: MSCamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 100 Source: Bonjour Service
Service started


Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 100 Source: Bonjour Service
Service initialized

Log: 'Application' Date/Time: 16/07/2012 8:12:07 PM
Type: information Category: 0
Event: 100 Source: Bonjour Service
Service initializing

Log: 'Application' Date/Time: 16/07/2012 7:50:14 PM
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 7:49:15 PM
Type: information Category: 0
Event: 0 Source: gupdatem
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 8:10:17 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 5:21:37 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 12:43:24 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 12:41:54 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user E520\fred registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/07/2012 12:39:32 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 14/07/2012 6:49:47 AM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 14/07/2012 6:18:47 AM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 14/07/2012 6:17:21 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user E520\fred registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/07/2012 6:15:33 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 12/07/2012 7:38:04 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 12/07/2012 6:24:54 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 12/07/2012 6:21:38 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 12/07/2012 5:46:58 AM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/07/2012 6:21:37 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/07/2012 5:42:54 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 10/07/2012 8:01:35 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 10/07/2012 8:01:35 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 10/07/2012 8:01:22 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 10/07/2012 7:18:31 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:04:33 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:26 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:19 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:12 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:05 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:58 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:51 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:44 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:38 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:30 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:23 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:16 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:09 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:02 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:55 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:48 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:41 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:34 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:27 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:20 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:20:50 PM
Type: information Category: 0
Event: 64018 Source: Windows File Protection
Windows File Protection file scan was cancelled by user interaction, user name is fred.

Log: 'System' Date/Time: 16/07/2012 8:20:49 PM
Type: information Category: 0
Event: 64021 Source: Windows File Protection
The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

Log: 'System' Date/Time: 16/07/2012 8:20:45 PM
Type: information Category: 0
Event: 64021 Source: Windows File Protection
The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

Log: 'System' Date/Time: 16/07/2012 8:20:30 PM
Type: information Category: 0
Event: 64021 Source: Windows File Protection
The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

Log: 'System' Date/Time: 16/07/2012 8:19:23 PM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: Windows File Protection : Possible reasons for this problem:
• You have inserted the wrong CD. (i.e., a different Windows product CD than the version installed)
• The CD-ROM drive in your system is not functioning.

Log: 'System' Date/Time: 16/07/2012 8:19:19 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:19:13 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:19:13 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:19:08 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:19:02 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:19:02 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:16:38 PM
Type: information Category: 0
Event: 64016 Source: Windows File Protection
Windows File Protection file scan was started.

Log: 'System' Date/Time: 16/07/2012 8:14:49 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:14:43 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:14:43 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:14:15 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:14:09 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:14:09 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:13:48 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:13:41 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:04:40 PM
Type: warning Category: 0
Event: 51 Source: Cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 16/07/2012 9:49:48 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 16/07/2012 6:09:34 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 15/07/2012 9:24:41 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\COLLEEN-HP on the network \Device\NetBT_Tcpip_{1D552F1E-7985-4C8B-9234-A52B004D3A93}. The data is the error code.

Log: 'System' Date/Time: 15/07/2012 8:33:24 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 15/07/2012 8:01:05 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 14/07/2012 9:45:00 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 13/07/2012 10:29:26 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 12/07/2012 8:48:25 PM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 12/07/2012 7:37:49 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001676CC95FC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 12/07/2012 6:42:44 AM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 11/07/2012 8:29:24 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 11/07/2012 6:14:48 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 10/07/2012 9:35:42 PM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 10/07/2012 8:28:59 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 10/07/2012 7:21:28 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 10/07/2012 6:45:15 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 08/07/2012 8:07:18 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\COLLEEN-HP on the network \Device\NetBT_Tcpip_{1D552F1E-7985-4C8B-9234-A52B004D3A93}. The data is the error code.

Log: 'System' Date/Time: 08/07/2012 7:59:21 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 08/07/2012 7:05:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
 
Hi fscali:

It is hard to tell what cause the reboot, I only can give you the Trial and Error game.

Based on your log, these are some software /application that created some warning or error in your computer.
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Windows Live OneCare safety scanner
Windows Search 4.0
Click to expand...

Let's remove them and observe whether the situation improve. If not, you may reinstall them.


1. Remove Programs
  • Click Start > Control Panel > Add/Remove Programs
  • Remove these programs by clicking Remove:
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Windows Live OneCare safety scanner
    Windows Search 4.0
Take extra care in answering questions posed by any Uninstaller.


2. Reinstall Adobe Reader
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader.
  • Note: remember to Uncheck any extra software downloads you may be offered (optional)


3. Can you try to check whether the computer is still rebooting when it is disconnect from you local area network or offline?

thanks,
torreattack
 
No luck yet:
1. Removed all but Google Update Helper because it was not listed in the Add/Remove Programs window.
2. Installed Adobe Reader X
3. Reboot happens w/ network cable disconnected.
 
Hi fscali :

it is different than a soft reboot because the power indicator light goes completely out for about a half second as the machine completely powers off.
Click to expand...
:oops: Sound like a hardware problem, I suggest you start with Memory Test.


Not a Malware Issue
Your problem does not appear to be "malware" related. The Malware Removal forum deals with removing malware.
Since I am not train to deal with hardware problem and had run out of idea, I am sorry but I had no choice, I have to forward you to other expert. Sorry for wasting a lot of your valuable time. :sad:

I suggest you try a PC troubleshooting forum. Links for some are provided below.
These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
Registration is free, it only takes a few minutes.
Malwaremoval forum
The Elder Geek on Windows
BleepingComputer.com
WhattheTech...formerly TomCoyote

If you have any questions or require additional malware help, please let me know.

=========================================================================================

Let's do some housekeeping before you leave.

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    CF-Uninstall.png
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next

Clean up with OTL
  • Double click OTL.exe to run it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Re-enable Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.



Now we needed to deal with security vulnerabilities

Your Mozilla Firefox is outdated
  • In the Firefox browser click Help > Check for updates to install the latest version.



Here are some free programs I recommend that could help you improve your computer's security.

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.

WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE


MVPS Hosts
MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE


Update your programs regularly
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing!


thanks,
torreattack
 
You must log in or register to reply here.
Back
Top