[Inactive] Firefox painfully slow and Google searches are getting redirected

[ASydReign]

Hello again all. Seems I must have picked up something from the internet again. This time it's doing exactly what the topic says. It started about a week ago when I updated my League of Legends launcher. I doubt it really has anything to do with it but just in case that helps, there it is. I have ran iexplorer and then scanned with malwarebytes and avira in safe mode but they don't seem to be picking anything up. Any ideas? Thanks in advance for the help!

[1972vet]

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool

• When it completes, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Next, Download GMER from the following location and save it to your desktop.

GMER Download Link 1
GMER Download Link 2 (Only use if the previous link does not work)

• Right-click on the gmer.zip icon and select the Extract all... menu option. You should now see the gmer folder.
  
• Open the folder and double-click on the gmer.exe icon. Please "ok" any prompts to allow the program to start.
• You should now see the main GMER window. If you receive a warning about rootkit activity asking if you want to run a full scan, please click on the NO button.
  
• We now need to configure GMER to prevent some features from being used during the scan. Please uncheck the following settings (we do NOT want to see these in our scan):
  • IAT/EAT
  • Drives/Partition other than Systemdrive,[/b]  which is typically C:\
    
  • Show All <<Important. Don't miss this one
    
• Now that you have removed the check marks from the boxes for those items listed above, please click the Scan button.
  This scan may take quite some time, so please be patient. When it has finished, you will be back at the main screen.
  
  
• Please click on the Save... button and save the report to your desktop. Please name the saved file ark.txt
  
  
• Please do not act on any of the information in this report. Many legitimate programs could be listed there.
• Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

Please remember to include the following logs in your next reply.

• DDS.txt
  
• Attach.txt
  
• ARK.txt
  

[ASydReign]

Here are the logs and attachment you requested! Thank you very much for the help!



DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154  BrowserJavaVersion: 1.6.0_21
Run by ASydReign at 17:00:03 on 2011-10-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.2000 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [1925664506] c:\users\asydre~1\appdata\local\temp\\jucheck.exe
uRun: [KeyboardBackupBackup] rundll32.exe "c:\programdata\KeyboardBackupBackup.dll",DllRegisterServer
mRun: [Razer Imperator Driver] c:\program files\razer\imperator\RazerImperatorTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{7AC926DA-5804-4E34-BC8F-8447497809E9} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\asydreign\appdata\roaming\mozilla\firefox\profiles\3e96shrn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62242
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-29 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-29 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-7-1 428200]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-24 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-30 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-20 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-31 22216]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-31 366152]
.
=============== Created Last 30 ================
.
2011-10-18 00:38:57   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2011-10-18 00:38:57   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-10-18 00:38:57   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-10-18 00:38:57   238080   ----a-w-   c:\windows\system32\oleacc.dll
2011-10-18 00:38:55   2043392   ----a-w-   c:\windows\system32\win32k.sys
2011-10-18 00:38:54   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2011-10-16 14:22:01   92160   ----a-w-   c:\programdata\KeyboardBackupBackup.dll
2011-10-05 06:41:24   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-10-05 06:40:58   3602832   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-05 06:40:58   3550096   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-05 06:40:50   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-10-05 06:40:49   375808   ----a-w-   c:\windows\system32\winsrv.dll
2011-10-05 06:40:46   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-05 06:40:45   905104   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-10-04 07:25:50   --------   d-----w-   c:\program files\Vogster Entertainment
2011-10-01 14:22:33   --------   d-----w-   c:\users\asydreign\appdata\roaming\TNNNyxxA0uvS
2011-10-01 14:22:33   --------   d-----w-   c:\users\asydreign\appdata\roaming\q99hhTXXqjCekBr
2011-10-01 14:22:30   --------   d-----w-   c:\users\asydreign\appdata\roaming\RoonnG4amH6sW7E
2011-10-01 14:22:30   --------   d-----w-   c:\users\asydreign\appdata\roaming\bOOOBBtxP0y
2011-10-01 03:42:56   --------   d-----w-   c:\users\asydreign\riotsGamesLogs
.
==================== Find3M  ====================
.
2011-10-12 12:13:05   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 23:06:24   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02:06   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01:34   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29:54   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-01 00:00:50   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-29 16:01:34   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33   217088   ----a-w-   c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 17:00:26.88 ===============


ARK log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-18 17:46:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000056 WDC_WD50 rev.12.0
Running: gmer.exe; Driver: C:\Users\ASYDRE~1\AppData\Local\Temp\kwlyruog.sys


---- System - GMER 1.0.15 ----

SSDT   8B0147E6                                                                        ZwCreateSection
SSDT   8B0147EB                                                                        ZwSetContextThread
SSDT   8B014787                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                   820C1998 4 Bytes  [E6, 47, 01, 8B]
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                   820C1CF0 4 Bytes  [EB, 47, 01, 8B]
.text  ntkrnlpa.exe!KeSetEvent + 621                                                   820C1DA4 4 Bytes  [87, 47, 01, 8B]
?      C:\Users\ASYDRE~1\AppData\Local\Temp\mbr.sys                                    The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] ntdll.dll!LdrLoadDll         77AB93A8 5 Bytes  JMP 6594FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] kernel32.dll!CreateProcessW  77821BF3 5 Bytes  JMP 01232ADA C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] kernel32.dll!ResumeThread    7783C370 5 Bytes  JMP 01232CBD C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] USER32.dll!GetMessageW       770AFEF7 5 Bytes  JMP 0123290A C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] USER32.dll!PeekMessageW      770B045A 5 Bytes  JMP 012329B4 C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] USER32.dll!TrackPopupMenu    770B14F3 5 Bytes  JMP 01232A61 C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] USER32.dll!TrackPopupMenuEx  770C0CE7 5 Bytes  JMP 01232A9F C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] WS2_32.dll!closesocket       764C330C 5 Bytes  JMP 01232717 C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] WS2_32.dll!WSASocketW        764C34EB 7 Bytes  JMP 012325FE C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] WS2_32.dll!connect           764C40D9 5 Bytes  JMP 0123263C C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] WS2_32.dll!WSAConnect        764CD7B0 5 Bytes  JMP 012326A4 C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[2176] WS2_32.dll!getpeername       764DA863 5 Bytes  JMP 01232733 C:\ProgramData\KeyboardBackupBackup.dll (Microsoft Connection Manager Utility Lib/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[1972vet]

Please run the free online scan Here. After clicking the Start scan  button, please check the box for the option Enable thorough system inspection, then click the Start button.

Just below the "Scan Options:" section, you'll see the status of what's currently processing. You will also see an in process indicator that looks like this:
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs complained of during the scan. Copy and paste your results back here on your next reply.

Next, please update your on board mbam and run a full system scan in normal mode. Mbam's design is such that it works more to the benefit of a user while in normal mode, not safe mode. Post the resulting log along with the results from your online Securinia scan. Thanks!

[1972vet]

Still with us ASydReign?

[1972vet]

Due to the lack of feedback this Topic is closed. If you need continued support, please create a new thread detailing what issues you are having.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

[1972vet]

I've reopened your thread. Please detail your current issues. Thanks!

[ASydReign]

Like I said in my PM to you yesterday, I am very sorry for my lack of response. It had become very difficult to use that computer so now I have resorted to using a back up rig to post on here (although I realize I probably would have been able to do this is safe mode I didn't want to risk causing any damage to the system if hardware seems to be failing). The new problems are the crashes. I didn't not save my message I sent to you to my outbox so for others to reference it you may have to copy and paste the error/crash report on here in your next post. Pretty much what happens is that the computer freezes up and I see squiggly, blurry red lines randomly across the screen and the computer ceases to respond. I end up having to do a hard reset each time. I had a chance to run a quick Google search on a line of the error report and it came back as a bad RAM stick, but I don't know if that information was correct. Any help would be greatly appreciated! Thank you again!

[1972vet]

Click Start-->..then type or copy and paste the following into the search box and click "OK":
msinfo32.exe
 
When the System Information utility opens, click Edit from the menu at the top and select "Select All". Click Edit again and select Copy this time. Open a blank notepad and right-click anywhere inside, then select Paste. Save the notepad to your desktop so you wont lose the data, then close the System Information window. Post that information back here on your next reply and also let us know how old that system is. It would also help if you could remember what operating system, if any, was pre-installed and if the current system is the same or an upgrade from some older operating system. Thanks!

[ASydReign]

Would you get the same information if I was running the computer in safe mode? And yes, that is the original OS (Vista Home Premium). I bought it stock about 3 1/2 years ago and the only upgrades that were done to it was installing an nvidia gtx 9800 graphics card and a larger power supply. Everything else came in the computer and is original. Thank you for your help!

[ASydReign]

Safe mode will have to do for now. After seeing this information it looks like my RAM is okay or else it would be saying I had less available, right? Sorry, I kind of like learning from you guys as I go whenever something happens to my computer, so pardon the theories. If it helps, I had just updated my OS after having the trouble with the redirection bug and I did see an nvidia driver update in there. Maybe that will help you determine if this is a driver/graphics card issue? Thank you very much for your help and patience!

OS Name   Microsoft® Windows Vista™ Home Premium
Version   6.0.6002 Service Pack 2 Build 6002
Other OS Description    Not Available
OS Manufacturer   Microsoft Corporation
System Name   ASYDREIGN-PC
System Manufacturer   Gateway
System Model   GT5656
System Type   X86-based PC
Processor   AMD Athlon(tm) 64 X2 Dual Core Processor 6000+, 3013 Mhz, 2 Core(s), 2

Logical Processor(s)
BIOS Version/Date   Phoenix Technologies, LTD 6.00 PG, 11/16/2007
SMBIOS Version   2.4
Windows Directory   C:\Windows
System Directory   C:\Windows\system32
Boot Device   \Device\HarddiskVolume2
Locale   United States
Hardware Abstraction Layer   Version = "6.0.6002.18005"
User Name   ASydReign-PC\ASydReign
Time Zone   Pacific Daylight Time
Installed Physical Memory (RAM)   3.00 GB
Total Physical Memory   3.00 GB
Available Physical Memory   2.44 GB
Total Virtual Memory   6.19 GB
Available Virtual Memory   5.84 GB
Page File Space   3.29 GB
Page File   C:\pagefile.sys

[1972vet]

Yes, your theory regarding installed RAM is correct. Please post any information you can find relating to this system crash.

To find this relevant data, please do this:
Right click on "My Computer" and select Manage. From the left pane click on Device Manager. Next, click the "View" tab from the menu at the top and select "Show Hidden Devices". Do you see anything from the right pane that shows an exclamation mark or question mark? Please note what you find there.

Next, please click from the left pane, "Event Viewer". In the right pane, double click the item listed there Application and when you do, you will see in the left pane the "Event Viewer" folder has opened and revealed the three items listed there now, "Application", "Security", and "System".

Scroll down the list of application events and make note of anything that says "Warning" or"Error". When you find one, double click on it. An Event Properties box will open. Please notice the up and down arrows on the left hand side of that properties box. Just beneath those arrows is another button that is a copy button. Click on that button, then open a blank Notepad.

Right click anywhere inside the blank Notepad and select "Paste". The information from the event properties box that you double clicked on is now pasted inside the opened Notepad. Please continue in that manner with each relevant item found and paste the information for each inside that one Notepad.

Just scroll through the events for each category "Application", "Security" and "System" and note the items listed for copying to notepad only for one date. List everything for that same date found in each category.

When you are finished with one category, to close it and open the next item in the list "Security" for example, just click on Security from the left pane and you'll notice then that the information that was listed in the right pane now closed and instead the information now listed is from your "Security" events.

The same method should be used for changing this category when you are finished with "Security" in order to go on to the next category "System".

When completely finished, please post the contents that you copied to Notepad. Thanks!

[ASydReign]

It is a pretty long text file so I will attach it for you. If you would like to to paste it I will but I will let you decide. The first line is the only that that the device manage had an alert on. Thank you for the help!

[1972vet]

Great, thanks! Of all those events, I feel fairly confident that all can be ignored safely...except one. The Microsoft Windows User Profile Hive Cleanup Service is specifically designed only for Windows 2000, Windows Server 2003, and Windows XP. I can agree though, the download center's write up is indeed a confusing one for users in that it goes on to imply that the UPHCleanup Service will work fine with Vista as long as you uninstall it from the previous version before upgrading.

"Upgrading" is the key word there. It would be useful on any of those systems supported as long as the current operating system is Vista having been upgraded from those mentioned. However, if the operating system is Vista from a pre-installed system purchased at retail, or from having installed it yourself to a clean disk from a Windows Vista installation DVD.

I believe you should uninstall the UPHCleanup service, then reboot. You may still have some issues remain but I believe removing that utility will save you some headaches in the long run with regard to this particular troubleshooting endeavor.

Try it. Uninstall it, reboot and when the system comes up, navigate to the event log(s) and delete what is there to start afresh. Once you've deleted all of them, reboot once more to properly record those changes. When the system comes back up again, post back what results you may have noticed, even if none at all. Your findings will be very helpful. Thanks!

[ASydReign]

Thank you very much for looking through all of that. I will definitely do as you say however I face one small problem...I have no idea how to uninstall that service, haha. Where do I start? Thank you very much!