Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vista Ultimate SP2 BSOD's etc since iTunes Update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vista Ultimate SP2 BSOD's etc since iTunes Update

Unread postby six-h » May 22nd, 2014, 3:51 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 20/07/2008 20:22:23
System Uptime: 22/05/2014 16:28:09 (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q3 DELUXE
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | LGA 775 | 3003/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 118 GiB total, 13.785 GiB free.
D: is FIXED (NTFS) - 117 GiB total, 114.557 GiB free.
E: is FIXED (NTFS) - 114 GiB total, 111.982 GiB free.
F: is FIXED (NTFS) - 116 GiB total, 35.44 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1987: 17/05/2014 12:36:24 - Restore Operation
RP1988: 17/05/2014 19:30:50 - Removed iTunes
RP1989: 17/05/2014 19:35:45 - Removed Apple Software Update
RP1990: 17/05/2014 19:37:15 - Removed Apple Mobile Device Support
RP1991: 17/05/2014 19:40:21 - Removed Bonjour
RP1992: 17/05/2014 19:42:37 - Removed Apple Application Support
RP1993: 17/05/2014 20:10:35 - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP1994: 17/05/2014 20:11:31 - Device Driver Package Install: Apple Network adapters
RP1995: 17/05/2014 20:12:57 - Installed iTunes
RP1996: 18/05/2014 13:59:08 - Windows Update
RP1997: 18/05/2014 14:24:11 - Windows Update
RP1998: 19/05/2014 16:38:44 - Device Driver Package Install: NVIDIA Display adapters
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
ABBYY FineReader OCR Engine for Microtek
Acronis True Image Home
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Photoshop Elements 5.0.2 Patcher
Any Video Converter 3.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 2010 Advanced
ASUS WiFi-AP @n
Audacity 1.3.12 (Unicode)
Audials
AVG Free 9.0
BBC iPlayer Desktop
Bonjour
calibre
Canon Inkjet Printer Driver Add-On Module
Canon MP250 series MP Drivers
CDBurnerXP
Citrix Presentation Server Client - Web Only
ConvertHelper 2.2
Corel MediaOne
CorelDRAW Essential Edition 3
D3DX10
Developer Tools for UPnP Technologies
Digital Image Recovery 1.47
Drive Xpert
Dropbox
DVD Flick 1.3.0.7
EaseUS Partition Master 10.0 Trial Edition
EN
eReg
FiddlerCap
FluffyApp
Foxit Reader
Google Chrome
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
ImgBurn
InfraRecorder
inSSIDer 2.0
Internet Explorer (Enable DEP)
iPixSoft Flash Slideshow Creator (1.8.6.2)
iTunes
Java 7 Update 55
Java Auto Updater
Labtec WebCam
Labtec® Camera Driver
LAME v3.98.2 for Audacity
LinuxLive USB Creator
liteCam HD
Logitech Audio Echo Cancellation Component
Logitech SetPoint 6.51
Logitech Video Enumerator
Malwarebytes Anti-Malware version 1.75.0.1300
Media Add-ons for Acronis True Image Home 2009
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 29.0.1 (x86 en-GB)
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
Nero 7 Essentials
neroxml
NetObjects Fusion 10.0
Noiseware Community Edition
Notepad++
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Paragon Partition Manager 2009 Special Edition
Photo Gadget
Photo Viewer 2.25
PicturesToExe 5.6
PicturesToExe 6.0
PowerpointImageExtractor
Rapport
RSCC
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
ScanWizard 5
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Segoe UI
Serviio
SIW version 2010.03.11
Six Engine
Slim USB2 Scanner
Soda PDF 2012
Sony RAW Driver
SoundMAX
SUPERAntiSpyware
swMSM
System Requirements Lab
Trusteer Endpoint Protection
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
Windows Sound Schemes
WinX HD Video Converter Deluxe 3.12.5
WinX Mobile Video Converter 3.0.0
WonderFox Video to GIF Converter
Wondershare Video Converter Ultimate(Build 7.1.0.2)
WordWeb
.
==== Event Viewer Messages From Past Week ========
.
22/05/2014 16:32:38, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
22/05/2014 16:32:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
19/05/2014 18:58:13, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

to the user GEOFF-PC1\admin SID (S-1-5-21-423468759-3561889494-4114393267-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
19/05/2014 16:10:26, Error: EventLog [6008] - The previous system shutdown at 16:08:08 on 19/05/2014 was unexpected.
19/05/2014 15:37:08, Error: EventLog [6008] - The previous system shutdown at 15:34:46 on 19/05/2014 was unexpected.
19/05/2014 15:33:46, Error: EventLog [6008] - The previous system shutdown at 15:30:41 on 19/05/2014 was unexpected.
19/05/2014 11:44:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
19/05/2014 11:44:40, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/05/2014 11:44:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
18/05/2014 16:50:33, Error: Virtual Disk Service [10] - VDS fails to write boot code on a disk during clean operation. Error code: 80070015@02070008
18/05/2014 16:45:52, Error: EventLog [6008] - The previous system shutdown at 16:43:43 on 18/05/2014 was unexpected.
18/05/2014 14:26:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
18/05/2014 14:26:25, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/05/2014 14:26:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/05/2014 13:52:35, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
18/05/2014 12:26:49, Error: EventLog [6008] - The previous system shutdown at 12:24:43 on 18/05/2014 was unexpected.
17/05/2014 19:29:16, Error: Service Control Manager [7022] - The Windows Mobile-based device connectivity service hung on starting.
17/05/2014 19:20:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
17/05/2014 19:19:56, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group

failed to start.
17/05/2014 19:19:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17/05/2014 19:19:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 AvgTdiX CSC DfsC NetBIOS netbt nsiproxy PSched RapportKELL RasAcd rdbss SASDIFSV

SASKUTIL Smb spldr tdx Wanarpv6
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to

start.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to

the system is not functioning.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to

start.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the

system is not functioning.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device

attached to the system is not functioning.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service

or group failed to start.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service

or group failed to start.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is

not functioning.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or

group failed to start.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to

start.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not

functioning.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is

not functioning.
17/05/2014 19:19:09, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
17/05/2014 19:18:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
17/05/2014 19:18:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
17/05/2014 19:18:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
17/05/2014 19:18:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/05/2014 19:18:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17/05/2014 19:17:56, Error: EventLog [6008] - The previous system shutdown at 14:17:28 on 17/05/2014 was unexpected.
17/05/2014 13:12:55, Error: EventLog [6008] - The previous system shutdown at 13:11:11 on 17/05/2014 was unexpected.
17/05/2014 13:02:11, Error: EventLog [6008] - The previous system shutdown at 12:59:02 on 17/05/2014 was unexpected.
17/05/2014 12:34:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
17/05/2014 12:28:47, Error: EventLog [6008] - The previous system shutdown at 12:25:11 on 17/05/2014 was unexpected.
16/05/2014 21:55:36, Error: EventLog [6008] - The previous system shutdown at 21:52:11 on 16/05/2014 was unexpected.
16/05/2014 14:53:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
16/05/2014 14:53:52, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/05/2014 14:53:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.55.2
Run by admin at 20:01:39 on 2014-05-22
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.2046.320 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
E:\Program Files\SASCORE.EXE
C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PSIService.exe
E:\Serviio\bin\ServiioService.exe
E:\Serviio\bin\ServiioService.exe
C:\Program Files\Soda PDF 2012\ConversionService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ASUS\WiFi-AP @n\WiFi-AP@n.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
E:\WordWeb\wweb32.exe
C:\Windows\vVX3000.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
E:\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = Preserve
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Soda PDF 2012 Helper: {ebe8b562-cba0-40d8-b920-af7cfe0c9d94} - c:\program files\soda pdf 2012\PDFIEHelper.dll
TB: Soda PDF 2012 Toolbar: {a8c9d542-fd91-4834-a2e8-adb9ae692b8b} - c:\program files\soda pdf 2012\PDFIEPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [WordWeb] "e:\wordweb\wweb32.exe" -startup
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [SoundTray] c:\program files\analog devices\soundmax\SoundTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Drive Xpert] c:\program files\asus\drive xpert\DriveXpert.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [BrowserPlugInHelper] e:\program files\video converter ultimate\BrowserPlugInHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1E508E6A-B99D-4B64-B299-BF886407DCCF} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - e:\program files\SASWINLO.DLL
AppInit_DLLs= avgrsstx.dll
STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - c:\windows\system32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - e:\program files\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - c:\windows\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - c:\windows\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tm51dys1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\soda pdf 2012\ffsodaext2012\plugins\NPSodaPDFPreviewerPlugin2012.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\local\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-10-18 40368]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-5-3 123512]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [2009-3-2 971168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-23 226016]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-23 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-23 243152]
R1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_68261.sys [2014-5-12 358008]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-5-3 170968]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-5-3 249400]
R1 SASDIFSV;SASDIFSV;e:\program files\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\SASKUTIL.SYS [2010-5-10 67664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-5-22 40776]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2013-2-5 31848]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-6-25 83168]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2014-4-23 14920]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2014-4-23 9160]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2013-2-5 31848]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-6-25 181344]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="c:\windows\hh.exe" %1 [UserChoice]
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-22 15:57:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-05-19 15:48:42 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-05-19 15:46:15 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-19 15:44:40 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-05-19 10:49:41 -------- d-----w- c:\users\admin\appdata\local\{03EBACA7-F1DD-4BB8-82A4-C926FB8FA50E}
2014-05-18 13:01:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-17 19:16:37 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-05-17 19:14:02 -------- d-----w- c:\program files\iPod
2014-05-17 19:14:00 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-17 19:14:00 -------- d-----w- c:\program files\iTunes
2014-05-17 19:09:45 -------- d-----w- c:\program files\Bonjour
2014-05-16 17:12:00 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(10)
2014-05-06 12:29:14 -------- d-----w- c:\users\admin\appdata\roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-05-06 12:25:08 -------- d-----w- c:\users\admin\appdata\roaming\Wondershare Video Converter Ultimate
2014-05-06 12:25:06 -------- d-----w- c:\users\admin\appdata\local\Wondershare
2014-05-06 12:25:04 -------- d-----w- c:\program files\common files\Wondershare
2014-05-06 12:24:34 721263 ----a-w- c:\windows\system32\WSCM64.dll
2014-05-06 12:24:34 214528 ----a-w- c:\windows\system32\WSCM32.dll
2014-05-06 12:24:27 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate
2014-05-03 21:55:46 123512 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-04-30 12:24:24 671744 ----a-w- c:\windows\system32\rscc.dll
2014-04-30 12:24:23 -------- d-----w- c:\program files\RSUPPORT
2014-04-30 12:22:10 413760 ----a-w- c:\windows\system32\MPG4C32.dll
2014-04-24 00:47:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-23 22:25:04 9160 ----a-w- c:\windows\system32\EuGdiDrv.sys
2014-04-23 22:25:04 87112 ----a-w- c:\windows\system32\setupempdrv03.exe
2014-04-23 22:25:04 2499752 ----a-w- c:\windows\system32\BootMan.exe
2014-04-23 22:25:04 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2014-04-23 22:25:04 14920 ----a-w- c:\windows\system32\epmntdrv.sys
.
==================== Find3M ====================
.
2014-05-17 18:44:13 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-17 18:44:13 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 21:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 21:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 20:10:35.75 ===============

===========The Sorry Tale==============

I accepted, downloaded and installed an iTunes update last week.
Once the update completed iTunes opened and I closed it.
2 minutes later, Winndows advised via "WerFault.exe" that it (not I) had closed iTunes announcing: "To help protect your computer Data Execution Prevention has closed iTunes!"
this was quickly followed by a BSOD saying iTunes was corrupted.
Several BSOD's later, I followed instructions from Apple forums on how to dismantle iTunes piece by piece and do a "clean install"...this went without incident, but didn't escape the "WerRabbit"!
Frequent BSOD's followed over the next few days though not now accusing iTunes, just a general accusation that some software is corrupted, and I still live in fear of "Sudden Death!".

Each Boot is accompanied by a new treat, first I was told that a "dll" had stopped working...I think it was called "run2.dll", the system limped on without it!
Next boot's surprise was to be told that my nVidia Graphics card needed updating...Windows trotted off to seek a suitable driver from the web and announced after half an hour that though it had found "something suitable", it had encountered a problem which caused it to "time-out", so that didn't get fixed.
Oddly enough, I haven't been warned of this graphics card driver problem since.

Just on the off chance I ran Malwarebytes this evening, which found:-
VENDOR:- PUP.Optional.Softonic.A

CATEGORY:- Registry Key

ITEM:- HKCU\Software\Softonic\Universal Downloader


Googling, I find the accepted wisdom here is to run MBAM with Sys Restore disabled then removing the offending reg entry.

Since MBAM took 2hrs 7mins to scan, I thought I'd be better seeking advice here before attempting this advice!
My AV is AVG Antivirus Free ver. 9.0.932

I also have Task Manager running, but it is not responsive, the tray icon shows the cpu bar graph flashing zero to 100% continually, can't close it or display it!

Sorry for the "life story" but as they say, knowledge is power!!
Thanks for helping.
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England
Advertisement
Register to Remove

Re: Vista Ultimate SP2 BSOD's etc since iTunes Update

Unread postby MWR 3 day Mod » May 28th, 2014, 11:50 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Vista Ultimate SP2 BSOD's etc since iTunes Update

Unread postby wannabeageek » May 31st, 2014, 12:09 am

Hello six-h, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



I noticed you have a copy of Microsoft Office Enterprise 2007. Please be so kind enough to explain how you obtained this copy.

Please run the following programs and post the results after each scan.

Step 1.
Download and run MGA Diagnostic Tool
This tool will aid us in determining what additional steps will need to be performed.
  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.
NOTE: If you get any type of error, you can still press the "COPY" button and paste the results.


Step 2.
Please download and run WVCheck and post back the report it creates:
  • Right-click the WVCheck.exe icon on your Desktop and then select Run As Administrator from the popup menu..
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the Notepad file as a reply.


Step 3.
Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Please include in your next reply:
  1. Answer about Enterprise 2007
  2. Contents of MGA results
  3. Contents of WVCheck results
  4. Contents of CKFiles.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Vista Ultimate SP2 BSOD's etc since iTunes Update

Unread postby six-h » May 31st, 2014, 9:07 am

Hello wannabeageek and thanks for undertaking to help me today.
MS Office Enterprise:
I used to help teach an evening class for retired folks like me to introduce them to computers at a local collage.
A case of the blind being lead by the partially sighted!
My PC at that time turned to a cinder whilst being repaired by the IT Manager!
He built this PC (at my expense) and installed with the collage's full permission, this copy of Vista Ultimate and the copy of Office 2007.
They are covered by the collage's volume licence.
When the course was withdrawn some 4 years later, I was allowed to keep the installation.
Because of this, I have no way to re-install them so I have a copy of Acronis True image 2009 from which I have an image from early April, prior to the current odd behaviour.....that's noit to say it was "perfect", at best, Vista is an old lady aproaching retirement...when I can afford to buy a copy of "W8"!

Sneaky! :)
I didn't realise what the MGADiag.exe was for ...til it ran! lol
Here are the scan results you wanted me to post:-

MGA:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2MYJV-HTKJ3-7Q3VX
Windows Product Key Hash: fX859iYDfkEJEbwuLN54/zK8vGE=
Windows Product ID: 89580-447-7129772-71878
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.0.6002.2.00010100.2.0.001
ID: {C4CDA1EC-7B03-4E13-9DE4-6808FCDE7CFC}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C4CDA1EC-7B03-4E13-9DE4-6808FCDE7CFC}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010100.2.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7Q3VX</PKey><PID>89580-447-7129772-71878</PID><PIDType>5</PIDType><SID>S-1-5-21-423468759-3561889494-4114393267</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>P5Q3 DELUXE</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0611 </Version><SMBIOSVersion major="2" minor="5"/><Date>20080606000000.000000+000</Date></BIOS><HWID>C2333507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>92525C3E8A38588</Val><Hash>cht8lIWFY9Fns65U5evBUTr/blk=</Hash><Pid>89388-708-7315311-65324</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, Ultimate edition
Description: Windows Operating System - Vista, RETAIL channel
Activation ID: 30fab9cc-8614-4339-989f-7ce61fb7a5c4
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89580-00142-447-712977-00-2057-6000.0000-2022008
Installation ID: 013571538636879623868241405024083465711725765580217832
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 7Q3VX
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: QgAAAAIABgABAAEAAQACAAAABQABAAEAJJR2pUZu1j+sKYwmaGVGvIQ0Bp6Grz6p8vSYAyBPpKS+AqxWXNhd2EbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
OEMB A_M_I_ AMI_OEM
OSFR A_M_I_ OEMOSFR
SSDT DpgPmm CpuPm

WVCheck:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1307_31-05-2014
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2014-05-31 12:00:52
Last Success Time for Update Download: 2014-05-18 13:23:54
Last Success Time for Update Installation: 2014-05-18 13:26:34


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 24/9/2009 18:8:51
Modification; 11/4/2009 7:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6000.16386_none_4c10a7ebfcbfa7c3\slwga.dll
Size: 12288 bytes
Creation; 2/11/2006 8:44:14
Modification; 2/11/2006 9:46:13
MD5; b39f1844ad6c656f64acd32caee72caa
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 20/7/2008 14:32:23
Modification; 18/1/2008 22:36:32
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 24/9/2009 18:8:51
Modification; 11/4/2009 7:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a


-------- End of File, program close at 1314_31-05-2014 --------

CKFiles.txt:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\corel\coreldraw essential edition 3\custom data\bumpmap\cracks.cpt
c:\program files\corel\coreldraw essential edition 3\custom data\canvas\cracks2c.pcx
c:\program files\corel\coreldraw essential edition 3\custom data\tiles\cracks2m.cpt
c:\users\admin\favorites\fun\crackermatic.url
scanner sequence 3.BB.11.PPAPIZ
----- EOF -----


Any problem executing the instructions?
Most of these began by "not responding", these days that seems to be a "feature" of this old lady called Vista, after a few seconds/minutes they get on with it!
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Vista Ultimate SP2 BSOD's etc since iTunes Update

Unread postby wannabeageek » June 2nd, 2014, 9:24 am

Hi six-h,

I apologize for the late reply as life has a tendency to interfere with our expected plans.

Thank you for your honesty on this matter.
He built this PC (at my expense) and installed with the collage's full permission, this copy of Vista Ultimate and the copy of Office 2007.
They are covered by the collage's volume licence.
However, it creates another issue for you as you are nolonger in the employ of the university.
Understand that the license belongs to the university and not you. The computer my belong to you, but not the license.
This is comparable to owning a car and using license from another person or company to drive it. It is not legal, plain and simple.
Because ownership of the operating system and associated programs are not yours and belong to a company/business/university, I am required to close the thread because it falls under the use of "cracked" programs.
Use of "cracked" programs

I am truely sorry I am unable to continue to help you,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Vista Ultimate SP2 BSOD's etc since iTunes Update

Unread postby Wingman » June 2nd, 2014, 10:16 am

Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 375 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware