[Infected with the svchost.exe trojan...]

Incidentally, I do plan on a fresh install very soon, in fact, I'm in the middle of buying new components for a new PC now (what better timing, I guess). I needed the current load to finish 1 project, and then it'll be completely wiped.

Is there any risk of plugging in this drive to copy some personal files to the new HDD's, once the new PC is built & up and running (with a new primary HDD)?

[Infected with the svchost.exe trojan...]

Ran it again, deleted that entry. Restarted in normal mode, no BSOD. Connected to the internet, updated MBAM and ran it. Found the svchost file, deleted it & rebooted, and it seems to be running fine! Thanks again for the fast help!

Report below.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.09.11

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Doug :: DJPC2 [administrator]

10/9/2012 8:02:03 PM

mbam-log-2012-10-09 (20-02-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207914

Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[Infected with the svchost.exe trojan...]

FYI I was in safe mode (as previously stated), started tdsskiller, changed parameters, checked the Loaded Modules options, and restarted as instructed. As my PC cannot run in normal mode, I started in safe mode. It booted fully, but did not restart the program automatically. When I manually started it, I was able to check Loaded Modules without restarting.

Here are the tdsskiller results. 1 malware item was found (cured), the rest were suspicious (skip). File TDSSKiller.2.8.10.0_09.10.2012_19.19.29_log:

19:19:29.0599 1772 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

19:19:29.0677 1772 ============================================================

19:19:29.0677 1772 Current date / time: 2012/10/09 19:19:29.0677

19:19:29.0677 1772 SystemInfo:

19:19:29.0677 1772

19:19:29.0677 1772 OS Version: 6.1.7600 ServicePack: 0.0

19:19:29.0677 1772 Product type: Workstation

19:19:29.0677 1772 ComputerName: DJPC2

19:19:29.0677 1772 UserName: Doug

19:19:29.0677 1772 Windows directory: C:\Windows

19:19:29.0677 1772 System windows directory: C:\Windows

19:19:29.0677 1772 Running under WOW64

19:19:29.0677 1772 Processor architecture: Intel x64

19:19:29.0677 1772 Number of processors: 4

19:19:29.0677 1772 Page size: 0x1000

19:19:29.0677 1772 Boot type: Safe boot

19:19:29.0677 1772 ============================================================

19:19:30.0894 1772 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:19:30.0894 1772 ============================================================

19:19:30.0894 1772 \Device\Harddisk0\DR0:

19:19:30.0894 1772 MBR partitions:

19:19:30.0894 1772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000

19:19:30.0894 1772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E034000

19:19:30.0894 1772 ============================================================

19:19:30.0910 1772 C: <-> \Device\Harddisk0\DR0\Partition1

19:19:30.0941 1772 D: <-> \Device\Harddisk0\DR0\Partition2

19:19:30.0941 1772 ============================================================

19:19:30.0941 1772 Initialize success

19:19:30.0941 1772 ============================================================

19:19:52.0422 1776 Deinitialize success

The other file is attached.

TDSSKiller.2.8.10.0_09.10.2012_19.22.35_log.txt

[Infected with the svchost.exe trojan...]

listparts64 report, running tdss now...

ListParts by Farbar Version: 02-10-2012

Ran by Doug (administrator) on 09-10-2012 at 19:16:22

Windows 7 (X64)

Running From: C:\Users\Doug\Documents\cleaning

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 4094.49 MB

Available physical RAM: 3511.09 MB

Total Pagefile: 8187.13 MB

Available Pagefile: 7620.59 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:97.66 GB) (Free:19.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: () (Fixed) (Total:368.1 GB) (Free:12.18 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 97 GB 1024 KB

Partition 2 Primary 368 GB 97 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 97 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 368 GB Healthy

======================================================================================================

****** End Of Log ******

[Infected with the svchost.exe trojan...]

Thanks for the fast reply!

Here's the RK report. At the end of the scan, there is a flashing exclamation point icon and "Root.MBR" flashing.

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Safe mode

User : Doug [Admin rights]

Mode : Scan -- Date : 10/09/2012 18:56:13

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Doug\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2918764463-3981999121-3690480039-1000[...]\Run : MusicManager ("C:\Users\Doug\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++

--- User ---

[MBR] ce7a96f2a66f9fc31a8e891b3032b76a

[bSP] 00559b8402d086a5f45589a31ee1d1f0 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100000 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376936 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 2c5fdddb9cd89bf693957815142cd419

[bSP] 00559b8402d086a5f45589a31ee1d1f0 : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376936 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Infected with the svchost.exe trojan...]

Hope this follows the procedure correctly. My computer has been acting a bit odd lately. I've been virus free for years, across multiple computers...it seems that something I visited recently was a bad egg. I had the FBI Moneypak virus about a week ago, but Malwarebytes seemed to get rid of that. Yesterday, I turned my PC on for about 15 min and it rebooted itself on its own. I ran Malwarebytes quick & full scans...it found the svchost.exe trojan. As others have found, malware cannot remove it on its own. A google search brought me here. Initially, my PC was acting OK as long as it was disconnected from the internet, but after a few reboots, it started getting BSOD's in normal mode (MBR infected??), so now I can only start in Safe Mode. Thanks in advance for the help! - Doug

Malware scan results:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.07.03

Windows 7 x64 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Doug :: DJPC2 [administrator]

10/9/2012 4:46:25 PM

mbam-log-2012-10-09 (16-58-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206718

Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1548 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

I downloaded DDS and have posted both logs below. I don't think I have any script blockers running. DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 9.0.8112.16421

Run by Doug at 17:56:27 on 2012-10-09

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.3500 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun

uRun: [googletalk] C:\Users\Doug\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [AdobeBridge]

uRun: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl

uRun: [Google Update] "C:\Users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MusicManager] "C:\Users\Doug\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [TomTomHOME.exe] "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [VirtualCloneDrive] "D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/71.22/uploader2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.aam.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 8.8.8.8 8.8.8.4 75.75.76.76

TCP: Interfaces\{5BF0335A-E713-4104-B0B8-F7D9403E851C} : DhcpNameServer = 8.8.8.8 8.8.8.4 75.75.76.76

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [VirtualCloneDrive] "D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]

S2 TomTomHOMEService;TomTomHOMEService;D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-10-09 21:53:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C61E722-E985-4977-BF37-6332EE549C29}\offreg.dll

2012-10-09 02:35:43 208216 ----a-w- C:\Windows\System32\drivers\19402800.sys

2012-10-09 02:24:25 20480 ----a-w- C:\Windows\svchost.exe

2012-10-08 23:47:28 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CEA5.tmp

2012-10-08 23:47:28 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CE95.tmp

2012-10-07 14:05:37 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C61E722-E985-4977-BF37-6332EE549C29}\mpengine.dll

2012-10-05 20:55:33 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-29 20:47:12 -------- d-----w- C:\Users\Doug\AppData\Roaming\Malwarebytes

2012-09-29 20:46:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-29 20:46:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-29 20:46:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-08-26 18:56:02 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2012-08-21 21:14:39 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-21 21:14:39 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 17:58:27.91 ===============

And attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/30/2011 1:49:17 PM

System Uptime: 10/9/2012 5:52:14 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS3L

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 19.014 GiB free.

D: is FIXED (NTFS) - 368 GiB total, 12.176 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP342: 10/3/2012 5:08:48 PM - Windows Update

RP343: 10/7/2012 10:04:46 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe After Effects CS5 Third Party Content

Adobe After Effects CS5 Third Party Royalty Content

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Production Premium

Adobe Encore CS5 Third Party Royalty Content

Adobe Flash Player 11 ActiveX

Adobe Media Encoder CS5 Dolby X64

Adobe Media Encoder CS5 PCI X64

Adobe Media Player

Adobe Premiere Pro CS5 Third Party Royalty Content

Adobe Reader X (10.1.0)

Adobe Soundbooth CS5 Codecs

Adobe Soundbooth CS5 Royalty Codecs

AI Viewer

Amazon MP3 Downloader 1.0.17

AOL Instant Messenger

Back to the Future: Ep 1 - It's About Time

Back to the Future: Ep 2 - Get Tannen!

Back to the Future: Ep 3 - Citizen Brown

Back to the Future: Ep 4 - Double Visions

Back to the Future: Ep 5 - OUTATIME

BufferChm

C309a

CDR Viewer

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Coupon Printer for Windows

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DocProc

DVD Shrink 3.2

EES

Electronic Arts Game Updater

Fax

Fraps (remove only)

Free Download Manager 3.0

Google Chrome

Google Earth

Google Talk (remove only)

Google Update Helper

GoPro CineForm Studio 1.2.1

GPBaseService2

HijackThis 2.0.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Hulu Video Downloader 3.35

Inkscape 0.48.2

IsoBuster 1.6

Java Auto Updater

Java™ 6 Update 29

Juniper Networks Host Checker

Juniper Networks Network Connect 6.3.0

Juniper Networks Network Connect 7.0.0

Juniper Networks Setup Client

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

MYRIAD 8.2

Need For Speed - Porsche Unleashed

PDF Settings CS5

PS_AIO_05_C309_Software_Min

PxMergeModule

QuickTime Alternative 1.81

QuickTransfer

Realtek High Definition Audio Driver

Roll

Rosetta Stone Version 3

Scan

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Skype Toolbars

Skype™ 5.1

SmartWebPrinting

SolutionCenter

Status

Steam

STP Viewer 2.3

StreamTransport version: 1.0.2.2171

Symantec Technical Support Web Controls

TomTom HOME 2.7.3.1894

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

uRex DVD Ripper Platinum

Viewpoint Media Player

Vimeo Uploader

VirtualCloneDrive

VLC media player 1.1.6

WebReg

Winamp

.

==== Event Viewer Messages From Past Week ========

.

10/9/2012 5:57:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/9/2012 5:56:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

10/9/2012 5:56:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/9/2012 5:53:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/9/2012 5:53:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/9/2012 5:53:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/9/2012 5:53:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/9/2012 5:53:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/9/2012 5:53:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/9/2012 5:52:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf

10/9/2012 5:52:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/9/2012 5:52:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/9/2012 5:52:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/9/2012 5:52:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/9/2012 5:52:50 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/9/2012 5:52:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/9/2012 5:52:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/9/2012 5:52:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/9/2012 5:52:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/9/2012 5:52:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/9/2012 4:51:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

10/9/2012 4:51:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/9/2012 4:39:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002e98995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100912-29047-01.

10/9/2012 4:37:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/9/2012 4:37:52 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/9/2012 4:37:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/9/2012 4:35:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ea5995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100912-24133-01.

10/8/2012 9:24:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

10/8/2012 8:00:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

10/8/2012 7:49:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

10/8/2012 7:17:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

10/8/2012 10:42:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003168fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-24148-01.

10/8/2012 10:38:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800031b6dd7, 0xfffff880081d0f50, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-23337-01.

10/8/2012 10:33:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

10/8/2012 10:18:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

10/8/2012 10:17:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

10/8/2012 10:07:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000000500a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002e61995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100812-32885-01.

.

==== End Of File ===========================