Critical error drive sector not found

Today i was on my computer and experienced this issue, I found a few older topic on here regarding it. I ran the unhide, combo fix, and it appears to have fixed the problem the icons on my desktop have returned, i can go back on chrome etc.

Here is my log from unhide -

--------------------------------------
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/07/2012 10:41:08 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 332322 files processed.

Restoring the Start Menu.
* 505 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyComputer was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/07/2012 10:48:20 PM
Execution time: 0 hours(s), 7 minute(s), and 11 seconds(s)


-------------------------------------

ANd here is my log from the Malwarebytes Anti Malware -

--------------------------

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
lalit :: LALITMAMTA-PC [administrator]

Protection: Disabled

08-10-2012 08:19:07
mbam-log-2012-10-08 (08-19-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 514337
Time elapsed: 1 hour(s), 35 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nqJmDLLyhpVVQC.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\nqJmDLLyhpVVQC.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UJPTuOBg9fQk3U (Trojan.FakeAlert) -> Data: C:\ProgramData\UJPTuOBg9fQk3U.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\NQJMDLLYHPVVQC.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\UJPTUOBG9FQK3U.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Lalit\USB\Lalit\New Folder\pwdremover.exe (PSWTool.PdfCracker) -> Quarantined and deleted successfully.
C:\ProgramData\ajrO5zbYAPBR2R.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
-------

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
  
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Hi,

I ran ComboFix in safe mode and here are the logs -

--------------------

ComboFix 12-10-08.02 - lalit 08-10-2012 23:38:11.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.3062.2282 [GMT 5.5:30]
Running from: c:\users\lalit\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ajrO5zbYAPBR2R
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\UJPTuOBg9fQk3U
c:\users\lalit\g2mdlhlpx.exe
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 18:43 . 2012-10-08 18:45 -------- d-----w- c:\users\lalit\AppData\Local\temp
2012-10-08 18:43 . 2012-10-08 18:43 -------- d-----w- c:\users\Vijay\AppData\Local\temp
2012-10-08 18:43 . 2012-10-08 18:43 -------- d-----w- c:\users\LalitMamta\AppData\Local\temp
2012-10-08 18:43 . 2012-10-08 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 17:09 . 2012-10-08 17:09 -------- d-----w- C:\_OTL
2012-10-06 09:32 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B40FF4-315F-415A-9FF0-C3E2964818B0}\mpengine.dll
2012-10-03 04:44 . 2012-10-03 04:44 -------- d-----w- c:\windows\Profiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 16:26 . 2009-02-13 05:52 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-10-08 16:26 . 2009-02-13 05:58 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-07 11:34 . 2009-07-19 08:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 13:12 . 2012-04-07 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 13:12 . 2011-05-21 12:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 14:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-10-25 103896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-20 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-07 1089608]
.
c:\users\LalitMamta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-10 45056]
.
c:\users\lalit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-10 45056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 21:25 712704 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 10:27 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 03:28 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 05:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-20 04:08 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 05:41]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 05:41]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2972934901-3891036527-1405551415-1000Core.job
- c:\users\LalitMamta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 05:45]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2972934901-3891036527-1405551415-1000UA.job
- c:\users\LalitMamta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 05:45]
.
2009-12-29 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
2012-10-06 c:\windows\Tasks\Norton Security Scan for lalit.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 04:18]
.
2011-02-19 c:\windows\Tasks\Total PC Health Defrag.job
- c:\program files\Total PC Health\Total PC Health\tpch.exe [2010-12-15 18:23]
.
2012-10-02 c:\windows\Tasks\Total PC Health Registration3.job
- c:\program files\Common Files\Total PC Health\UUS3\UUS3.dll [2010-11-02 18:09]
.
2011-02-19 c:\windows\Tasks\Total PC Health Update3.job
- c:\program files\Common Files\Total PC Health\UUS3\Update3.exe [2010-11-02 18:09]
.
2011-02-19 c:\windows\Tasks\Total PC Health.job
- c:\program files\Total PC Health\Total PC Health\tpch.exe [2010-12-15 18:23]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{35D796DF-0360-4A01-9F16-E8DC64F1D484}.job
- c:\windows\system32\msfeedssync.exe [2012-05-08 04:32]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{79131BF7-0A56-4037-839B-F8EDDBA51273}.job
- c:\windows\system32\msfeedssync.exe [2012-05-08 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{B440D501-40FB-40D0-AE30-B7EBEE2B3F9A} - http://www.orangeshark.com/brainIQ/brainIQexeinterim.php?gid=105&from=icon
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 202.149.208.92 202.149.208.91
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
HKLM-RunOnce- - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 00:15
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04893240-570C-9EB1-8B57-AB630851B329}*]
"halcjafiojdcaklk"=hex:6a,61,69,6e,65,63,65,64,6e,69,69,69,6a,64,6e,6e,62,69,
64,6a,00,cd
"iafcdmhhoihojfieig"=hex:69,61,61,6f,6e,67,6a,67,63,6f,6d,63,66,69,66,68,63,6d,
00,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-10-09 00:32:58
ComboFix-quarantined-files.txt 2012-10-08 19:02
.
Pre-Run: 21,964,595,200 bytes free
Post-Run: 21,996,085,248 bytes free
.
- - End Of File - - F422A5CB4E255B7187FBA1EAF60ABD75

---------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

I downloaded TDSSKiller to my desktop and it is not running. I tried to run it from normal mode as well as safe mode. I see the tdssskiller process in task manager but it immediately gets killed.

RogueKiller Scan

• Download RogueKiller and save it on your desktop.
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

Please post:

All RKreport.txt text files located on your desktop.

RKreport[1]
=======================================
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lalit [Admin rights]
Mode : Scan -- Date : 10/11/2012 09:31:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {11992006-CE07-4FEC-B997-60DC13C5B4F7} : C:\Windows\System32\pcalua.exe -a "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius\zgupd.exe" -d "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius" -> FOUND
[TASK][SUSP PATH] {703350BB-D3DA-4D2F-952D-4D4EC4758924} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d C:\Users\LalitMamta\Desktop\Lalit2\Downloads -c "C:\Users\LalitMamta\Desktop\Lalit2\Downloads\MAnisha.rar" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x830E1EE9 -> HOOKED (Unknown @ 0x899ADA88)
SSDT[14] : NtAlertThread @ 0x83047305 -> HOOKED (Unknown @ 0x899AD410)
SSDT[18] : NtAllocateVirtualMemory @ 0x8307EE68 -> HOOKED (Unknown @ 0x89AD0008)
SSDT[54] : NtConnectPort @ 0x8301884D -> HOOKED (Unknown @ 0x897568E8)
SSDT[67] : NtCreateMutant @ 0x83082F77 -> HOOKED (Unknown @ 0x899A5CE8)
SSDT[78] : NtCreateThread @ 0x830E0560 -> HOOKED (Unknown @ 0x899AB4F8)
SSDT[147] : NtFreeVirtualMemory @ 0x82EDDCE7 -> HOOKED (Unknown @ 0x89A055C0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x83007257 -> HOOKED (Unknown @ 0x899A47C8)
SSDT[158] : NtImpersonateThread @ 0x83019980 -> HOOKED (Unknown @ 0x899AFF20)
SSDT[177] : NtMapViewOfSection @ 0x83070AFE -> HOOKED (Unknown @ 0x897D7058)
SSDT[184] : NtOpenEvent @ 0x83032451 -> HOOKED (Unknown @ 0x899A55B0)
SSDT[195] : NtOpenProcessToken @ 0x8305967B -> HOOKED (Unknown @ 0x89CEC070)
SSDT[202] : NtOpenThreadToken @ 0x83059E51 -> HOOKED (Unknown @ 0x899B8E80)
SSDT[282] : NtResumeThread @ 0x8304D924 -> HOOKED (Unknown @ 0x89A24D68)
SSDT[289] : NtSetContextThread @ 0x830E1233 -> HOOKED (Unknown @ 0x899A8CF0)
SSDT[305] : NtSetInformationProcess @ 0x83080A24 -> HOOKED (Unknown @ 0x899B2FD0)
SSDT[306] : NtSetInformationThread @ 0x8304EEB4 -> HOOKED (Unknown @ 0x899A8DF0)
SSDT[330] : NtSuspendProcess @ 0x830E1E23 -> HOOKED (Unknown @ 0x899A67D0)
SSDT[331] : NtSuspendThread @ 0x8309ECEA -> HOOKED (Unknown @ 0x899AC008)
SSDT[334] : NtTerminateProcess @ 0x8302F2F0 -> HOOKED (Unknown @ 0x8AC610F8)
SSDT[335] : NtTerminateThread @ 0x8305BAF3 -> HOOKED (Unknown @ 0x899ACA40)
SSDT[348] : NtUnmapViewOfSection @ 0x83071155 -> HOOKED (Unknown @ 0x899B0B68)
SSDT[358] : NtWriteVirtualMemory @ 0x8305A033 -> HOOKED (Unknown @ 0x89B36630)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1646GSX ATA Device +++++
--- User ---
[MBR] 5a34a3dc833a5b7243be24e83730f3e6
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 886f876c109ddbd10ad94da2b50350ac
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312581792 | Size: 0 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

========================================
RKreport[2]
========================================
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lalit [Admin rights]
Mode : Remove -- Date : 10/11/2012 09:31:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {11992006-CE07-4FEC-B997-60DC13C5B4F7} : C:\Windows\System32\pcalua.exe -a "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius\zgupd.exe" -d "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius" -> DELETED
[TASK][SUSP PATH] {703350BB-D3DA-4D2F-952D-4D4EC4758924} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d C:\Users\LalitMamta\Desktop\Lalit2\Downloads -c "C:\Users\LalitMamta\Desktop\Lalit2\Downloads\MAnisha.rar" -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x830E1EE9 -> HOOKED (Unknown @ 0x899ADA88)
SSDT[14] : NtAlertThread @ 0x83047305 -> HOOKED (Unknown @ 0x899AD410)
SSDT[18] : NtAllocateVirtualMemory @ 0x8307EE68 -> HOOKED (Unknown @ 0x89AD0008)
SSDT[54] : NtConnectPort @ 0x8301884D -> HOOKED (Unknown @ 0x897568E8)
SSDT[67] : NtCreateMutant @ 0x83082F77 -> HOOKED (Unknown @ 0x899A5CE8)
SSDT[78] : NtCreateThread @ 0x830E0560 -> HOOKED (Unknown @ 0x899AB4F8)
SSDT[147] : NtFreeVirtualMemory @ 0x82EDDCE7 -> HOOKED (Unknown @ 0x89A055C0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x83007257 -> HOOKED (Unknown @ 0x899A47C8)
SSDT[158] : NtImpersonateThread @ 0x83019980 -> HOOKED (Unknown @ 0x899AFF20)
SSDT[177] : NtMapViewOfSection @ 0x83070AFE -> HOOKED (Unknown @ 0x897D7058)
SSDT[184] : NtOpenEvent @ 0x83032451 -> HOOKED (Unknown @ 0x899A55B0)
SSDT[195] : NtOpenProcessToken @ 0x8305967B -> HOOKED (Unknown @ 0x89CEC070)
SSDT[202] : NtOpenThreadToken @ 0x83059E51 -> HOOKED (Unknown @ 0x899B8E80)
SSDT[282] : NtResumeThread @ 0x8304D924 -> HOOKED (Unknown @ 0x89A24D68)
SSDT[289] : NtSetContextThread @ 0x830E1233 -> HOOKED (Unknown @ 0x899A8CF0)
SSDT[305] : NtSetInformationProcess @ 0x83080A24 -> HOOKED (Unknown @ 0x899B2FD0)
SSDT[306] : NtSetInformationThread @ 0x8304EEB4 -> HOOKED (Unknown @ 0x899A8DF0)
SSDT[330] : NtSuspendProcess @ 0x830E1E23 -> HOOKED (Unknown @ 0x899A67D0)
SSDT[331] : NtSuspendThread @ 0x8309ECEA -> HOOKED (Unknown @ 0x899AC008)
SSDT[334] : NtTerminateProcess @ 0x8302F2F0 -> HOOKED (Unknown @ 0x8AC610F8)
SSDT[335] : NtTerminateThread @ 0x8305BAF3 -> HOOKED (Unknown @ 0x899ACA40)
SSDT[348] : NtUnmapViewOfSection @ 0x83071155 -> HOOKED (Unknown @ 0x899B0B68)
SSDT[358] : NtWriteVirtualMemory @ 0x8305A033 -> HOOKED (Unknown @ 0x89B36630)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1646GSX ATA Device +++++
--- User ---
[MBR] 5a34a3dc833a5b7243be24e83730f3e6
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 886f876c109ddbd10ad94da2b50350ac
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312581792 | Size: 0 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

================================================
RKreport[3]
================================================
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lalit [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/11/2012 09:36:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 302 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 469 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Root.MBR ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Good job!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

ESET-Scan-Log.txt ==>

C:\Lalit\USB\Lalit\New Folder\SlowXPFix_setup.exe Win32/Adware.SlowXPFix application cleaned by deleting - quarantined
C:\Users\lalit\Downloads\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Any other things ==>
Slow computer --- Yes

Error messages --- Malwarebytes Anti-Malware shows the following error message - IP-BLOCK 93.170.50.12 (Type: outgoing, Port: 50674, Process: svchost.exe)

Fake antivirus alerts or the icon in the system tray --- None

svchost.exe running at 100% --- No, I see several svchost.exe in the task manager with one of them using more than 100 MB memory.

System crashes or blue screen of death --- Last system crash (blue screen) was a week back, when I got this error, a file_recovery application started to run by itself at system startup and about 20 dialog boxes came indicating disk write failure and every file in the system got hidden

We're still dealing with the rootkit that's hiding in the lower part of the disk.


Please download Hitman Pro

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Uncheck "Trace disk IO calls".
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  
• Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

The Hitman Pro logs -
=======================

I ran aswMBR.exe 2 times and both times my system crashed. Details for last crash -

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 16393

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82F3115E
BCP3: DA6A9874
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1


Last edited by lalitgu on 15th October 2012, 5:02 am; edited 1 time in total (Reason for editing : adding more info)

We need to re-check the MBR, please do this:

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

• Double-click on MBRCheck.exe to run it.
  
• It will open a black window...please do not fix anything (if it gives you an option).
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  
• Please copy and paste the contents of that log in your next reply.

MBRCheck logs -
=======================================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A205
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x82E1B000 \SystemRoot\system32\ntkrnlpa.exe
0x831D4000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80671000 \SystemRoot\system32\PSHED.dll
0x80682000 \SystemRoot\system32\BOOTVID.dll
0x8068A000 \SystemRoot\system32\CLFS.SYS
0x806CB000 \SystemRoot\system32\CI.dll
0x83809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83885000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83892000 \SystemRoot\system32\drivers\acpi.sys
0x838D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x838E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x838E9000 \SystemRoot\system32\drivers\pci.sys
0x83910000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8391A000 \SystemRoot\System32\drivers\partmgr.sys
0x83929000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8392C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83936000 \SystemRoot\system32\drivers\volmgr.sys
0x83945000 \SystemRoot\System32\drivers\volmgrx.sys
0x8398F000 \SystemRoot\system32\drivers\intelide.sys
0x83996000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x839A4000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x839D1000 \SystemRoot\System32\drivers\mountmgr.sys
0x839E1000 \SystemRoot\system32\drivers\atapi.sys
0x807AB000 \SystemRoot\system32\drivers\ataport.SYS
0x839E9000 \SystemRoot\system32\drivers\msahci.sys
0x807C9000 \SystemRoot\system32\drivers\fltmgr.sys
0x83A03000 \SystemRoot\system32\drivers\fileinfo.sys
0x83A13000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83A1C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83A8D000 \SystemRoot\system32\drivers\ndis.sys
0x83B98000 \SystemRoot\system32\drivers\msrpc.sys
0x83BC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B201000 \SystemRoot\System32\drivers\tcpip.sys
0x8B2EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B512000 \SystemRoot\system32\drivers\volsnap.sys
0x8B54B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B550000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8B59B000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5A3000 \SystemRoot\System32\Drivers\mup.sys
0x8B5B2000 \SystemRoot\System32\drivers\ecache.sys
0x8B5D9000 \SystemRoot\system32\drivers\disk.sys
0x8B305000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5EA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B346000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B34F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90405000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90A3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90ADB000 \SystemRoot\System32\drivers\watchdog.sys
0x90AE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90AF3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90B31000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90B40000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90B52000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90C03000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x90E32000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90E42000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90E50000 \SystemRoot\system32\drivers\tifm21.sys
0x90E9C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90EBA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90ECD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90ED8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90F0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F0C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90F17000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x90F1C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90F35000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90F38000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F66000 \SystemRoot\system32\DRIVERS\storport.sys
0x90FA7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90FB2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90FC9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90FD4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90B76000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90B85000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90B99000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90FF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90BBE000 \SystemRoot\system32\DRIVERS\ks.sys
0x90BE8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90BF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B35E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B392000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B3A3000 \SystemRoot\system32\drivers\portcls.sys
0x8B3D0000 \SystemRoot\system32\drivers\drmk.sys
0x91805000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91921000 \SystemRoot\system32\drivers\modem.sys
0x9192E000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x91977000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x91988000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9238A000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x92393000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x923B5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x923EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9199F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x923F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x919AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x923FB000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x923FC000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x919B8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x919C1000 \SystemRoot\System32\Drivers\Null.SYS
0x919C8000 \SystemRoot\System32\Drivers\Beep.SYS
0x919CF000 \SystemRoot\System32\drivers\vga.sys
0x919DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B3F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B33B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA1A06000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA1A14000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA1A1D000 \SystemRoot\system32\DRIVERS\tdx.sys
0xA1A33000 \SystemRoot\system32\DRIVERS\smb.sys
0xA1A47000 \SystemRoot\system32\drivers\afd.sys
0xA1A8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA1AC1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0xA1ACA000 \SystemRoot\system32\DRIVERS\pacer.sys
0xA1AE0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1AEE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1B01000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA1B2D000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA1B93000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1BCF000 \SystemRoot\system32\drivers\nsiproxy.sys
0xA240C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA246B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA2489000 \SystemRoot\System32\Drivers\dfsc.sys
0xA24A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0xA24AD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xA24B8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA9E70000 \SystemRoot\System32\win32k.sys
0xA24C2000 \SystemRoot\System32\drivers\Dxapi.sys
0xA24CC000 \SystemRoot\system32\DRIVERS\monitor.sys
0xAA090000 \SystemRoot\System32\TSDDD.dll
0xAA0B0000 \SystemRoot\System32\cdd.dll
0xA24DB000 \SystemRoot\system32\drivers\luafv.sys
0xA24F6000 \??\C:\Windows\system32\drivers\mbam.sys
0xA24FA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA250A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA2534000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA253E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2551000 \SystemRoot\system32\drivers\spsys.sys
0xBD400000 \SystemRoot\system32\drivers\HTTP.sys
0xBD46D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xBD48A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xBD4A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xBD4B8000 \SystemRoot\system32\drivers\mrxdav.sys
0xBD4D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBD4F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xBD530000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xBD548000 \SystemRoot\System32\DRIVERS\srv2.sys
0xBD570000 \SystemRoot\System32\DRIVERS\srv.sys
0xBF405000 \SystemRoot\system32\drivers\peauth.sys
0xBF4E3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBF4ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x92200000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121009.003\NAVEX15.SYS
0xBF523000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121009.003\NAVENG.SYS
0xBF538000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
612 csrss.exe
656 csrss.exe
664 C:\Windows\System32\wininit.exe
704 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
772 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\svchost.exe
952 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
996 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1440 C:\Program Files\HitmanPro\hmpsched.exe
1452 C:\Windows\System32\svchost.exe
1584 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1760 C:\Windows\System32\wlanext.exe
1832 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
268 C:\Windows\System32\agrsmsvc.exe
424 C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
488 C:\Program Files\Bonjour\mDNSResponder.exe
580 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
600 C:\Program Files\Symantec AntiVirus\DefWatch.exe
844 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2020 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
2152 C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
2168 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2208 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2264 C:\Toshiba\IVP\ISM\pinger.exe
2276 C:\Windows\System32\IoctlSvc.exe
2288 C:\Windows\System32\svchost.exe
2300 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2320 C:\Windows\System32\rpcnet.exe
2380 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2464 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2524 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2572 C:\Windows\System32\TODDSrv.exe
2612 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2696 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2732 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2760 C:\Windows\System32\SearchIndexer.exe
3560 C:\Windows\System32\dwm.exe
3572 C:\Windows\explorer.exe
3616 C:\Program Files\HitmanPro\HitmanPro.exe
3636 C:\Windows\System32\taskeng.exe
3712 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
3960 C:\Windows\System32\taskeng.exe
2448 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2440 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
1556 C:\Program Files\Real\RealPlayer\Update\realsched.exe
1340 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3472 C:\Windows\System32\wbem\unsecapp.exe
1292 WmiPrvSE.exe
2992 C:\Program Files\Google\Chrome\Application\chrome.exe
4084 C:\Program Files\Google\Chrome\Application\chrome.exe
4056 C:\Program Files\Google\Chrome\Application\chrome.exe
3476 C:\Program Files\Google\Chrome\Application\chrome.exe
416 C:\Program Files\Google\Chrome\Application\chrome.exe
1288 C:\Program Files\Google\Chrome\Application\chrome.exe
4160 C:\Program Files\Google\Chrome\Application\chrome.exe
4340 C:\Program Files\Google\Chrome\Application\chrome.exe
4468 C:\Program Files\Google\Chrome\Application\chrome.exe
4532 C:\PROGRA~1\Webshots\webshots.scr
4944 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
4976 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
5012 WmiPrvSE.exe
5060 C:\Windows\servicing\TrustedInstaller.exe
5928 C:\Program Files\Google\Chrome\Application\chrome.exe
5992 C:\Windows\System32\wbem\WMIADAP.exe
4380 C:\Windows\System32\wuauclt.exe
4144 C:\Users\lalit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1646GSX, Rev: LB113M

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Now, another run-through. Check computer for any more issues, and let me know what's up.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A205
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x82E1B000 \SystemRoot\system32\ntkrnlpa.exe
0x831D4000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80671000 \SystemRoot\system32\PSHED.dll
0x80682000 \SystemRoot\system32\BOOTVID.dll
0x8068A000 \SystemRoot\system32\CLFS.SYS
0x806CB000 \SystemRoot\system32\CI.dll
0x83809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83885000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83892000 \SystemRoot\system32\drivers\acpi.sys
0x838D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x838E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x838E9000 \SystemRoot\system32\drivers\pci.sys
0x83910000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8391A000 \SystemRoot\System32\drivers\partmgr.sys
0x83929000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8392C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83936000 \SystemRoot\system32\drivers\volmgr.sys
0x83945000 \SystemRoot\System32\drivers\volmgrx.sys
0x8398F000 \SystemRoot\system32\drivers\intelide.sys
0x83996000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x839A4000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x839D1000 \SystemRoot\System32\drivers\mountmgr.sys
0x839E1000 \SystemRoot\system32\drivers\atapi.sys
0x807AB000 \SystemRoot\system32\drivers\ataport.SYS
0x839E9000 \SystemRoot\system32\drivers\msahci.sys
0x807C9000 \SystemRoot\system32\drivers\fltmgr.sys
0x83A03000 \SystemRoot\system32\drivers\fileinfo.sys
0x83A13000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83A1C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83A8D000 \SystemRoot\system32\drivers\ndis.sys
0x83B98000 \SystemRoot\system32\drivers\msrpc.sys
0x83BC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B201000 \SystemRoot\System32\drivers\tcpip.sys
0x8B2EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B512000 \SystemRoot\system32\drivers\volsnap.sys
0x8B54B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B550000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8B59B000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5A3000 \SystemRoot\System32\Drivers\mup.sys
0x8B5B2000 \SystemRoot\System32\drivers\ecache.sys
0x8B5D9000 \SystemRoot\system32\drivers\disk.sys
0x8B305000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5EA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B346000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B34F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90405000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90A3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90ADB000 \SystemRoot\System32\drivers\watchdog.sys
0x90AE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90AF3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90B31000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90B40000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90B52000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90C03000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x90E32000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90E42000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90E50000 \SystemRoot\system32\drivers\tifm21.sys
0x90E9C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90EBA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90ECD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90ED8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90F0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F0C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90F17000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x90F1C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90F35000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90F38000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F66000 \SystemRoot\system32\DRIVERS\storport.sys
0x90FA7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90FB2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90FC9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90FD4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90B76000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90B85000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90B99000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90FF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90BBE000 \SystemRoot\system32\DRIVERS\ks.sys
0x90BE8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90BF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B35E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B392000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B3A3000 \SystemRoot\system32\drivers\portcls.sys
0x8B3D0000 \SystemRoot\system32\drivers\drmk.sys
0x91805000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91921000 \SystemRoot\system32\drivers\modem.sys
0x9192E000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x91977000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x91988000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9238A000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x92393000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x923B5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x923EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9199F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x923F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x919AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x923FB000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x923FC000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x919B8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x919C1000 \SystemRoot\System32\Drivers\Null.SYS
0x919C8000 \SystemRoot\System32\Drivers\Beep.SYS
0x919CF000 \SystemRoot\System32\drivers\vga.sys
0x919DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B3F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B33B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA1A06000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA1A14000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA1A1D000 \SystemRoot\system32\DRIVERS\tdx.sys
0xA1A33000 \SystemRoot\system32\DRIVERS\smb.sys
0xA1A47000 \SystemRoot\system32\drivers\afd.sys
0xA1A8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA1AC1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0xA1ACA000 \SystemRoot\system32\DRIVERS\pacer.sys
0xA1AE0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1AEE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1B01000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA1B2D000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA1B93000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1BCF000 \SystemRoot\system32\drivers\nsiproxy.sys
0xA240C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA246B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA2489000 \SystemRoot\System32\Drivers\dfsc.sys
0xA24A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0xA24AD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xA24B8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA9E70000 \SystemRoot\System32\win32k.sys
0xA24C2000 \SystemRoot\System32\drivers\Dxapi.sys
0xA24CC000 \SystemRoot\system32\DRIVERS\monitor.sys
0xAA090000 \SystemRoot\System32\TSDDD.dll
0xAA0B0000 \SystemRoot\System32\cdd.dll
0xA24DB000 \SystemRoot\system32\drivers\luafv.sys
0xA24F6000 \??\C:\Windows\system32\drivers\mbam.sys
0xA24FA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA250A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA2534000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA253E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2551000 \SystemRoot\system32\drivers\spsys.sys
0xBD400000 \SystemRoot\system32\drivers\HTTP.sys
0xBD46D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xBD48A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xBD4A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xBD4B8000 \SystemRoot\system32\drivers\mrxdav.sys
0xBD4D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBD4F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xBD530000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xBD548000 \SystemRoot\System32\DRIVERS\srv2.sys
0xBD570000 \SystemRoot\System32\DRIVERS\srv.sys
0xBF405000 \SystemRoot\system32\drivers\peauth.sys
0xBF4E3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBF4ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x92200000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121009.003\NAVEX15.SYS
0xBF523000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121009.003\NAVENG.SYS
0xBF538000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
612 csrss.exe
656 csrss.exe
664 C:\Windows\System32\wininit.exe
704 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
772 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\svchost.exe
952 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
996 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1440 C:\Program Files\HitmanPro\hmpsched.exe
1452 C:\Windows\System32\svchost.exe
1584 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1760 C:\Windows\System32\wlanext.exe
1832 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
268 C:\Windows\System32\agrsmsvc.exe
424 C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
488 C:\Program Files\Bonjour\mDNSResponder.exe
580 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
600 C:\Program Files\Symantec AntiVirus\DefWatch.exe
844 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2020 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
2152 C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
2168 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2208 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2264 C:\Toshiba\IVP\ISM\pinger.exe
2276 C:\Windows\System32\IoctlSvc.exe
2288 C:\Windows\System32\svchost.exe
2300 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2320 C:\Windows\System32\rpcnet.exe
2380 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2464 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2524 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2572 C:\Windows\System32\TODDSrv.exe
2612 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2696 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2732 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2760 C:\Windows\System32\SearchIndexer.exe
3560 C:\Windows\System32\dwm.exe
3572 C:\Windows\explorer.exe
3636 C:\Windows\System32\taskeng.exe
3712 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
3960 C:\Windows\System32\taskeng.exe
2448 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2440 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
1340 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3472 C:\Windows\System32\wbem\unsecapp.exe
1292 WmiPrvSE.exe
2992 C:\Program Files\Google\Chrome\Application\chrome.exe
4084 C:\Program Files\Google\Chrome\Application\chrome.exe
4056 C:\Program Files\Google\Chrome\Application\chrome.exe
3476 C:\Program Files\Google\Chrome\Application\chrome.exe
416 C:\Program Files\Google\Chrome\Application\chrome.exe
1288 C:\Program Files\Google\Chrome\Application\chrome.exe
4160 C:\Program Files\Google\Chrome\Application\chrome.exe
4340 C:\Program Files\Google\Chrome\Application\chrome.exe
4468 C:\Program Files\Google\Chrome\Application\chrome.exe
4532 C:\PROGRA~1\Webshots\webshots.scr
5928 C:\Program Files\Google\Chrome\Application\chrome.exe
4380 C:\Windows\System32\wuauclt.exe
4460 C:\Program Files\Google\Chrome\Application\chrome.exe
5720 C:\Program Files\Google\Chrome\Application\chrome.exe
5652 C:\Program Files\Internet Explorer\iexplore.exe
1988 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3528 C:\Program Files\Google\Chrome\Application\chrome.exe
3336 C:\Program Files\Google\Chrome\Application\chrome.exe
4960 C:\Program Files\Real\RealPlayer\Update\realsched.exe
4804 taskeng.exe
552 C:\Program Files\Google\Chrome\Application\chrome.exe
4624 C:\Program Files\Google\Chrome\Application\chrome.exe
1384 C:\Users\lalit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1646GSX, Rev: LB113M

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

My apologies...I meant run-through of problems on the computer... check for other issues, please...

aswMBR logs
===============================
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 12:22:54
-----------------------------
12:22:54.998 OS Version: Windows 6.0.6001 Service Pack 1
12:22:54.999 Number of processors: 2 586 0xF0D
12:22:55.001 ComputerName: LALITMAMTA-PC UserName: lalit
12:23:01.293 Initialize success
12:23:34.818 AVAST engine defs: 12101400
12:23:43.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:23:43.205 Disk 0 Vendor: TOSHIBA_MK1646GSX LB113M Size: 152627MB BusType: 3
12:23:43.331 Disk 0 MBR read successfully
12:23:43.334 Disk 0 MBR scan
12:23:43.399 Disk 0 Windows VISTA default MBR code
12:23:43.429 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:23:43.451 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151126 MB offset 3074048
12:23:43.621 Disk 0 scanning sectors +312580096
12:23:43.828 Disk 0 scanning C:\Windows\system32\drivers
12:24:27.265 Service scanning
12:25:24.969 Modules scanning
12:26:19.522 Module: C:\Windows\system32\drivers\RTKVHDA.sys **SUSPICIOUS**
12:27:15.401 AVAST engine scan C:\Windows
12:27:46.992 AVAST engine scan C:\Windows\system32
12:36:45.401 AVAST engine scan C:\Windows\system32\drivers
12:37:16.368 AVAST engine scan C:\Users\lalit
12:48:23.798 AVAST engine scan C:\ProgramData
12:51:22.746 Scan finished successfully
12:52:03.586 Disk 0 MBR has been saved successfully to "C:\Users\lalit\Desktop\MBR.dat"
12:52:03.602 The log file has been saved successfully to "C:\Users\lalit\Desktop\aswMBR.txt"
==========================================

Unable to upload the MBR.dat file even after changing the extension to .txt, error is 'Uploaded file is not valid.'

I have zipped and uploaded MBR.dat file for your review.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Computer speed is better now.
Avira antivirus is reporting TR/Offend.2.945 virus
No system crashes recently.

Odd. Thought the scans would have picked that up...

CapperKiller Scan

The CapperKiller utility is designed for treating the aftermaths of a Trojan-Banker.Win32.Capper infection.

How to use the utility:

• Download the CapperKiller.exe utility.
• Run the CapperKiller.exe utility.
  

A reboot may be required after the treatment.

The CapperKiller utility performs the following:

• Detects and fixes proxy settings in all browsers.
• Detects and deletes malicious exec files.
• Once it is done running, it may ask you to reboot the machine. Please make sure it reboots, if it asks.
• A report will be created in your root directory, (usually C:\ folder) in the form of "CapperKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

This scan didn't find anything

22:45:58.0335 5120 Trojan-Banker.Win32.Capper removal tool 1.0.5.0 Oct 17 2012 09:06:44
22:45:59.0076 5120 ============================================================
22:45:59.0076 5120 Current date / time: 2012/10/24 22:45:59.0076
22:45:59.0076 5120 SystemInfo:
22:45:59.0077 5120
22:45:59.0077 5120 OS Version: 6.0.6001 ServicePack: 1.0
22:45:59.0077 5120 Product type: Workstation
22:45:59.0077 5120 ComputerName: LALITMAMTA-PC
22:45:59.0077 5120 UserName: lalit
22:45:59.0077 5120 Windows directory: C:\Windows
22:45:59.0077 5120 System windows directory: C:\Windows
22:45:59.0077 5120 Processor architecture: Intel x86
22:45:59.0077 5120 Number of processors: 2
22:45:59.0077 5120 Page size: 0x1000
22:45:59.0077 5120 Boot type: Normal boot
22:45:59.0077 5120 ============================================================
22:45:59.0078 5120 Initialize success
22:45:59.0078 5120 ============================================================
22:46:40.0323 4220 ================================================================================
22:46:40.0323 4220 Scan started
22:46:40.0323 4220 ================================================================================
22:46:40.0323 4220 ProcessDriveEnumEx: Drive C:\ type 3:0
22:57:35.0117 4220 ProcessDriveEnumEx: Drive D:\ type 5:0
22:57:35.0149 4220 ================================================================================
22:57:35.0149 4220 Scan finished
22:57:35.0149 4220 ================================================================================

Although Avira is indicating the following -

contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
contained a virus or unwanted program 'TR/Drop.Delf.fde' [trojan]
contained a virus or unwanted program 'TR/Offend.2.945' [trojan]
contained a virus or unwanted program 'TR/Agent.cada.23010' [trojan]
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
Virus or unwanted program 'TR/Drop.Delf.fde [trojan]'
Virus or unwanted program 'TR/Agent.cada.23010 [trojan]'
Virus or unwanted program 'TR/Offend.2.945 [trojan]'
Virus or unwanted program 'SPR/Tool.AE [riskware]'
Virus or unwanted program 'SPR/Tool.AF [riskware]'
Virus or unwanted program 'SPR/GooglePwdDecryptor.AA.4 [riskware]'
Virus or unwanted program 'SPR/Tool.AD [riskware]'
Virus or unwanted program 'SPR/FMTool.A [riskware]'
contained a virus or unwanted program 'TR/Offend.2.945' [trojan]
Virus or unwanted program 'TR/Offend.2.945 [trojan]'

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
  
• Once it has installed, review and accept the agreement and press the Start button.
  
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
  
• Once you exit, the tool should uninstall automatically.
  

Detected Threats Report -

Status: Absent (events: 5)
29-10-2012 00:37:02 Not found Trojan program Exploit.Java.CVE-2011-3544.jy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04380007.VBN//CryptZ/Effect.class High
29-10-2012 00:37:02 Not found Trojan program Trojan-Downloader.Win32.Agent.ufqr C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17040000.VBN//CryptZ/BUBBLE97/Install.EXE/LOADER.EXE High
29-10-2012 00:37:02 Not found virus Worm.MSIL.Autorun.du C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C080001\4D2954A4.VBN//CryptZ High
29-10-2012 00:37:02 Not found Trojan program Exploit.Java.CVE-2011-3544.jy C:\Users\LalitMamta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7840f6-4478f694/Effect.class High
29-10-2012 00:37:02 Not found Trojan program Exploit.Java.CVE-2011-3544.jy C:\Users\LalitMamta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7840f6-4478f694/Matrix.class High
Status: Vulnerability (events: 20)
28-10-2012 10:54:32 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Documents and Settings\lalit\AppData\Local\Google\Chrome\Application\Plugins\gears\gears.dll Low
28-10-2012 10:59:04 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Documents and Settings\lalit\AppData\Local\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
28-10-2012 11:12:57 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Documents and Settings\lalit\Local Settings\Google\Chrome\Application\Plugins\gears\gears.dll Low
28-10-2012 11:15:20 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Documents and Settings\lalit\Local Settings\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
28-10-2012 15:22:01 Vulnerability vulnerability http://www.securelist.com/en/advisories/33196 C:\Program Files\DivX\DivX Web Player\npdivx32.dll Low
28-10-2012 15:34:08 Vulnerability vulnerability http://www.securelist.com/en/advisories/43853 C:\Program Files\Google\Picasa3\plugins\expwebsites\expwebsites.yti Low
28-10-2012 15:36:16 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 C:\Program Files\Java\jdk1.6.0_14\bin\javac.exe Low
28-10-2012 15:37:21 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 C:\Program Files\Java\jre1.6.0_03\bin\java.exe Low
28-10-2012 15:37:34 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 C:\Program Files\Java\jre6\bin\java.exe Low
28-10-2012 16:08:31 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Program Files\WinRAR\WinRAR.exe Low
28-10-2012 16:19:04 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Users\lalit\AppData\Local\Google\Chrome\Application\Plugins\gears\gears.dll Low
28-10-2012 16:23:40 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Users\lalit\AppData\Local\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
28-10-2012 16:32:15 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Users\lalit\Local Settings\Google\Chrome\Application\Plugins\gears\gears.dll Low
28-10-2012 16:36:23 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Users\lalit\Local Settings\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
28-10-2012 17:04:30 Vulnerability vulnerability http://www.securelist.com/en/advisories/0 C:\Windows\System32\msxml4.dll Low
28-10-2012 17:12:03 Vulnerability vulnerability http://www.securelist.com/en/advisories/50876 C:\Windows\System32\Macromed\Flash\NPSWF32.dll Low
28-10-2012 17:41:16 Vulnerability vulnerability http://www.securelist.com/en/advisories/47447 c:\Program Files\QuickTime\QuickTimePlayer.exe Low
28-10-2012 17:41:29 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 c:\Program Files\WinRAR\WinRAR.exe Low
28-10-2012 17:51:09 Vulnerability vulnerability http://www.securelist.com/en/advisories/50876 c:\Windows\System32\Macromed\Flash\NPSWF32.dll Low
28-10-2012 18:00:39 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 c:\program files\WinRAR\WinRAR.exe Low
Status: Disinfected (events: 3)
29-10-2012 00:37:01 Disinfected Trojan program Exploit.Java.CVE-2011-3544.jy C:\Documents and Settings\LalitMamta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7840f6-4478f694/Effect.class High
29-10-2012 00:37:01 Disinfected Trojan program Exploit.Java.CVE-2011-3544.jy C:\Documents and Settings\LalitMamta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7840f6-4478f694/Matrix.class High
29-10-2012 00:37:01 Disinfected Trojan program Exploit.Java.CVE-2011-3544.jy C:\Documents and Settings\LalitMamta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7840f6-4478f694 High
Status: Deleted (events: 5)
28-10-2012 16:00:44 Deleted Trojan program Trojan.Win32.Diple.yyp C:\Lalit\Lalit2\games\SWF\Flash Games.part2.rar//Flash Games/Pencak Silat.exe High
28-10-2012 16:00:48 Deleted Trojan program Trojan.Win32.Diple.yyp C:\Lalit\Lalit2\games\SWF\Flash Games\Pencak Silat.exe High
28-10-2012 16:00:46 Deleted Trojan program Trojan.Win32.Diple.yyp C:\Lalit\Lalit2\games\SWF\Flash Games\Pencak Silat (2).exe High
29-10-2012 00:36:39 Deleted Trojan program Trojan.Win32.Agent.spfu C:\Program Files\TikonaConnect\Uninstall.exe High
28-10-2012 16:00:44 Deleted Trojan program Trojan.Win32.Diple.yyp C:\Lalit\Lalit2\games\SWF\Flash Games.part2.rar High

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

My system is working better now. ... thanks to you!

Excellent.

If it all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name I.e. Clean
  
• Select Create
  

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive I.e. C
  
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
  
• Select OK
  
• Select Delete
  

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

[list][*]Double-click the CCleaner shortcut on the desktop to start the program.
[*]A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
[*]On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
[*]Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Result of Security Check tool -

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
CCleaner
FCleaner 1.2.7.1127
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 14
Java DB 10.4.2.1
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Google Chrome 23.0.1271.60
Google Chrome 24.0.1312.14
Google Chrome 24.0.1312.5
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Update Service Pack: http://support.microsoft.com/kb/935791

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?

After installing Windows Vista SP2, Security Essentials and upgrading IE to 9 from 8,
my system has become slower,
restart/ switch user/ logon takes more time,
google chrome keeps crashing
and had blue screen (windows crash) 3 times yesterday

Upload Dump Files:
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html

I don't see any dump files in the locations mentioned. I even searched the full computer for dump files, nothing found. Had no crashes for last 1 week. Microsoft Security Essentials and Avira haven't reported any issues recently.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/12/2012 21:57:29

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/12/2012 15:37:01
Type: Error Category: 16
Event: 4621 Source: Microsoft-Windows-EventSystem
The COM+ Event System could not remove the EventSystem.EventSubscription object {B45E192B-FACF-4DBA-A0A0-D75BF8BA76D1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Log: 'Application' Date/Time: 01/12/2012 11:20:13
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 01/12/2012 07:00:13
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Users\lalit\AppData\Local\Temp\{230D4125-2E57-4CE3-AC8B-B8AF4F4181E7}\{C40C3C3D-97CF-44B5-836C-766E374464B3}\dx\dxsetup.exe /silent; Descripton = äxÑv; Hr = 0x80070057).

Log: 'Application' Date/Time: 01/12/2012 06:55:06
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/11/2012 14:11:07
Type: Error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy23,0xc0000000,0x00000003,...). hr = 0x80070020.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 27/11/2012 13:51:11
Type: Error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy23,0xc0000000,0x00000003,...). hr = 0x80070020.

Log: 'Application' Date/Time: 25/11/2012 13:16:16
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1ce0 Start Time: 01cdcafa79ed1df0 Termination Time: 144

Log: 'Application' Date/Time: 25/11/2012 10:48:45
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1db4 Start Time: 01cdcae8e5125620 Termination Time: 140

Log: 'Application' Date/Time: 25/11/2012 07:23:32
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1364 Start Time: 01cdca60e6d01480 Termination Time: 505

Log: 'Application' Date/Time: 25/11/2012 05:55:48
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1dac Start Time: 01cdcacd2c9d5fb0 Termination Time: 365

Log: 'Application' Date/Time: 24/11/2012 16:27:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1304ca8a-ee7f-43e5-8d87-4d20f8936e18}

Log: 'Application' Date/Time: 24/11/2012 14:13:05
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e68 Start Time: 01cdca26f593f887 Termination Time: 552

Log: 'Application' Date/Time: 24/11/2012 12:31:02
Type: Error Category: 0
Event: 1014 Source: MsiInstaller
Windows Installer proxy information not correctly registered

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Error Category: 0
Event: 1014 Source: MsiInstaller
Windows Installer proxy information not correctly registered

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Error Category: 0
Event: 1014 Source: MsiInstaller
Windows Installer proxy information not correctly registered

Log: 'Application' Date/Time: 24/11/2012 09:31:48
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/11/2012 09:24:58
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/11/2012 09:17:21
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b4 Start Time: 01cdc92fe905f2f2 Termination Time: 730

Log: 'Application' Date/Time: 23/11/2012 16:11:41
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program ChatRepublicPlayer.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 190c Start Time: 01cdc99530d04cc0 Termination Time: 23

Log: 'Application' Date/Time: 23/11/2012 05:38:09
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program AngryBirdsSpace.exe version 1.3.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1004 Start Time: 01cdc93c7cf7ae80 Termination Time: 89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/12/2012 15:37:03
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1000:
Process 1456 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 5184 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 3000 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers


Log: 'Application' Date/Time: 01/12/2012 11:45:19
Type: Warning Category: 0
Event: 1032 Source: MsiInstaller
An error occured while refreshing environment variables updated during the installation of ''. Some users logged on to the machine may not see these changes until they log off and then log back on.

Log: 'Application' Date/Time: 01/12/2012 11:11:09
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1002_Classes:
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002_CLASSES


Log: 'Application' Date/Time: 01/12/2012 11:11:06
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 13 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1002:
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1356 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Internet Explorer\IETld
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Policies
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows NT\CurrentVersion
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2424 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software


Log: 'Application' Date/Time: 01/12/2012 06:49:09
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1002_Classes:
Process 5648 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avscan.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002_CLASSES
Process 3696 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002_CLASSES\Software\Microsoft


Log: 'Application' Date/Time: 01/12/2012 06:49:08
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1002:
Process 3696 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


Log: 'Application' Date/Time: 01/12/2012 06:44:42
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1000_Classes:
Process 3696 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000_CLASSES\Software\Microsoft


Log: 'Application' Date/Time: 01/12/2012 06:44:40
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1000:
Process 3696 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 6252 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers


Log: 'Application' Date/Time: 29/11/2012 12:30:44
Type: Warning Category: 2
Event: 4113 Source: Avira Antivirus
AntiVir has detected 'TR/Diple.auhj' in the file C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20121129-081803-7E3991C3\000005C8-9A17E889.av$

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 29/11/2012 12:22:22
Type: Warning Category: 18
Event: 4356 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to create an instance of the subscriber {28778B62-8481-400D-8E8A-A4C81ED3F65C}. StandardCreateInstance returned HRESULT 8000401a.

Log: 'Application' Date/Time: 25/11/2012 13:30:48
Type: Warning Category: 2
Event: 4113 Source: Avira Antivirus
AntiVir has detected 'PCK/Armadillo' in the file C:\Program Files\Any Video Converter Professional\avcdrm.dll

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2012 15:02:51
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/12/2012 13:18:56
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/12/2012 13:15:42
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/12/2012 11:20:14
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/12/2012 11:14:05
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/12/2012 07:10:03
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 01/12/2012 06:55:10
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/12/2012 06:42:11
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 01/12/2012 05:22:59
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 30/11/2012 14:04:42
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 29/11/2012 12:28:10
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 29/11/2012 12:22:21
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 27/11/2012 13:43:07
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 26/11/2012 04:18:10
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/11/2012 13:13:59
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/11/2012 11:29:08
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/11/2012 08:41:02
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/11/2012 05:17:52
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 24/11/2012 09:31:51
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/11/2012 09:30:48
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 14:56:44 on 24-11-2012 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2012 15:38:02
Type: Warning Category: 0
Event: 4228 Source: Tcpip
TCP/IP has chosen to restrict the scale factor due to a network condition. This could be related to a problem in a network device and will cause degraded throughput.

Log: 'System' Date/Time: 01/12/2012 15:02:51
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 01/12/2012 13:18:56
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 01/12/2012 13:15:42
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 01/12/2012 11:15:03
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/12/2012 11:14:59
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 01/12/2012 11:09:02
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB979910(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 01/12/2012 11:09:02
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB979910(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 01/12/2012 11:09:01
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB979910(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 01/12/2012 11:09:01
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB979910(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 01/12/2012 11:09:01
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB979910(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 01/12/2012 11:08:44
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:44
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:44
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:44
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:43
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:43
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:43
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:43
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Log: 'System' Date/Time: 01/12/2012 11:08:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB979910(Security Update) is not applicable for this system

Another run of application VEW with specific dates had these details -

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/12/2012 22:57:46

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/11/2012 16:27:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1304ca8a-ee7f-43e5-8d87-4d20f8936e18}

Log: 'Application' Date/Time: 24/11/2012 14:13:05
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: e68 Start Time: 01cdca26f593f887 Termination Time: 552

Log: 'Application' Date/Time: 24/11/2012 12:31:02
Type: Error Category: 0
Event: 1014 Source: MsiInstaller
Windows Installer proxy information not correctly registered

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Error Category: 0
Event: 1014 Source: MsiInstaller
Windows Installer proxy information not correctly registered

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Error Category: 0
Event: 1014 Source: MsiInstaller
Windows Installer proxy information not correctly registered

Log: 'Application' Date/Time: 24/11/2012 09:31:48
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/11/2012 09:24:58
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/11/2012 09:17:21
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program chrome.exe version 24.0.1312.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b4 Start Time: 01cdc92fe905f2f2 Termination Time: 730

Log: 'Application' Date/Time: 23/11/2012 16:11:41
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program ChatRepublicPlayer.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 190c Start Time: 01cdc99530d04cc0 Termination Time: 23

Log: 'Application' Date/Time: 23/11/2012 05:38:09
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program AngryBirdsSpace.exe version 1.3.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1004 Start Time: 01cdc93c7cf7ae80 Termination Time: 89

Log: 'Application' Date/Time: 23/11/2012 03:56:29
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/11/2012 16:12:11
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1000_Classes:
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000_CLASSES
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000_CLASSES


Log: 'Application' Date/Time: 24/11/2012 16:12:07
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 13 user registry handles leaked from \Registry\User\S-1-5-21-2972934901-3891036527-1405551415-1000:
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies
Process 600 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 4868 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3088 (\Device\HarddiskVolume2\Program Files\Avira\AntiVir Desktop\avgnt.exe) has opened key \REGISTRY\USER\S-1-5-21-2972934901-3891036527-1405551415-1000\Software\Microsoft\Windows NT\CurrentVersion


Log: 'Application' Date/Time: 24/11/2012 13:19:43
Type: Warning Category: 2
Event: 4113 Source: Avira Antivirus
AntiVir has detected 'PCK/Armadillo' in the file C:\Program Files\Any Video Converter Professional\avcdrm.dll

Log: 'Application' Date/Time: 24/11/2012 12:31:02
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80004005

Log: 'Application' Date/Time: 24/11/2012 12:31:02
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{456D1A62-DC1F-45C2-910F-FCDB0DCE4562}'

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'ProductFiles', component '{66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E}' failed. The resource 'HKEY_CLASSES_ROOT\.pip\' does not exist.

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80004005

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{456D1A62-DC1F-45C2-910F-FCDB0DCE4562}'

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'ProductFiles', component '{66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E}' failed. The resource 'HKEY_CLASSES_ROOT\.pip\' does not exist.

Log: 'Application' Date/Time: 24/11/2012 12:31:01
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80004005

Log: 'Application' Date/Time: 24/11/2012 12:28:17
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'

Log: 'Application' Date/Time: 24/11/2012 12:28:17
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'ProductFiles', component '{66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E}' failed. The resource 'HKEY_CLASSES_ROOT\.pip\' does not exist.

Log: 'Application' Date/Time: 24/11/2012 12:15:29
Type: Warning Category: 2
Event: 4113 Source: Avira Antivirus
AntiVir has detected 'PCK/Armadillo' in the file C:\Program Files\Any Video Converter Professional\avcdrm.dll

Log: 'Application' Date/Time: 24/11/2012 11:52:33
Type: Warning Category: 2
Event: 4113 Source: Avira Antivirus
AntiVir has detected 'PCK/Armadillo' in the file C:\Program Files\Any Video Converter Professional\avcdrm.dll

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2012 09:31:51
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/11/2012 09:30:48
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 14:56:44 on 24-11-2012 was unexpected.

Log: 'System' Date/Time: 24/11/2012 09:24:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 24/11/2012 09:24:26
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 24/11/2012 09:24:01
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 14:49:21 on 24-11-2012 was unexpected.

Log: 'System' Date/Time: 23/11/2012 13:43:36
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 23/11/2012 10:19:41
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 23/11/2012 05:33:27
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4385 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

Log: 'System' Date/Time: 23/11/2012 04:09:07
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 23/11/2012 03:56:29
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 23/11/2012 03:56:04
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.34 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2012 15:39:22
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT C:\..._webinstaller_ALL.exe

Log: 'System' Date/Time: 24/11/2012 14:57:27
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT

Log: 'System' Date/Time: 24/11/2012 09:24:26
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 23/11/2012 13:43:36
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 23/11/2012 10:19:41
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 23/11/2012 05:33:27
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 23/11/2012 04:07:43
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-zh-hk-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:43
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-uk-ua-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-th-th-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sl-si-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sk-sk-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sr-latn-cs-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ro-ro-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-lt-lt-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-lv-lv-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-et-ee-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:42
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-hr-hr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-bg-bg-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-tr-tr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sv-se-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ru-ru-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-pt-pt-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-pt-br-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-pl-pl-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ps-ps-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-nb-no-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:41
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-nl-nl-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:40
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ko-kr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:40
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-it-it-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:40
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-hu-hu-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:40
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-he-il-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:40
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-fr-fr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-fi-fi-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-es-es-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-el-gr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-de-de-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-da-dk-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-cs-cz-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-zh-tw-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:39
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-zh-cn-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:38
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ar-sa-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:38
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ja-jp-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:38
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WindowsUpdateClient-SelfUpdate-Core-AdmComp-Package_en-US(Language Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:07:35
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WindowsUpdateClient-SelfUpdate-Core-AdmComp-Package(Update) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-zh-hk-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-uk-ua-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-th-th-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sl-si-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:29
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sk-sk-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sr-latn-cs-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ro-ro-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-lt-lt-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-lv-lv-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-et-ee-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-hr-hr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-bg-bg-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-tr-tr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:28
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sv-se-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ru-ru-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-pt-pt-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-pt-br-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-pl-pl-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ps-ps-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-nb-no-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-nl-nl-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ko-kr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:27
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-it-it-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:26
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-hu-hu-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:26
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-he-il-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:26
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-fr-fr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:26
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-fi-fi-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:26
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-es-es-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:25
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-el-gr-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:24
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-de-de-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:24
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-da-dk-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:24
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-cs-cz-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:23
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-zh-tw-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:23
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-zh-cn-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:23
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ar-sa-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 04:06:22
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ja-jp-MiniLP(Feature Pack) is not applicable for this system

Log: 'System' Date/Time: 23/11/2012 03:56:04
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Remove Avira: http://www.avira.com/en/support-download-avira-antivir-removal-tool/product/

Then, do the following before reinstalling Avira:

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
  
• Once it has installed, review and accept the agreement and press the Start button.
  
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
  
• Once you exit, the tool should uninstall automatically.
  

Kaspersky Threats Detection Report -

Status: Vulnerability (events: 18)
04/12/2012 02:44:01 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Documents and Settings\lalit\AppData\Local\Google\Chrome\Application\Plugins\gears\gears.dll Low
04/12/2012 02:52:56 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Documents and Settings\lalit\AppData\Local\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
04/12/2012 03:19:37 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Documents and Settings\lalit\Local Settings\Google\Chrome\Application\Plugins\gears\gears.dll Low
04/12/2012 03:25:31 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Documents and Settings\lalit\Local Settings\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
04/12/2012 09:59:16 Vulnerability vulnerability http://www.securelist.com/en/advisories/33196 C:\Program Files\DivX\DivX Web Player\npdivx32.dll Low
04/12/2012 10:17:47 Vulnerability vulnerability http://www.securelist.com/en/advisories/43853 C:\Program Files\Google\Picasa3\plugins\expwebsites\expwebsites.yti Low
04/12/2012 10:20:51 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 C:\Program Files\Java\jdk1.6.0_14\bin\javac.exe Low
04/12/2012 11:07:45 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Program Files\WinRAR\WinRAR.exe Low
04/12/2012 13:03:05 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Users\lalit\AppData\Local\Google\Chrome\Application\Plugins\gears\gears.dll Low
04/12/2012 13:11:26 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Users\lalit\AppData\Local\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
04/12/2012 13:27:52 Vulnerability vulnerability http://www.securelist.com/en/advisories/33062 C:\Users\lalit\Local Settings\Google\Chrome\Application\Plugins\gears\gears.dll Low
04/12/2012 13:35:57 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 C:\Users\lalit\Local Settings\VirtualStore\Program Files\WinRAR\WinRAR.exe.bak Low
04/12/2012 18:41:40 Vulnerability vulnerability http://www.securelist.com/en/advisories/0 C:\Windows\System32\msxml4.dll Low
04/12/2012 19:40:37 Vulnerability vulnerability http://www.securelist.com/en/advisories/51213 C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll Low
05/12/2012 07:39:23 Vulnerability vulnerability http://www.securelist.com/en/advisories/51226 c:\Program Files\QuickTime\QuickTimePlayer.exe Low
05/12/2012 07:39:38 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 c:\Program Files\WinRAR\WinRAR.exe Low
05/12/2012 07:49:45 Vulnerability vulnerability http://www.securelist.com/en/advisories/51213 c:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll Low
05/12/2012 08:03:46 Vulnerability vulnerability http://www.securelist.com/en/advisories/29407 c:\program files\WinRAR\WinRAR.exe Low

There is no option to 'Disinfect All'.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

I ran VEW.exe after system hang and then crash. Here is the report -

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/12/2012 17:07:40

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/12/2012 11:31:45
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 03/12/2012 20:21:38
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)


Log: 'Application' Date/Time: 03/12/2012 20:21:38
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)


Log: 'Application' Date/Time: 03/12/2012 20:20:19
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 03/12/2012 20:20:11
Type: Error Category: 3
Event: 3038 Source: Microsoft-Windows-Search
The gatherer is unable to read the registry DocIdMapFile.

Context: Application, SystemIndex Catalog

Details:
The system cannot find the file specified. (0x80070002)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2012 11:28:42
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2012 11:31:52
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Spyware Terminator 2012 Realtime Shield Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 08/12/2012 11:31:52
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Spyware Terminator 2012 Realtime Shield Service service to connect.

Log: 'System' Date/Time: 08/12/2012 11:31:52
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 08/12/2012 11:29:14
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 16:57:27 on 08-12-2012 was unexpected.

Log: 'System' Date/Time: 08/12/2012 10:29:29
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.33 for the Network Card with network address 001F3C47EDDE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

I downloaded and ran Avira antivirus Unistaller. It scanned my system but didn't uninstall Avira antivirus.

As soon as I started Kaspersky Antivirus tool, Avira also started scanning my system and reported the following -

Exported events:

07/12/2012 22:37 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\15 Top Pc Games.zip'
contained a virus or unwanted program 'TR/FlashKiller.C' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5ae6c95f.qua'!

07/12/2012 22:37 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\AirXonix.zip'
contained a virus or unwanted program 'TR/Agent.cada.23010' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '2a89f033.qua'!

07/12/2012 22:36 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\aoe.rar'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '46c6dc17.qua'!

07/12/2012 22:36 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\games part 1.rar'
contained a virus or unwanted program 'BDS/Bot.82910' [backdoor]
Action(s) taken:
The file was moved to the quarantine directory under the name '5fa6e769.qua'!

07/12/2012 22:36 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\games part 2.rar'
contained a virus or unwanted program 'TR/Diple.auhj' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '72fcc80a.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\Games.zip'
contained a virus or unwanted program 'BDS/LoveMatch.A' [backdoor]
Action(s) taken:
The file was moved to the quarantine directory under the name '0ee48829.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\Need for Speed II SE.part1.rar'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4254a463.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\aoe\AOE-R2R.C29'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '3d6f961b.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\aoe\aoe\Age-of-Empires-Rise-of-Rome.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '78cbbb30.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\games\Need for Speed II SE\Need for Speed
2SE\Need4Speed 2SE.c01'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '1efcf4ef.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file 'C:\Lalit\Lalit2\games\intallation\Virtual Villagers.zip'
contained a virus or unwanted program 'TR/Agent.62225.1' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4cb0ae05.qua'!

07/12/2012 22:35 [System Scanner] Malware found
The file
'C:\Users\LalitMamta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7840f6-
4478f694'
contained a virus or unwanted program 'EXP/CVE-2010-0840.HG' [exploit]
Action(s) taken:
The file was moved to the quarantine directory under the name '55ea81a8.qua'!

Looks like Spyware Terminator combined with other antivirus is causing a lot of problems. Remove that and see if the issues resolve...

I have removed Spyware Terminator, now I am not getting any virus warnings. But my laptop keeps getting disconnecting from internet quite frequently.

Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:


netsh winsock reset catalog

Then, exit out.
==

Do you have Internet problems after performing the above process?