Bsod

aznrob69

Member
hey guys i keep getting these annoying blue screens. Its something about drive_, ill catch it next time. and also I got the windows error recovery info when it restarted. Also those files below I deleted them but they keep coming back for some reason.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 0000000000000003
BCP2: FFFFFA80062D2C20
BCP3: FFFFF80000B9C518
BCP4: FFFFFA8008962C10
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\041711-27440-01.dmp
C:\Users\Robert\AppData\Local\Temp\WER-36036-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 
What files did you delete? Do you put your system to sleep or hibernate?
The error you are getting usually refers to outdated drivers or issues from sleeping/hibernating. But giving us the exact error message you get will help a lot.
 
I delete these files C:\Windows\Minidump\041711-27440-01.dmp
C:\Users\Robert\AppData\Local\Temp\WER-36036-0.sysdata.xml" Well sometimes it goes to sleep while not in use, and but this bsod occurs at random times. The error message is DRIVER_POWER_FAILURE, Technical Problem 0x0000009F
 
Don't delete those files.
They'll help you/us to determine what the issue is.

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
==================================================
Dump File : 041711-26941-01.dmp
Crash Time : 4/17/2011 5:01:09 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`062be3a0
Parameter 3 : fffff800`00b9c518
Parameter 4 : fffffa80`09774010
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\041711-26941-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 1,251,992
==================================================

==================================================
Dump File : 041711-27440-01.dmp
Crash Time : 4/17/2011 4:03:21 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`062d2c20
Parameter 3 : fffff800`00b9c518
Parameter 4 : fffffa80`08962c10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\041711-27440-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 1,252,592
==================================================

==================================================
Dump File : 041711-26114-01.dmp
Crash Time : 4/17/2011 12:00:59 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0629e7e0
Parameter 3 : fffff800`00b9c518
Parameter 4 : fffffa80`0566bb00
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\041711-26114-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 1,309,352
==================================================

==================================================
Dump File : 041611-29952-01.dmp
Crash Time : 4/16/2011 7:52:35 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`062c4060
Parameter 3 : fffff800`040fe518
Parameter 4 : fffffa80`05b77b10
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\041611-29952-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 1,251,992
==================================================

==================================================
Dump File : 041311-27534-01.dmp
Crash Time : 4/13/2011 10:35:23 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`06296e40
Parameter 3 : fffff800`00b9c518
Parameter 4 : fffffa80`057f1470
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\041311-27534-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7600
Dump File Size : 1,338,776
==================================================
 
Last edited:
Please, don't wrap logs in code.
They're harder to read.

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
 
I already have MBAM installed. I did the quick scan and had no malicious items detects. heres the log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6359

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/14/2011 1:47:04 AM
mbam-log-2011-04-14 (01-47-04).txt

Scan type: Quick scan
Objects scanned: 162846
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.
 
DDS

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Robert at 18:01:49.20 on Sun 04/17/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4332 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Robert\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\6z221wyf.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\SymDS64.sys [2011-4-9 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\SymEFA64.sys [2011-4-9 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-2-25 1124472]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110415.003\IDSviA64.sys [2011-4-16 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\Ironx64.sys [2011-4-9 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-4-9 382072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-8 203776]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-14 363344]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2011-4-9 130000]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-12 2271608]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-9 9258496]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-8 300544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-4-9 132656]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-6-10 1192448]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-4-14 24152]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-9 1255736]
.
=============== Created Last 30 ================
.
2011-04-17 20:46:51 -------- d-----w- C:\Users\Robert\AppData\Local\{54299B24-7590-4285-8960-04CE15C23E49}
2011-04-17 08:55:32 -------- d-----w- C:\Users\Robert\AppData\Local\AOL
2011-04-17 08:55:32 -------- d-----w- C:\Users\Robert\AppData\Local\AIM
2011-04-17 08:55:26 -------- d-----w- C:\PROGRA~3\AIM
2011-04-17 08:55:23 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-04-17 08:55:23 -------- d-----w- C:\Program Files (x86)\AIM
2011-04-17 08:55:22 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2011-04-17 08:46:24 -------- d-----w- C:\Users\Robert\AppData\Local\{BA21CD66-87B5-46F8-9A6A-07D1E2911941}
2011-04-16 20:03:18 -------- d-----w- C:\Users\Robert\AppData\Local\{DCA26C73-9226-4991-B000-3938F28A4CC8}
2011-04-16 08:02:44 -------- d-----w- C:\Users\Robert\AppData\Local\{93C7682F-3F11-48BD-8D68-C6B9F8A4654B}
2011-04-16 00:21:05 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-04-16 00:20:44 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-04-15 20:02:21 -------- d-----w- C:\Users\Robert\AppData\Local\{1B30343F-8E57-4952-9B47-FC27F6D993D9}
2011-04-15 12:05:58 640896 ----a-w- C:\Windows\System32\winload.efi
2011-04-15 12:05:58 603976 ----a-w- C:\Windows\System32\winload.exe
2011-04-15 12:05:58 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-04-15 12:05:58 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-04-15 12:05:58 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-04-15 12:05:58 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-04-15 12:05:58 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-04-15 12:05:55 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-04-15 12:05:53 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-15 12:05:53 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-15 12:05:53 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-15 12:05:53 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-15 08:01:47 -------- d-----w- C:\Users\Robert\AppData\Local\{411F8622-41DB-4A34-B9A3-2866AFF6EAE8}
2011-04-14 20:00:24 -------- d-----w- C:\Users\Robert\AppData\Local\{D60FB655-1B9C-4EC6-9EE6-B3958F8063B3}
2011-04-14 06:44:39 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes
2011-04-14 06:44:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-14 06:44:28 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-14 06:44:24 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-14 06:44:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-13 20:08:04 -------- d-----w- C:\Users\Robert\AppData\Local\{C68060C5-62D7-49E7-97D5-ADE61D2CA538}
2011-04-12 23:46:31 -------- d-----w- C:\Users\Robert\AppData\Roaming\TeamViewer
2011-04-12 23:45:26 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-04-12 20:14:17 -------- d-----w- C:\Users\Robert\AppData\Local\{5E173D11-4B35-48C1-B0A7-2A0E151A70AC}
2011-04-12 07:22:45 -------- d-----w- C:\Users\Robert\AppData\Local\{D0389632-E2BA-423F-B906-48F4D8459A37}
2011-04-12 07:22:45 -------- d-----w- C:\Users\Robert\AppData\Local\{5A2A2ED0-D449-45F3-9F74-C950E8334D1C}
2011-04-11 19:22:21 -------- d-----w- C:\Users\Robert\AppData\Local\{9DB11678-828D-49EA-81AC-B101E8059234}
2011-04-11 05:26:03 -------- d-----w- C:\Users\Robert\AppData\Local\{B8C6E0F0-9A20-4329-ACDB-CA0F4D580D02}
2011-04-10 17:25:39 -------- d-----w- C:\Users\Robert\AppData\Local\{52296965-223F-4904-8663-A8DEF8DE1E7C}
2011-04-10 17:13:34 -------- d-----w- C:\Users\Robert\AppData\Local\{C2FEF13F-8395-47BA-8826-E7BC3EC94FFD}
2011-04-10 02:22:19 -------- d-----w- C:\Windows\SysWow64\BestPractices
2011-04-10 02:22:12 -------- d-----w- C:\Windows\System32\BestPractices
2011-04-10 02:22:11 -------- d-----w- C:\inetpub
2011-04-10 01:44:27 -------- d-----w- C:\Windows\SysWow64\Wat
2011-04-10 01:44:27 -------- d-----w- C:\Windows\System32\Wat
2011-04-10 01:41:51 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-04-10 01:41:51 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-04-10 01:37:22 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-04-10 01:37:22 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-04-10 01:37:14 -------- d-----w- C:\Windows\pss
2011-04-10 01:33:13 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-04-10 01:33:13 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-04-10 01:33:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-04-10 01:33:13 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-04-10 01:33:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-04-10 01:33:13 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-04-10 01:33:13 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-04-10 01:33:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-04-10 01:33:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-04-10 01:33:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-04-10 01:22:41 -------- d-----w- C:\Users\Robert\AppData\Local\{95421D56-4B09-49B3-9CEF-87CA0E1750CC}
2011-04-10 01:14:17 -------- d-----w- C:\Users\Robert\AppData\Local\CrashRpt
2011-04-09 23:47:40 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-04-09 23:46:24 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-04-09 23:46:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\uTorrent
2011-04-09 23:09:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2533dcd81cbf70b1d\MeshBetaRemover.exe
2011-04-09 23:07:21 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e13f63ef1cbf70a0f\DSETUP.dll
2011-04-09 23:07:21 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e13f63ef1cbf70a0f\DXSETUP.exe
2011-04-09 23:07:21 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e13f63ef1cbf70a0f\dsetup32.dll
2011-04-09 23:07:16 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddfe5d8c1cbf70a0e\DSETUP.dll
2011-04-09 23:07:16 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddfe5d8c1cbf70a0e\DXSETUP.exe
2011-04-09 23:07:16 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddfe5d8c1cbf70a0e\dsetup32.dll
2011-04-09 22:58:11 -------- d-----w- C:\Users\Robert\AppData\Local\{67C2CC74-CC41-4D8F-B617-475433C3AE36}
2011-04-09 22:57:59 -------- d-----w- C:\Users\Robert\Tracing
2011-04-09 22:47:30 -------- d-----w- C:\Windows\PCHEALTH
2011-04-09 22:47:04 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-04-09 22:45:56 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e2607bbc1cbf70717\InstallManager_WLE_WLE.exe
2011-04-09 22:45:48 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddd6c3e91cbf70716\Silverlight.4.0.exe
2011-04-09 22:43:14 -------- d-----w- C:\Users\Robert\AppData\Local\Windows Live
2011-04-09 22:43:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-04-09 22:39:30 -------- d-----w- C:\PROGRA~3\Skype Extras
2011-04-09 22:30:57 -------- d-----r- C:\Program Files (x86)\Skype
2011-04-09 21:13:51 -------- d-----w- C:\Program Files (x86)\ESEA
2011-04-09 19:27:04 -------- d-----w- C:\Users\Robert\AppData\Roaming\TS3Client
2011-04-09 19:07:01 -------- d-----w- C:\Users\Robert\AppData\Local\CrashDumps
2011-04-09 16:47:34 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-04-09 16:47:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-04-09 16:47:34 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-04-09 16:47:33 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-04-09 16:46:29 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
2011-04-09 14:50:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-04-09 14:50:18 -------- d-----w- C:\Program Files (x86)\Steam
2011-04-09 09:09:36 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-04-09 08:05:59 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-04-09 07:54:07 -------- d-----w- C:\Users\Robert\FrostWire
2011-04-09 07:54:04 -------- d-----w- C:\Users\Robert\AppData\Roaming\FrostWire
2011-04-09 07:46:34 -------- d-----w- C:\Program Files (x86)\FrostWire
2011-04-09 07:46:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-09 07:46:22 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-09 07:46:10 -------- d-----w- C:\Windows\Panther
2011-04-09 07:45:57 -------- d-sh--w- C:\Boot
2011-04-09 06:01:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-04-09 05:23:55 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{77A37E2D-E87C-4395-A899-1C5A474156A4}\mpengine.dll
2011-04-09 05:23:54 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-04-09 05:10:51 -------- d-----w- C:\Program Files\Bonjour
2011-04-09 05:10:51 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-09 05:06:46 -------- d-----w- C:\Users\Robert\AppData\Local\ATI
2011-04-09 05:06:28 0 ----a-w- C:\Windows\ativpsrm.bin
2011-04-09 05:04:37 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-04-09 05:04:35 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-04-09 05:04:35 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-04-09 05:04:10 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-04-09 05:04:07 -------- d-sh--w- C:\Windows\Installer
2011-04-09 05:03:56 -------- d-----w- C:\Program Files\ATI Technologies
2011-04-09 05:03:55 -------- d-----w- C:\Program Files\ATI
2011-04-09 05:03:12 -------- d-----w- C:\ATI
2011-04-09 04:59:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-04-09 04:59:41 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-04-09 04:59:40 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-04-09 04:59:40 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-03-22 00:56:26 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-03-22 00:56:22 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-03-22 00:56:10 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-03-22 00:56:06 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-03-22 00:55:58 16115712 ----a-w- C:\Windows\System32\amdocl64.dll
2011-03-22 00:55:46 12385792 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
==================== Find3M ====================
.
2011-04-09 05:58:37 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-09 09:22:42 9258496 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-03-09 05:41:52 22518272 ----a-w- C:\Windows\System32\atio6axx.dll
2011-03-09 05:19:22 17397248 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-03-09 04:57:04 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-03-09 04:56:54 679424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-03-09 04:55:52 795136 ----a-w- C:\Windows\System32\aticfx64.dll
2011-03-09 04:53:44 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-03-09 04:53:34 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-03-09 04:53:04 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-03-09 04:52:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-03-09 04:51:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-03-09 04:51:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-03-09 04:51:34 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-03-09 04:51:28 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-03-09 04:51:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-03-09 04:51:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-03-09 04:48:46 4277760 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-03-09 04:40:22 5044224 ----a-w- C:\Windows\System32\atidxx64.dll
2011-03-09 04:34:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-03-09 04:34:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-03-09 04:34:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-03-09 04:34:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-03-09 04:34:12 7025152 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-03-09 04:32:32 5618688 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-03-09 04:30:30 4294656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-03-09 04:24:48 5438976 ----a-w- C:\Windows\System32\atiumd64.dll
2011-03-09 04:18:16 360448 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-03-09 04:18:10 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-03-09 04:18:00 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-03-09 04:17:56 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-03-09 04:17:56 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-03-09 04:17:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-03-09 04:17:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-03-09 04:17:42 300544 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-03-09 04:17:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-03-09 04:17:00 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-03-09 04:16:54 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-03-09 04:16:48 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-03-09 04:16:14 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-03-09 04:11:06 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-03-09 03:42:40 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-03-09 03:42:06 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-03-09 03:41:52 3239936 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-03-09 03:34:12 3471872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 18:02:15.82 ===============


Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2011 11:54:43 PM
System Uptime: 4/17/2011 5:00:39 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T DELUXE V2
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 634.578 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 322.777 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP10: 4/9/2011 5:47:17 PM - WLSetup
RP11: 4/9/2011 6:11:43 PM - Windows Live Essentials
RP12: 4/9/2011 8:28:42 PM - Windows Update
RP13: 4/9/2011 9:21:54 PM - Windows Modules Installer
RP14: 4/9/2011 9:24:52 PM - Windows Modules Installer
RP15: 4/9/2011 9:35:35 PM - Windows Modules Installer
RP16: 4/9/2011 9:46:16 PM - Windows Update
RP17: 4/10/2011 2:15:25 AM - Windows Update
RP18: 4/11/2011 1:53:16 AM - Windows Update
RP19: 4/15/2011 7:05:04 AM - Windows Update
RP20: 4/15/2011 7:20:54 PM - Installed Ventrilo Client
RP21: 4/16/2011 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 7
Apple Application Support
Apple Software Update
Bing Bar
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Counter-Strike: Source
D3DX10
Download Updater (AOL LLC)
FrostWire 4.21.5
Heroes of Newerth
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.16)
MSVCRT
Norton Internet Security
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Skype Toolbars
Skype™ 5.3
Steam
System Requirements Lab CYRI
TeamViewer 6
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
4/17/2011 5:01:15 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{816CEDD5-DB42-40E4-A9B4-3C91589894F4} because another computer on the network has the same name. The server could not start.
4/17/2011 5:01:15 PM, Error: NetBT [4321] - The name "ROBERT-PC :20" could not be registered on the interface with IP address 192.168.1.104. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer.
4/17/2011 5:01:09 PM, Error: NetBT [4321] - The name "ROBERT-PC :0" could not be registered on the interface with IP address 192.168.1.104. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer.
4/17/2011 5:01:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062be3a0, 0xfffff80000b9c518, 0xfffffa8009774010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041711-26941-01.
4/17/2011 4:03:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062d2c20, 0xfffff80000b9c518, 0xfffffa8008962c10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041711-27440-01.
4/17/2011 3:28:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/17/2011 3:28:22 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/17/2011 12:00:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800629e7e0, 0xfffff80000b9c518, 0xfffffa800566bb00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041711-26114-01.
4/16/2011 7:52:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062c4060, 0xfffff800040fe518, 0xfffffa8005b77b10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041611-29952-01.
4/13/2011 8:02:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/13/2011 8:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/13/2011 8:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/13/2011 8:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/13/2011 8:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/13/2011 8:02:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/13/2011 8:02:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/13/2011 8:01:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8006297060, 0xfffff80000b9c518, 0xfffffa8005dcd520). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041311-22370-01.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 8:01:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 10:35:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8006296e40, 0xfffff80000b9c518, 0xfffffa80057f1470). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041311-27534-01.
4/12/2011 9:34:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800629a3a0, 0xfffff80000b9c518, 0xfffffa8005e9c010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041211-26332-01.
4/12/2011 5:26:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062a8e40, 0xfffff80000b9c518, 0xfffffa8007c78010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041211-25677-01.
4/11/2011 8:18:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80062c5c20, 0xfffff80000ba2748, 0xfffffa80089cec10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041111-19312-01.
4/10/2011 2:45:00 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 
So far, I don't see anything unusual.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe


  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Back
Top