Requesting Help from a wiser person

[JoshDunn]

OK. Here is the situation.

I just updated to the latest version of Malwarebytes and I figured that I would run a full scan. So I started Malwarebytes, selected "Full Scan" and went to lunch. Upon my return, I found that my Laptop (running Windows Vista SP2) was at the main log-on screen. Then as I went to start Firefox to come here, I got the following:

This problem has been happening for some time now. It has been occuring since the last Major Malwarebytes update, to the best of my knowledge.

Under the "View Problem Details":

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6002.2.2.0.768.3

I had windows check for a solution, but the window disappeared.

my laptop IS up-to-date on its Microsoft updates.

My Anti-Virus is Symantec End-Point Protection (Forced to use this by my university)

Does anybody have any idea what might be causing this?

Many Thanks, Josh

[Maurice Naggar]

Hello Josh and welcome to MalwareBytes forums.

Not familiar with that specific issue.

Kindly tell us if you have MBAM PRO license (or if you selected Trial option) IF you have set Trust exclusions in both MBAM & in your antivirus.

See the MBAM FAQ section -->> http://forums.malwarebytes.org/index.php?showtopic=10138

download VEW © by Vino Rosso and save it to your desktop >> from here <<.

Right click on VEW.exe & select Run As Administrator to start the program.

In the Select log to query section, check (tick):

Application

System

In the Select type to list section, check:

Critical (not XP)

Error

Information

Warning

In the Number or date of events section, check:

Number of events... then enter 20 in the entry box beside it.

Press the Run button.

A Notepad report will open when done, please post the contents of this report. It is located at %systemdrive%\VEW.txt, usually C:\VEW.txt.

Reply with your answers and the contents of VEW.txt

[Firefox]

Hello and

Please follow the advice from Maurice Naggar, that being said, what version of Symantec Endpoint protection are you using...? I have instructions handy that may be able to help you setup some exceptions....

[JoshDunn]

@Maurice Naggar

Currently, I'm using the free version. This is what I got:

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 30/04/2012 4:23:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 30/04/2012 5:52:11 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/04/2012 4:43:18 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/04/2012 11:07:07 AM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/04/2012 1:27:16 AM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 25/04/2012 1:51:47 PM

Type: Error Category: 0

Event: 13 Source: SescLU

LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Log: 'Application' Date/Time: 24/04/2012 7:04:58 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\STATS\STATS_GENERAL_XYZ_UNSENT.OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 24/04/2012 6:55:00 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\SAVES\1.2.3 FIRST HOME\LEVEL.DAT_OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 24/04/2012 11:16:47 AM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/04/2012 12:26:40 AM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/04/2012 12:06:03 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application FlashPlayerUpdateService.exe, version 11.2.202.233, time stamp 0x4f85fa1d, faulting module FlashPlayerUpdateService.exe, version 11.2.202.233, time stamp 0x4f85fa1d, exception code 0xc0000005, fault offset 0x0000abfc, process id 0x18c, application start time 0x01cd208048855a6f.

Log: 'Application' Date/Time: 21/04/2012 11:50:54 AM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 20/04/2012 8:56:01 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\STATS\STATS_GENERAL_XYZ_UNSENT.OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 19/04/2012 3:03:18 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\STATS\STATS_GENERAL_XYZ_UNSENT.OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 17/04/2012 9:00:08 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\STATS\STATS_GENERAL_XYZ_UNSENT.OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 17/04/2012 8:59:52 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\SAVES\1.2.3 FIRST HOME\LEVEL.DAT_OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 17/04/2012 8:35:58 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:\USERS\OWNER\APPDATA\ROAMING\.MINECRAFT\SAVES\1.2.3 FIRST HOME\LEVEL.DAT_OLD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Log: 'Application' Date/Time: 17/04/2012 11:30:49 AM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 14/04/2012 11:34:11 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 12/04/2012 9:26:55 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 11/04/2012 9:07:14 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Information Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 30/04/2012 7:39:01 PM

Type: Information Category: 0

Event: 8224 Source: VSS

The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 30/04/2012 7:36:01 PM

Type: Information Category: 0

Event: 8211 Source: System Restore

Successfully created scheduled restore point.

Log: 'Application' Date/Time: 30/04/2012 7:36:01 PM

Type: Information Category: 0

Event: 8194 Source: System Restore

Successfully created restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint).

Log: 'Application' Date/Time: 30/04/2012 6:13:06 PM

Type: Information Category: 0

Event: 6 Source: BBSvc

BBSvc has stopped.

Log: 'Application' Date/Time: 30/04/2012 6:05:36 PM

Type: Information Category: 0

Event: 1001 Source: Windows Error Reporting

Fault bucket 0x7a_c0000185, type 0 Event Name: BlueScreen Response: None Cab Id: 0 Problem signature: P1: P2: P3: P4: P5: P6: P7: P8: P9: P10: Attached files: C:\Windows\Minidump\Mini043012-01.dmp C:\Users\Owner\AppData\Local\Temp\WER-200367-0.sysdata.xml C:\Users\Owner\AppData\Local\Temp\WER3C44.tmp.version.txt These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0e1a6058

Log: 'Application' Date/Time: 30/04/2012 6:03:06 PM

Type: Information Category: 0

Event: 0 Source: SeaPort

Service started/resumed

Log: 'Application' Date/Time: 30/04/2012 5:57:01 PM

Type: Information Category: 0

Event: 1 Source: SecurityCenter

The Windows Security Center Service has started.

Log: 'Application' Date/Time: 30/04/2012 5:56:09 PM

Type: Information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 30/04/2012 5:55:00 PM

Type: Information Category: 0

Event: 1 Source: WcesComm

Windows Mobile-2003-based device connectivity service started.

Log: 'Application' Date/Time: 30/04/2012 5:54:59 PM

Type: Information Category: 0

Event: 1 Source: RapiMgr

Windows Mobile-based device connectivity service started.

Log: 'Application' Date/Time: 30/04/2012 5:53:08 PM

Type: Information Category: 0

Event: 9017 Source: Desktop Window Manager

The Desktop Window Manager did not start because the user explicitly requested that desktop composition not occur

Log: 'Application' Date/Time: 30/04/2012 5:53:02 PM

Type: Information Category: 0

Event: 1 Source: Microsoft-Windows-CertificateServicesClient

Certificate Services Client has been started successfully.

Log: 'Application' Date/Time: 30/04/2012 5:53:01 PM

Type: Information Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 30/04/2012 5:53:01 PM

Type: Information Category: 0

Event: 4101 Source: Microsoft-Windows-Winlogon

Windows license validated.

Log: 'Application' Date/Time: 30/04/2012 5:52:54 PM

Type: Information Category: 1

Event: 1003 Source: Microsoft-Windows-Search

The Windows Search Service started.

Log: 'Application' Date/Time: 30/04/2012 5:52:43 PM

Type: Information Category: 0

Event: 1 Source: Microsoft-Windows-CertificateServicesClient

Certificate Services Client has been started successfully.

Log: 'Application' Date/Time: 30/04/2012 5:52:41 PM

Type: Information Category: 3

Event: 302 Source: ESENT

Windows (2708) Windows: The database engine has successfully completed recovery steps.

Log: 'Application' Date/Time: 30/04/2012 5:52:41 PM

Type: Information Category: 3

Event: 301 Source: ESENT

Windows (2708) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Log: 'Application' Date/Time: 30/04/2012 5:52:40 PM

Type: Information Category: 0

Event: 14 Source: Symantec AntiVirus

Symantec Endpoint Protection services startup was successful.

Log: 'Application' Date/Time: 30/04/2012 5:52:23 PM

Type: Information Category: 3

Event: 301 Source: ESENT

Windows (2708) Windows: The database engine has begun replaying logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0B23E.log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 30/04/2012 5:55:09 PM

Type: Warning Category: 7

Event: 507 Source: ESENT

Windows (2708) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 36036608 (0x000000000225e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (69 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 30/04/2012 4:40:08 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-3044258143-295565971-3667508951-1000:

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\My

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\CA

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\trust

Process 2448 (\Device\HarddiskVolume1\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\Root

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Process 680 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Log: 'Application' Date/Time: 29/04/2012 9:19:01 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-3044258143-295565971-3667508951-1000:

Process 2604 (\Device\HarddiskVolume1\Windows\System32\wuauclt.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 2588 (\Device\HarddiskVolume1\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

Process 2604 (\Device\HarddiskVolume1\Windows\System32\wuauclt.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Log: 'Application' Date/Time: 24/04/2012 8:33:14 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\Windows\winsxs\x86_microsoft-windows-localizeddrivers_31bf3856ad364e35_6.0.6000.16386_en-us_7c961b0ac7cd3eec\locdrv.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 24/04/2012 8:20:18 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 2 files inside c:\Windows\Temp\286225b9-8436-47b7-8749-ff5f418b2a29.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 24/04/2012 7:09:14 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 24/04/2012 7:08:58 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\MSOCache\All Users\{90140000-003D-0000-0000-0000000FF1CE}-C\SIWW2.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 17/04/2012 11:37:12 AM

Type: Warning Category: 7

Event: 507 Source: ESENT

Windows (3256) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 36036608 (0x000000000225e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (76 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/04/2012 8:47:14 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\Windows\winsxs\x86_microsoft-windows-localizeddrivers_31bf3856ad364e35_6.0.6000.16386_en-us_7c961b0ac7cd3eec\locdrv.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 17/04/2012 8:24:20 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 2 files inside c:\Windows\Temp\286225b9-8436-47b7-8749-ff5f418b2a29.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 17/04/2012 7:09:45 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 17/04/2012 7:09:38 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\MSOCache\All Users\{90140000-003D-0000-0000-0000000FF1CE}-C\SIWW2.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 16/04/2012 2:01:11 PM

Type: Warning Category: 7

Event: 507 Source: ESENT

Windows (3268) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 1294336 (0x000000000013c000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (3416 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 12/04/2012 9:21:29 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-3044258143-295565971-3667508951-1000:

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\My

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\CA

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\trust

Process 2436 (\Device\HarddiskVolume1\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Microsoft\SystemCertificates\Root

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Policies\Microsoft\SystemCertificates

Log: 'Application' Date/Time: 11/04/2012 9:02:51 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3044258143-295565971-3667508951-1000:

Process 3028 (\Device\HarddiskVolume1\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-3044258143-295565971-3667508951-1000\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

Log: 'Application' Date/Time: 11/04/2012 12:41:48 PM

Type: Warning Category: 7

Event: 507 Source: ESENT

wuaueng.dll (1148) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 130281472 (0x0000000007c3f000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (2673 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/04/2012 8:55:56 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\Windows\winsxs\x86_microsoft-windows-localizeddrivers_31bf3856ad364e35_6.0.6000.16386_en-us_7c961b0ac7cd3eec\locdrv.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 10/04/2012 8:42:40 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 2 files inside c:\Windows\Temp\286225b9-8436-47b7-8749-ff5f418b2a29.zip due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 10/04/2012 7:10:36 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

Log: 'Application' Date/Time: 10/04/2012 7:10:31 AM

Type: Warning Category: 0

Event: 6 Source: Symantec AntiVirus

Could not scan 1 files inside c:\MSOCache\All Users\{90140000-003D-0000-0000-0000000FF1CE}-C\SIWW2.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.

For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6070.422&language=english&module=1000&error=0014&build=symantec_ent

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 24/04/2012 11:14:53 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 23/04/2012 12:25:11 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 17/04/2012 11:28:45 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 14/04/2012 11:32:30 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 11/04/2012 8:01:03 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 05/04/2012 7:09:19 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 03/04/2012 11:41:37 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 26/03/2012 10:17:15 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 26/03/2012 12:28:40 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 24/03/2012 5:55:34 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 21/03/2012 2:19:12 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 16/03/2012 3:02:04 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 13/03/2012 12:10:19 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 08/03/2012 2:33:55 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 04/03/2012 5:26:59 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 03/03/2012 2:54:07 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 29/02/2012 6:03:31 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 28/02/2012 1:08:11 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 25/02/2012 12:05:48 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 21/02/2012 12:31:58 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 30/04/2012 5:55:08 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 5:55:08 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 5:53:19 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 30/04/2012 5:53:08 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 5:53:07 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 5:52:11 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 30/04/2012 5:51:09 PM

Type: Error Category: 0

Event: 6008 Source: EventLog

The previous system shutdown at 1:47:45 PM on 4/30/2012 was unexpected.

Log: 'System' Date/Time: 30/04/2012 4:45:32 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 4:45:32 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 4:43:41 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 30/04/2012 4:43:24 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 4:43:19 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 4:43:19 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 30/04/2012 4:40:23 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 30/04/2012 11:13:07 AM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 11:13:07 AM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 11:08:11 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 30/04/2012 11:07:54 AM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 11:07:54 AM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 30/04/2012 11:07:08 AM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Information Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 30/04/2012 8:06:00 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Adobe Flash Player Update Service service entered the stopped state.

Log: 'System' Date/Time: 30/04/2012 8:06:00 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Adobe Flash Player Update Service service entered the running state.

Log: 'System' Date/Time: 30/04/2012 7:58:42 PM

Type: Information Category: 0

Event: 33 Source: volsnap

The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.

Log: 'System' Date/Time: 30/04/2012 7:57:20 PM

Type: Information Category: 0

Event: 33 Source: volsnap

The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.

Log: 'System' Date/Time: 30/04/2012 7:50:33 PM

Type: Information Category: 0

Event: 33 Source: volsnap

The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.

Log: 'System' Date/Time: 30/04/2012 7:42:01 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Microsoft Software Shadow Copy Provider service entered the stopped state.

Log: 'System' Date/Time: 30/04/2012 7:39:01 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Volume Shadow Copy service entered the stopped state.

Log: 'System' Date/Time: 30/04/2012 7:34:18 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Microsoft Software Shadow Copy Provider service entered the running state.

Log: 'System' Date/Time: 30/04/2012 7:34:18 PM

Type: Information Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

DCOM started the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Log: 'System' Date/Time: 30/04/2012 7:34:17 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Volume Shadow Copy service entered the running state.

Log: 'System' Date/Time: 30/04/2012 7:34:17 PM

Type: Information Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

DCOM started the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Log: 'System' Date/Time: 30/04/2012 7:06:06 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Adobe Flash Player Update Service service entered the stopped state.

Log: 'System' Date/Time: 30/04/2012 7:06:05 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Adobe Flash Player Update Service service entered the running state.

Log: 'System' Date/Time: 30/04/2012 6:13:07 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The BingBar Service service entered the stopped state.

Log: 'System' Date/Time: 30/04/2012 6:06:17 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Adobe Flash Player Update Service service entered the stopped state.

Log: 'System' Date/Time: 30/04/2012 6:06:16 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Adobe Flash Player Update Service service entered the running state.

Log: 'System' Date/Time: 30/04/2012 6:03:15 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Backup service entered the running state.

Log: 'System' Date/Time: 30/04/2012 6:03:15 PM

Type: Information Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

DCOM started the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}

Log: 'System' Date/Time: 30/04/2012 6:03:06 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The BBUpdate service entered the running state.

Log: 'System' Date/Time: 30/04/2012 6:03:06 PM

Type: Information Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

DCOM started the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 30/04/2012 6:35:51 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 21 seconds since the last report.

Log: 'System' Date/Time: 30/04/2012 6:35:51 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 21 seconds since the last report.

Log: 'System' Date/Time: 30/04/2012 4:40:37 PM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/04/2012 4:40:36 PM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 30/04/2012 1:09:20 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 30/04/2012 1:09:20 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 3 seconds since the last report.

Log: 'System' Date/Time: 30/04/2012 2:17:30 AM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.

Log: 'System' Date/Time: 30/04/2012 2:17:30 AM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.

Log: 'System' Date/Time: 29/04/2012 9:19:51 PM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 29/04/2012 9:19:50 PM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 29/04/2012 5:54:18 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 1645 seconds since the last report.

Log: 'System' Date/Time: 29/04/2012 5:54:18 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 1645 seconds since the last report.

Log: 'System' Date/Time: 29/04/2012 11:28:28 AM

Type: Warning Category: 0

Event: 1003 Source: Microsoft-Windows-Dhcp-Client

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022693E97F0. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 11:28:02 AM

Type: Warning Category: 0

Event: 1003 Source: Microsoft-Windows-Dhcp-Client

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00219BE2FABC. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/04/2012 3:33:57 AM

Type: Warning Category: 0

Event: 36 Source: Microsoft-Windows-Time-Service

The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 28/04/2012 5:54:20 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 1711 seconds since the last report.

Log: 'System' Date/Time: 28/04/2012 5:54:20 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 1711 seconds since the last report.

Log: 'System' Date/Time: 28/04/2012 5:44:05 PM

Type: Warning Category: 0

Event: 1003 Source: Microsoft-Windows-Dhcp-Client

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022693E97F0. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/04/2012 5:43:10 PM

Type: Warning Category: 0

Event: 1003 Source: Microsoft-Windows-Dhcp-Client

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022693E97F0. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/04/2012 5:41:20 PM

Type: Warning Category: 0

Event: 1003 Source: Microsoft-Windows-Dhcp-Client

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022693E97F0. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

@Firefox

Thanks for the welcome! How do I figure out what version of SEP I am running? I really don't understand the stupid thing and if I ask the university, I'll probably get stonewalled....

Thanks for the help, Josh

[Firefox]

To find your version number, open Symantec Endpoint Protection then in the top right corner click on Help and then About. (for example mine is version 12.1.671.4971) I need to know weather its version 11 or 12.

[Maurice Naggar]

Josh,

You may need to get university tech support, since they provided Symantec Endpoint Protection ( a good product by the way).

Look for Firefox to provide the tip on trust exclusions.

You can find the version number of Symantec EP by either from the main menu, something like Help About.

Or pressing F1 function key for Help module.

[JoshDunn]

Firefox, I have SEP 11.0.6005.562

@Maurice Naggar, Thanks for the help!

[Firefox]

Great, To enter exceptions in Symantec Endpoint Protection Version 11 do this:

• 
  * Right Click on your Symantec Endpoint Protection in the system tray
  * Click on Open Symantec Endpoint Protection
  * In the Status Window Click on Options in the section Antivirus and Antispyware Protection.
  * Click on Change Settings
  * Click on File System Auto-Protect Tab
  * Click on Centralized Exceptions Button
  * Click on Add....
  * Click on Security Risk Exception
  * Click on File and browse to the location where the files are located (as listed below)
  * Repeat steps 7-9 until you have added all the files to the exceptions
  * Click Close when done adding exceptions
  * Click OK
  * Exit Symantec Endpoint Protection.
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For Windows Vista or Windows 7:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For 64 bit versions of Windows Vista or Windows 7:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\SysWoW64\drivers\mbamswissarmy.sys
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

Please post back and let us know how it went.

[noknojon]

Hi Josh -

A quick question just to confirm something ;

Have you installed any other Antivirus program for home use, or do you just rely on Symantec from your university

This is apart from Malwarebytes Anti-Malware that you use - Check Programs and features to see -

Just a vague idea -

Thank You

[fivealive]

Hi Josh -

A quick question just to confirm something ;

Have you installed any other Antivirus program for home use, or do you just rely on Symantec from your university

This is apart from Malwarebytes Anti-Malware that you use - Check Programs and features to see -

Just a vague idea -

Thank You

might want to point out noknojon that mbam ISNT an anti virus ( no point in confusing the poor guy)

[JoshDunn]

@ Firealive, Thanks for the concern.

@noknojon no, the university made quite clear that we could ONLY have SEP. Besides, running 2 Av's is dangerous for your OS.

@ Firefox, I got all the exceptions except for "C:\Windows\System32\drivers\mbamswissarmy.sys"

Didn't see it where it was supposed to be.

I'll run a Malwarebytes scan overnight and post the results in the morning.

Night all, Thanks for the help! ~ Josh

[fivealive]

dont worry about the mbamswissarmy file they changed how that file is loaded in the newer versions of mbam

instead of always being on the system when ever you run a scan with mbam it creates a new one

[noknojon]

might want to point out noknojon that mbam ISNT an anti virus ( no point in confusing the poor guy)

Sorry - The question was meant to be worded as -

" Apart from Symantec EP as your main Antivirus, plus your Malwarebytes, as Antimalware, do you have any other Antivirus installed ? ?"

Josh seems to know what I mean -

Better -

[fivealive]

Sorry - The question was meant to be worded as -

" Apart from Symantec EP as your main Antivirus, plus your Malwarebytes, as Antimalware, do you have any other Antivirus installed ? ?"

Josh seems to know what I mean -

Better -

its all good but not everyone knows that and i had no idea of the guys level of knowledge so better safe then sorry

[JoshDunn]

@fivealive Thanks for the concern though

@Firefox It had another BSOD. So, where do we go from here?

Also, I was wondering what exceptions should I put into Malwarebytes?

Thanks, Josh

[Firefox]

I do not have exceptions in mine, but since you are having a possible conflict I would exclude the paths below. Bear in mind these are the folders in mine since I run Windows 7 64 bit.....

• 
  *C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
  *C:\ProgramData\Symantec\Symantec Endpoint Protection
  

[JoshDunn]

@ Firefox Thanks, I've added the following:

I couldn't find the Program data one....

Thanks for the Help, Josh

[Firefox]

The programdata one is a hidden folder so you have to change your folder options to Show all files....

[JoshDunn]

Firefox, Thanks, I was feeling kinda dumb when I couldn't find it! Now for another try at the scan!

[Firefox]

OK let us know how it goes... does it blue screen exactly at the same spot during the scan?

[JoshDunn]

The scan didn't complete again. Also, I've never really watched the scan to see if it does Blue Screen at the same spot. It made it to the AppData folder last I saw, I turned away for 5 mins and it was at the black screen where you get to choose whether to start in safe mode or start windows regularly.

Sorry I can't be more specific..

[Firefox]

Well I think your best course of action now is to Contact Support

Since that does not resolve the issue you are having then please contact Consumer Support, or, if you are a business, educational, technician or non-profit customer, then please contact Corporate Support (make sure to include your order number if contacting Corporate Support), and one of our Support team members will assist you promptly one on one.

Thanks

[tetonbob]

@JoshDunn -

When you create your ticket on the HelpDesk, add Attn:Bob in the subject line please

[JoshDunn]

@Firefox Thanks

@tetonbob Will do.

[JoshDunn]

@tetonbob I haven't heard back from the help desk. What should I do?