Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC won't boot, 0x0000007B STOP error


  • This topic is locked This topic is locked
27 replies to this topic

#1 kernowlad

kernowlad

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 29 April 2011 - 08:40 PM

Greetings to all you great people here. I've already learned a lot by just reading. However, I have come to a dead end. This problem seems to be appearing more than once and I'd like to learn how to fix it. I'm starting in the Win XP forum, but this may end up belonging to the Virus etc, forum. Here's the situation:

I have a computer that suddenly stopped working, and refused to boot. I get the bsod and then Windows immediately reboots.

I managed to capture the stop code. This is it: STOP: 0x0000007b (0xb84C7524, 0xc0000034, 0x00000000, 0x00000000)

So my first question about this is what do the extra parameters mean? And are they useful in any diagnosis of the problem?

What I already did before posting:

* I tried booting in safe mode -> same BSOD -> instant reboot
* Returned to "Last Known Good Configuration" -> none was found. At reboot I got same BSOD and instant reboot.
* I tried to run the Recovery Console, but was left with a blinking cursor.

I downloaded a bootable disk from AVG (Rescue CD) which will scan the computer, but it didn't find or fix anything. This cd has a program called TestDisk that looks at the partitions, but everything looks good. It also looks at the boot sector, which it said was OK. I can't remember exactly what it looked at, but noticed that the original and backup were the same, which was concluded to be good.

I booted up to Active@ Boot Disk and ran CHKDSK /R but it didn't find anything. I also looked into the file system and can see all drives, partitions, files - everything looks normal. All the boot files are there. Boot.ini looks OK.

Finally I found the XP installation disc and ran Recovery Console and for good measure ran chkdisk /R again from there. It did say that it found errors and fixed them but I still have a bsod. I also ran fixboot, but no luck there. I did not do fixmbr since the first HD is partitioned and I was a bit worried about ruining the partition table (should I be?). I tried to run a WXP install -> repair, but strangely enough I couldn't get past the Licence acceptance screen. It was as if my F8 key was dead. I could page up and down or Esc to reboot, but no F8 - is that suspicious?

There has been no new hardware installed recently. The computer has 3 drives in it, the first is partitioned into 2, so there's 4 drive letters. BTW, I had to change the BIOS setting for the SATA drives to IDE from AHCI to get the Win XP disc to work. Then the stop code changed to 0x0000007E.

At this point I am faced with (I think) two possibilities. Either something's wrong with the HD controller or driver, or there's a nasty virus. If I can read the HD contents when I boot to ABD does that mean the HD controller is OK? Since TestDisk said the boot sector was OK does that rule out a virus? If the driver is corrupted can it be replace manually from a bootable CD? Fortunately there's a backup of all the data, so that isn't a worry. I'd just like to know what's going on. This has actually happened to two other computers which are, incidentally, on the same network.

Lots of questions.

I have at my disposal a BartPE disk as well as the above mentioned disks. I haven't used BartPE yet.

Thanks for reading all this and your willingness to help us out.

Dominic

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 AM

Posted 29 April 2011 - 09:18 PM

I have asked someone that handle this issue to look here when they have an opportuninty.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 30 April 2011 - 09:34 AM

Hi Dominic,

Weclome to Bleeping Computer. I'm going to assist you with the issue.

BTW, I had to change the BIOS setting for the SATA drives to IDE from AHCI to get the Win XP disc to work. Then the stop code changed to 0x0000007E.

In case in course of action we needed to reboot after a fix please make sure the BIOS is back to the factory default.

Download Farbar Recovery Scan Tool from: http://download.bleepingcomputer.com/farbar/FRST.exe and save it to a flash drive.
  • Boot into the BartPE CD.
  • Either go to My Computer, open the flash drive and run FRST.exe or open the command prompt or run box, type e:\frst.exe and press Enter.
    (Note: If the drive letter of flash drive is something else replace e with the drive letter of your flash drive).
  • When the tool opens click Yes to disclaimer.
  • Press Scan and wait.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 AM

Posted 30 April 2011 - 09:55 AM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logss forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kernowlad

kernowlad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 30 April 2011 - 04:44 PM

Thanks for your help. Sorry to keep you waiting - it was such a nice day today, I couldn't spend it inside fiddling with computers.

Here's the contents of FRST.txt

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.0.6
Ran by SYSTEM at 2011-04-30 17:38:17
Running from H:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)[208952 2010-11-20]
HKLM\...\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM\...\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM\...\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()[36864 2010-11-20]
HKLM\...\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot (JMicron Technology Corp.)[1953792 2010-11-20]
HKLM\...\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" ()[1423360 2010-11-20]
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)[155648 2010-11-20]
HKLM\...\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)[1051648 2010-11-20]
HKLM\...\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)[2595616 2010-11-20]
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)[909208 2010-11-20]
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)[140568 2010-11-20]
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)[813912 2010-11-20]
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)[849280 2010-11-20]
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)[198160 2010-11-20]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)[40368 2010-11-20]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (Adobe Systems Incorporated)[948672 2010-11-20]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime (Apple Inc.)[417792 2010-11-20]
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)[284696 2010-03-03]
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)[868352 2010-11-20]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)[111208 2011-01-07]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)[13880424 2011-01-07]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet ()[1753192 2010-11-04]
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui (AVAST Software)[3451496 2011-02-23]
HKU\DB\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)[139264 2010-11-20]
HKU\Default User\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)[2634048 2010-11-20]
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)[15360 2008-04-13]
HKU\Guard\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)[39408 2010-01-27]
HKU\Guard\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)[15360 2008-04-13]
HKU\MC\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)[15360 2008-04-13]
HKU\MC\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)[139264 2010-11-20]
HKU\SteveT\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)[139264 2010-11-20]
HKU\SteveT\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)[15360 2008-04-13]
HKLM\...\HKLM\...\HKLM\...\HKLM\...\Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{56F4B8CA-741B-4BF9-BCCD-95B9E83028C4}: [NameServer]192.168.1.1
Lsa: [Authentication Packages] msv1_0
relog_ap


==================== Drivers and Services ====================

1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [30680 2011-02-23] (AVAST Software)
2 aawservice; "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" [557056 2010-11-20] (Lavasoft AB)
0 ACPI; C:\Windows\System32\Drivers\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2008-04-13] (Microsoft Corporation)
2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [427288 2010-11-20] (Acronis)
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [293888 2010-11-20] (Analog Devices, Inc.)
2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
3 AEAudio; C:\Windows\System32\drivers\AEAudio.sys [93952 2010-11-20] (Andrea Electronics Corporation)
3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2010-11-20] (Meetinghouse Data Communications)
1 AFD; C:\Windows\System32\drivers\afd.sys [138112 2008-04-13] (Microsoft Corporation)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation)
3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12664 2010-11-20] ()
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2010-11-20] (Microsoft Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [19544 2011-02-23] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [101976 2011-02-23] (AVAST Software)
2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [102232 2011-02-23] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2011-02-23] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [192728 2011-02-23] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [25432 2011-02-23] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [371544 2011-02-23] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301528 2011-02-23] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [49240 2011-02-23] (AVAST Software)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\Drivers\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [614400 2010-10-26] (ATI Technologies Inc.)
2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-11-20] ()
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [5524480 2010-10-27] (ATI Technologies Inc.)
3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [84992 2010-11-20] (ATI Research Inc.)
1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2010-11-20] ()
3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2010-11-20] (Microsoft Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [42184 2011-02-23] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [121000 2011-02-23] (AVAST Software)
1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
3 basic2; C:\Windows\System32\DRIVERS\basic2.sys [77426 2010-11-20] (Conexant Systems)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [4224 2008-04-13] (Microsoft Corporation)
2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2010-11-20] (Microsoft Corporation)
2 Browser; C:\Windows\System32\browser.dll [77824 2008-04-13] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2008-04-13] (Microsoft Corporation)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2010-11-20] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2008-04-13] (Microsoft Corporation)
4 Cdfs; C:\Windows\System32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
1 Cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2010-11-20] (Microsoft Corporation)
2 Cnxtdiag; C:\Windows\System32\DRIVERS\cnxtdiag.sys [17776 2010-11-20] (Conexant Systems)
3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [5120 2008-04-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [399360 2008-04-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-13] (Microsoft Corp., Veritas Software)
0 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
0 dmio; C:\Windows\System32\Drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
0 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2008-04-13] (Microsoft Corp., Veritas Software.)
2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2010-11-20] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [45568 2008-04-13] (Microsoft Corporation)
3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [108544 2008-04-13] (Microsoft Corporation)
3 EventSystem; C:\WINDOWS\system32\es.dll [246272 2008-04-13] (Microsoft Corporation)
2 Fallback; C:\Windows\System32\DRIVERS\fallback.sys [310739 2010-11-20] (Conexant Systems)
4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2008-04-13] (Microsoft Corporation)
2 Fax; C:\Windows\System32\fxssvc.exe [267776 2010-11-20] (Microsoft Corporation)
0 Fdc; C:\Windows\System32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
3 Flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [129792 2010-11-20] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2010-11-20] (Microsoft Corporation)
2 Fsks; C:\Windows\System32\DRIVERS\fsksnt.sys [127405 2010-11-20] (Conexant Systems)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [7936 2008-04-13] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125056 2008-04-13] (Microsoft Corporation)
3 gmer; C:\Windows\System32\DRIVERS\gmer.sys [85969 2010-11-20] (GMER)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
2 gupdate1c9e38d2defa506; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2010-11-20] (Google Inc.)
3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [182768 2010-01-27] (Google)
3 HCW85BDA; C:\Windows\System32\drivers\HCW85BDA.sys [968064 2007-06-11] (Hauppauge Computer Works)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2010-11-20] (Microsoft Corporation)
2 HidServ; C:\Windows\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation)
3 hidusb; C:\Windows\System32\Drivers\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2010-11-20] (Hewlett-Packard Co.)
3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFBS2S2.sys [220032 2010-11-20] (Conexant Systems, Inc.)
3 HSF_DP; C:\Windows\System32\DRIVERS\HSFDPSP2.sys [1041536 2010-11-20] (Conexant Systems, Inc.)
3 HTTP; C:\Windows\System32\Drivers\HTTP.sys [264832 2008-04-13] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
0 iaStor; C:\Windows\System32\drivers\iastor.sys [324120 2008-07-20] (Intel Corporation)
2 IAStorDataMgrSvc; "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2010-11-20] (Macrovision Corporation)
3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [881664 2010-11-20] (Microsoft Corporation)
0 imagedrv; C:\Windows\System32\Drivers\imagedrv.sys [5888 2010-11-20] (Ahead Software AG)
0 imagesrv; C:\Windows\System32\DRIVERS\imagesrv.sys [127488 2010-11-20] (Ahead Software AG)
1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [102912 2010-11-20] (Nero AG)
1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [31360 2010-11-20] (Nero AG)
1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [10624 2010-11-20] (Nero AG)
1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [33792 2010-11-20] (Nero AG)
2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [859136 2010-11-20] (Nero AG)
1 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-13] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
3 IpNat; C:\Windows\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\DRIVERS\irenum.sys [11264 2010-11-20] (Microsoft Corporation)
0 isapnp; C:\Windows\System32\Drivers\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2010-11-20] (JMicron )
0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [46208 2010-11-20] (JMicron Technology Corp.)
2 K56; C:\Windows\System32\DRIVERS\k56nt.sys [427167 2010-11-20] (Conexant Systems)
1 Kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92288 2008-04-13] (Microsoft Corporation)
2 lanmanserver; C:\Windows\System32\srvsvc.dll [96768 2008-04-13] (Microsoft Corporation)
2 lanmanworkstation; C:\Windows\System32\wkssvc.dll [132096 2008-04-13] (Microsoft Corporation)
2 LmHosts; C:\Windows\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2010-11-20] (Microsoft Corporation)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [11868 2010-11-20] (Conexant)
2 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2008-04-13] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2010-11-20] (Microsoft Corporation)
3 Modem; C:\Windows\System32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
1 Mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [12160 2008-04-13] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
1 MRxSmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [456576 2008-04-13] (Microsoft Corporation)
3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2010-11-20] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
3 MSIServer; C:\WINDOWS\system32\msiexec.exe /V [78848 2008-04-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [5504 2010-11-20] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2010-11-20] ()
0 Mup; C:\Windows\System32\Drivers\Mup.sys [105344 2008-04-13] (Microsoft Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2010-11-20] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [10112 2008-04-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [40576 2008-04-13] (Microsoft Corporation)
2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-11-20] (Hewlett-Packard)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [132096 2010-11-20] (Microsoft Corporation)
3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-04-13] (Microsoft Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [2944 2008-04-13] (Microsoft Corporation)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9888672 2011-01-07] (NVIDIA Corporation)
3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [100456 2010-11-11] (NVIDIA Corporation)
2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [156776 2011-01-07] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-13] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-13] (Microsoft Corporation)
0 ohci1394; C:\Windows\System32\Drivers\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [89136 2010-11-20] (Microsoft Corporation)
3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16694 2010-11-20] (PalmSource, Inc.)
3 Parport; C:\Windows\System32\Drivers\Parport.sys [80128 2008-04-13] (Microsoft Corporation)
0 PartMgr; C:\Windows\System32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
2 ParVdm; C:\Windows\System32\Drivers\ParVdm.sys [6784 2008-04-13] (Microsoft Corporation)
0 PCI; C:\Windows\System32\Drivers\PCI.sys [68224 2008-04-13] (Microsoft Corporation)
0 PCIIde; C:\Windows\System32\Drivers\PCIIde.sys [3328 2008-04-13] (Microsoft Corporation)
4 Pcmcia; C:\Windows\System32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [108544 2008-04-13] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-11-20] (Hewlett-Packard)
3 Point32; C:\Windows\System32\DRIVERS\point32.sys [21760 2010-11-20] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2010-11-20] (PowerQuest Corporation)
2 ProtectedStorage; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [7808 2008-11-18] (Secunia)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-13] (Parallel Technologies, Inc.)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-11-20] (Sonic Solutions)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [8832 2008-04-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2008-04-13] (Microsoft Corporation)
1 Rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [4224 2008-04-13] (Microsoft Corporation)
3 rdpdr; C:\Windows\System32\DRIVERS\rdpdr.sys [196224 2010-11-20] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [139656 2010-11-20] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2010-11-20] (Microsoft Corporation)
1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2010-11-20] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
2 RemoteRegistry; C:\Windows\System32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
3 Rksample; C:\Windows\System32\DRIVERS\rksample.sys [67622 2010-11-20] (Conexant Systems)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [5888 2008-04-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [399360 2008-04-13] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2008-04-13] (Microsoft Corporation)
3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [105088 2008-02-25] (Realtek Semiconductor Corporation )
3 RTLWUSB; C:\Windows\System32\DRIVERS\RTL8187.sys [332928 2010-11-20] (Realtek Semiconductor Corporation )
2 SamSs; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [192512 2010-11-20] (Microsoft Corporation)
2 ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [181312 2010-11-20] ()
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
2 seclogon; C:\Windows\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2010-11-20] (Sensaura)
4 SENS; C:\Windows\System32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
3 serenum; C:\Windows\System32\Drivers\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
3 Serial; C:\Windows\System32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation)
1 Sfloppy; C:\Windows\System32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [135168 2008-04-13] (Microsoft Corporation)
3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2010-11-20] (Windows ® 2000 DDK provider)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
0 snapman; C:\Windows\System32\DRIVERS\snapman.sys [129248 2010-11-20] (Acronis)
2 SoftFax; C:\Windows\System32\DRIVERS\faxnt.sys [216987 2010-11-20] (Conexant Systems)
3 splitter; C:\Windows\System32\drivers\splitter.sys [6272 2010-11-20] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [57856 2008-04-13] (Microsoft Corporation)
0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2010-11-20] (Microsoft Corporation)
2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2010-11-20] (Microsoft Corporation)
3 Srv; C:\Windows\System32\DRIVERS\srv.sys [334848 2008-04-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [6784 2010-11-20] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{AC95EA65-07E4-4386-A60F-9FE1A6BDAB83} [5120 2008-04-13] (Microsoft Corporation)
3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
2 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
1 Tcpip; C:\Windows\System32\DRIVERS\tcpip.sys [361344 2008-04-13] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\Drivers\TDPIPE.sys [12040 2010-11-20] (Microsoft Corporation)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368544 2010-11-20] (Acronis)
3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [21896 2010-11-20] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [40840 2010-11-20] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [295424 2010-11-20] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [135168 2008-04-13] (Microsoft Corporation)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-11-20] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [441760 2010-11-20] (Acronis)
4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation)
2 Tones; C:\Windows\System32\DRIVERS\tonesnt.sys [56639 2010-11-20] (Conexant Systems)
2 TrkWks; C:\Windows\System32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
2 TryAndDecideService; "C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [492720 2010-11-20] ()
4 Udfs; C:\Windows\System32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\Drivers\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\Drivers\usbehci.sys [30208 2008-04-13] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\Drivers\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [15104 2010-11-20] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\Drivers\USBSTOR.sys [26368 2008-04-13] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\Drivers\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
2 V124; C:\Windows\System32\DRIVERS\v124nt.sys [534605 2010-11-20] (Conexant Systems)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
0 VolSnap; C:\Windows\System32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
3 Wdf01000; C:\Windows\System32\DRIVERS\Wdf01000.sys [492000 2010-11-20] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
2 WebClient; C:\Windows\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
3 winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [584304 2010-11-20] (Conexant Systems)
3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [52224 2008-04-13] (Microsoft Corporation)
3 Wmi; C:\Windows\System32\advapi32.dll [617472 2008-04-13] (Microsoft Corporation)
3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2010-11-20] (Microsoft Corporation)
3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\WMPNetwk.exe" [913408 2010-11-20] (Microsoft Corporation)
3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [38528 2010-11-20] (Microsoft Corporation)
1 WS2IFSL; C:\Windows\System32\Drivers\WS2IFSL.sys [12032 2008-04-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2010-11-20] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2010-11-20] (Microsoft Corporation)
0 WudfPf; C:\Windows\System32\DRIVERS\WudfPf.sys [77568 2010-11-20] (Microsoft Corporation)
3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2010-11-20] (Microsoft Corporation)
2 WudfSvc; C:\Windows\System32\WUDFSvc.dll [55808 2010-11-20] (Microsoft Corporation)
3 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [285952 2010-11-20] (Marvell)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
0 cerc6; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 HauppaugeTVServer; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 UltraMonMirror; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================= NetSvcs ============================

============ One Month Created Files and folders ============

2011-04-30 17:38 - 2011-04-30 17:38 - 0000000 ____D C:\FRST
2011-04-29 13:45 - 2011-04-29 13:45 - 0000000 ____D C:\Windows\Dell
2011-04-28 10:05 - 2011-04-28 10:05 - 0002790 ____N C:\bootex.log
2011-04-09 05:56 - 2011-04-09 05:56 - 0000000 ____D C:\Documents and Settings\MC\Application Data\Real
2011-04-09 05:56 - 2011-04-09 05:56 - 0000000 ____D C:\Documents and Settings\MC\Application Data\Intel Corporation
2011-04-09 02:16 - 2011-04-09 02:16 - 0090112 ____A C:\Windows\Minidump\Mini040911-01.dmp
2011-04-07 04:29 - 2011-04-07 04:29 - 0008221 ____A C:\Windows\KB2447961.log
2011-04-07 04:29 - 2011-04-07 04:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2447961_WM9L$
2011-04-06 06:50 - 2011-04-06 06:50 - 0000000 ____D C:\Documents and Settings\Guard\My Documents\Family Tree Maker
2011-04-06 06:49 - 2011-04-06 06:49 - 0000000 ____D C:\Documents and Settings\Guard\Local Settings\Application Data\Ancestry.com
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Windows\System32\windows media
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Windows\RegisteredPackages
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Program Files\Windows Media Components
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Program Files\Microsoft WSE
2011-04-06 06:44 - 2011-04-06 06:47 - 0000000 ____D C:\Program Files\BCL Technologies
2011-04-03 05:38 - 2011-04-03 05:38 - 150266355 ____A C:\Documents and Settings\Guard\Desktop\TP Day 2011-04-03.wmv
2011-04-02 06:02 - 2011-04-02 06:02 - 0000000 ____D C:\Program Files\Western Digital Corporation
2011-03-31 06:23 - 2011-03-31 06:23 - 0000000 ____D C:\Windows\System32\syncdb
2011-03-30 23:07 - 2011-03-30 23:07 - 0000000 ____D C:\Documents and Settings\Guard\Application Data\Dell
2011-03-30 07:46 - 2011-03-30 07:46 - 0077298 ____A C:\Documents and Settings\Guard\My Documents\CCvsGWC2 - 1885 July 21 - Cincinnati Commercial Tribune.pdf

============ 3 Months Modified Files and folders =============

2011-04-30 17:38 - 2011-04-30 17:38 - 0000000 ____D C:\FRST
2011-04-29 13:50 - 2007-12-05 07:40 - 0000281 _RASH C:\boot.ini
2011-04-29 13:49 - 2008-07-19 07:35 - 0000000 ____D C:\Windows\System32\scripting
2011-04-29 13:49 - 2008-07-19 07:35 - 0000000 ____D C:\Windows\System32\en
2011-04-29 13:49 - 2008-07-19 07:35 - 0000000 ____D C:\Windows\l2schemas
2011-04-29 13:49 - 2008-07-19 07:33 - 0000000 ____D C:\Windows\network diagnostic
2011-04-29 13:49 - 2007-12-05 07:40 - 0000346 ____A C:\Windows\System32\$winnt$.inf
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ___RD C:\Windows\Web
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\wbem
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\usmt
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\Setup
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\npp
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\system
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\PeerNet
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\mui
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\msagent
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\Media
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\ime
2011-04-29 13:49 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\Help
2011-04-29 13:46 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\twain_32
2011-04-29 13:46 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\icsxml
2011-04-29 13:45 - 2011-04-29 13:45 - 0000000 ____D C:\Windows\Dell
2011-04-29 13:45 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\ias
2011-04-29 13:45 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\1033
2011-04-29 13:44 - 2008-07-19 07:32 - 0000000 ___DC C:\Windows\$NtServicePackUninstall$
2011-04-29 13:44 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\System32\oobe
2011-04-29 13:44 - 2007-12-05 07:34 - 0000000 ____D C:\Windows\Driver Cache
2011-04-28 10:05 - 2011-04-28 10:05 - 0002790 ____N C:\bootex.log
2011-04-09 08:53 - 2007-12-09 09:55 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-04-09 08:14 - 2009-05-08 05:50 - 0000000 ____D C:\Documents and Settings\Guard\My Documents\PDF files
2011-04-09 08:08 - 2008-10-30 22:30 - 0002523 ____A C:\Documents and Settings\Guard\Desktop\Jasc Paint Shop Pro 9.lnk
2011-04-09 08:03 - 2010-01-27 06:21 - 0408986 ____A C:\Windows\setupapi.old
2011-04-09 06:32 - 2007-12-06 17:12 - 0000000 ___HD C:\Documents and Settings\Guard\NetHood
2011-04-09 05:57 - 2009-11-27 23:42 - 0000062 __ASH C:\Documents and Settings\Guard\Local Settings\desktop.ini
2011-04-09 05:57 - 2007-12-05 12:57 - 2009644 ____A C:\Windows\WindowsUpdate.log
2011-04-09 05:57 - 2004-08-04 04:00 - 0001374 ____A C:\Windows\System32\wpa.dbl
2011-04-09 05:56 - 2011-04-09 05:56 - 0000000 ____D C:\Documents and Settings\MC\Application Data\Real
2011-04-09 05:56 - 2011-04-09 05:56 - 0000000 ____D C:\Documents and Settings\MC\Application Data\Intel Corporation
2011-04-09 05:56 - 2008-01-28 13:02 - 0000000 ____A C:\Windows\0.log
2011-04-09 05:56 - 2007-12-09 11:53 - 0003470 ____A C:\Windows\ModemLog_Conexant SoftK56 Modem(M).txt
2011-04-09 05:56 - 2007-12-09 11:51 - 0003090 ____A C:\Windows\ModemLog_Standard 14400 bps Modem.txt
2011-04-09 05:56 - 2007-12-05 13:34 - 0078304 ____A C:\Documents and Settings\MC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-04-09 05:56 - 2007-12-05 07:45 - 0000159 ____A C:\Windows\wiadebug.log
2011-04-09 05:56 - 2007-12-05 07:45 - 0000048 ____A C:\Windows\wiaservc.log
2011-04-09 05:55 - 2007-12-05 17:29 - 0000000 __SHD C:\Windows\CSC
2011-04-09 05:55 - 2007-12-05 13:04 - 0000062 __ASH C:\Documents and Settings\MC\Local Settings\desktop.ini
2011-04-09 05:55 - 2007-12-05 13:00 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2011-04-09 05:55 - 2007-12-05 13:00 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2011-04-09 05:55 - 2007-12-05 13:00 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-04-09 05:44 - 2004-08-04 04:00 - 0000458 ____A C:\Windows\win.ini
2011-04-09 05:20 - 2010-11-20 13:22 - 0032574 ____A C:\Windows\SchedLgU.Txt
2011-04-09 04:30 - 2009-10-18 06:10 - 0000224 ____A C:\Windows\Tasks\GETSECDB.job
2011-04-09 03:00 - 2008-01-27 10:45 - 0000328 ____A C:\Windows\Tasks\Unlock Main House.job
2011-04-09 02:16 - 2011-04-09 02:16 - 0090112 ____A C:\Windows\Minidump\Mini040911-01.dmp
2011-04-09 02:06 - 2008-07-19 08:05 - 0000348 ____A C:\Documents and Settings\Guard\Desktop\Irvington Weather.url
2011-04-09 00:37 - 2007-12-29 07:30 - 0000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{BE7C3AA4-8D6C-48A7-AFDD-B37C0E2F0DBD}.job
2011-04-08 20:15 - 2007-12-06 16:59 - 0000326 ____A C:\Windows\Tasks\Sign-In Night.job
2011-04-08 13:14 - 2007-12-06 16:59 - 0000326 ____A C:\Windows\Tasks\Sign-In Swing.job
2011-04-08 09:24 - 2007-12-08 17:24 - 0191488 ____A C:\Documents and Settings\Guard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-08 06:04 - 2007-12-05 19:10 - 0000000 ____D C:\TSEPro
2011-04-08 04:15 - 2007-12-06 16:59 - 0000326 ____A C:\Windows\Tasks\Sign-In Day.job
2011-04-07 23:09 - 2008-01-28 13:45 - 0129509 ____A C:\Windows\wmsetup.log
2011-04-07 22:52 - 2007-12-06 16:04 - 0000230 ____A C:\Windows\NeroDigital.ini
2011-04-07 14:46 - 2010-02-18 13:46 - 0000481 ____A C:\Documents and Settings\Guard\Desktop\Weather Now.txt
2011-04-07 04:32 - 2007-12-05 07:41 - 0278944 ____A C:\Windows\System32\FNTCACHE.DAT
2011-04-07 04:29 - 2011-04-07 04:29 - 0008221 ____A C:\Windows\KB2447961.log
2011-04-07 04:29 - 2011-04-07 04:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2447961_WM9L$
2011-04-07 04:29 - 2010-11-21 10:16 - 0618704 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2011-04-07 04:29 - 2008-04-09 15:04 - 1018177 ____A C:\Windows\iis6.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0886124 ____A C:\Windows\FaxSetup.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0441857 ____A C:\Windows\ocgen.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0410301 ____A C:\Windows\tsoc.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0295537 ____A C:\Windows\comsetup.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0282854 ____A C:\Windows\msmqinst.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0180651 ____A C:\Windows\ntdtcsetup.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0155616 ____A C:\Windows\netfxocm.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0061860 ____A C:\Windows\MedCtrOC.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0049292 ____A C:\Windows\ocmsn.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0044760 ____A C:\Windows\msgsocm.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0044279 ____A C:\Windows\tabletoc.log
2011-04-07 04:29 - 2008-04-09 15:04 - 0001355 ____A C:\Windows\imsins.log
2011-04-06 06:50 - 2011-04-06 06:50 - 0000000 ____D C:\Documents and Settings\Guard\My Documents\Family Tree Maker
2011-04-06 06:50 - 2007-12-08 04:49 - 0000000 ___RD C:\Documents and Settings\Guard\My Documents
2011-04-06 06:49 - 2011-04-06 06:49 - 0000000 ____D C:\Documents and Settings\Guard\Local Settings\Application Data\Ancestry.com
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Windows\System32\windows media
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Windows\RegisteredPackages
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Program Files\Windows Media Components
2011-04-06 06:48 - 2011-04-06 06:48 - 0000000 ____D C:\Program Files\Microsoft WSE
2011-04-06 06:48 - 2010-11-20 12:30 - 0000000 ___HD C:\Config.Msi
2011-04-06 06:48 - 2007-12-05 13:23 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-04-06 06:47 - 2011-04-06 06:44 - 0000000 ____D C:\Program Files\BCL Technologies
2011-04-06 03:26 - 2007-12-06 16:59 - 0000348 ____A C:\Windows\Tasks\Newspaper Recycle.job
2011-04-05 04:32 - 2007-12-07 18:17 - 0017516 ____A C:\Windows\HCWPNP.INI
2011-04-04 07:26 - 2009-04-25 08:25 - 0000346 ____A C:\defrag-e.log
2011-04-04 07:23 - 2007-12-07 18:18 - 0000000 ____D C:\Program Files\WinTV
2011-04-04 07:09 - 2010-11-21 16:58 - 0000000 ____D C:\MyVideos
2011-04-04 07:00 - 2009-04-25 05:50 - 0000248 ____A C:\Windows\Tasks\logged-defrag-E.job
2011-04-04 06:03 - 2009-04-25 06:42 - 0000342 ____A C:\defrag-d.log
2011-04-04 06:00 - 2009-04-25 05:50 - 0000248 ____A C:\Windows\Tasks\logged-defrag-D.job
2011-04-04 05:17 - 2009-04-25 05:51 - 0000350 ____A C:\defrag-c.log
2011-04-04 05:00 - 2009-04-25 05:49 - 0000248 ____A C:\Windows\Tasks\logged-defrag-C.job
2011-04-03 05:38 - 2011-04-03 05:38 - 150266355 ____A C:\Documents and Settings\Guard\Desktop\TP Day 2011-04-03.wmv
2011-04-03 05:35 - 2007-12-09 08:58 - 0078304 ____A C:\Documents and Settings\Guard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-04-02 11:08 - 2009-03-09 22:36 - 0000000 ____D C:\Documents and Settings\Guard\Application Data\dvdcss
2011-04-02 08:53 - 2010-04-28 16:39 - 0000000 ____D C:\Documents and Settings\Guard\Application Data\PriceGong
2011-04-02 06:02 - 2011-04-02 06:02 - 0000000 ____D C:\Program Files\Western Digital Corporation
2011-04-01 06:00 - 2007-12-06 16:59 - 0000324 ____A C:\Windows\Tasks\Belv Gate 1st Mth Close.job
2011-04-01 00:15 - 2007-12-06 16:59 - 0000322 ____A C:\Windows\Tasks\Belv Gate 1st Mth Open.job
2011-03-31 11:12 - 2008-02-14 01:34 - 0000000 ____D C:\Documents and Settings\Guard\Local Settings\Application Data\WMTools Downloaded Files
2011-03-31 06:37 - 2007-12-10 01:14 - 0000000 ___RD C:\Documents and Settings\Guard\My Documents\My Pictures
2011-03-31 06:32 - 2007-12-05 19:29 - 0000000 ____D C:\Program Files\Adobe
2011-03-31 06:31 - 2007-12-05 07:43 - 0004161 ____A C:\Windows\ODBCINST.INI
2011-03-31 06:25 - 2007-12-09 21:50 - 0000000 ____D C:\Documents and Settings\Guard\Application Data\Adobe
2011-03-31 06:25 - 2007-12-05 19:29 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-03-31 06:23 - 2011-03-31 06:23 - 0000000 ____D C:\Windows\System32\syncdb
2011-03-30 23:18 - 2010-04-06 00:41 - 0000000 ____D C:\Documents and Settings\Guard\Local Settings\Application Data\Deployment
2011-03-30 23:07 - 2011-03-30 23:07 - 0000000 ____D C:\Documents and Settings\Guard\Application Data\Dell
2011-03-30 07:46 - 2011-03-30 07:46 - 0077298 ____A C:\Documents and Settings\Guard\My Documents\CCvsGWC2 - 1885 July 21 - Cincinnati Commercial Tribune.pdf
2011-03-29 07:34 - 2009-03-18 19:20 - 0000000 ___RD C:\Documents and Settings\Guard\Desktop\CCTV system
2011-03-28 07:20 - 2011-03-28 07:20 - 0001695 ____A C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
2011-03-28 07:19 - 2011-03-27 06:20 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-03-28 07:19 - 2007-12-05 12:58 - 0002625 ____A C:\Windows\System32\CONFIG.NT
2011-03-28 07:10 - 2011-03-27 11:31 - 0036338 ____A C:\Windows\KB2482017-IE8.log
2011-03-28 05:01 - 2011-03-27 11:34 - 0027423 ____A C:\Windows\KB2524375.log
2011-03-28 05:01 - 2011-03-27 11:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2524375$
2011-03-28 05:01 - 2008-04-09 15:04 - 0001374 ____A C:\Windows\imsins.BAK
2011-03-28 05:00 - 2007-12-05 12:55 - 0000063 ____A C:\Windows\vbaddin.ini
2011-03-28 03:48 - 2011-03-28 03:37 - 0000900 ____A C:\Windows\cdplayer.ini
2011-03-27 14:34 - 2007-12-06 17:12 - 0000278 ___SH C:\Documents and Settings\Guard\ntuser.ini
2011-03-27 14:34 - 2007-12-05 12:55 - 0000000 ____D C:\Windows\Registration
2011-03-27 14:22 - 2008-02-01 17:44 - 1386250 ____A C:\Windows\ntbtlog.txt
2011-03-27 11:34 - 2011-03-27 11:34 - 0000129 ____A C:\Windows\System32\MRT.INI
2011-03-27 11:34 - 2007-12-05 14:25 - 0000000 ___HD C:\Windows\$hf_mig$
2011-03-27 11:32 - 2011-03-27 11:32 - 0000000 __HDC C:\Windows\$NtUninstallKB971029$
2011-03-27 11:32 - 2011-03-27 11:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2481109$
2011-03-27 11:32 - 2011-03-27 11:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2479943$
2011-03-27 11:32 - 2011-03-27 11:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2476687$
2011-03-27 11:32 - 2011-03-27 11:29 - 0028245 ____A C:\Windows\KB2481109.log
2011-03-27 11:32 - 2011-03-27 11:28 - 0027100 ____A C:\Windows\KB971029.log
2011-03-27 11:32 - 2011-03-27 11:28 - 0026800 ____A C:\Windows\KB2479943.log
2011-03-27 11:32 - 2011-03-27 11:28 - 0026245 ____A C:\Windows\KB2476687.log
2011-03-27 11:32 - 2008-04-09 15:08 - 0228042 ____A C:\Windows\updspapi.log
2011-03-27 11:31 - 2011-03-27 11:31 - 0022647 ____A C:\Windows\KB2393802.log
2011-03-27 11:31 - 2011-03-27 11:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2485376$
2011-03-27 11:31 - 2011-03-27 11:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2479628$
2011-03-27 11:31 - 2011-03-27 11:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2478960$
2011-03-27 11:31 - 2011-03-27 11:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2393802$
2011-03-27 11:31 - 2011-03-27 11:30 - 0000000 __HDC C:\Windows\$NtUninstallKB2483185$
2011-03-27 11:31 - 2011-03-27 11:28 - 0026066 ____A C:\Windows\KB2485376.log
2011-03-27 11:31 - 2011-03-27 11:27 - 0019982 ____A C:\Windows\KB2479628.log
2011-03-27 11:31 - 2011-03-27 11:27 - 0019564 ____A C:\Windows\KB2478960.log
2011-03-27 11:31 - 2011-03-27 11:27 - 0019206 ____A C:\Windows\KB2483185.log
2011-03-27 11:31 - 2009-06-18 04:52 - 0000000 ____D C:\Windows\ie8updates
2011-03-27 11:30 - 2011-03-27 11:30 - 0000000 __HDC C:\Windows\$NtUninstallKB2478971$
2011-03-27 11:30 - 2011-03-27 11:30 - 0000000 __HDC C:\Windows\$NtUninstallKB2419632$
2011-03-27 11:30 - 2011-03-27 11:29 - 0007524 ____A C:\Windows\KB2440591.log
2011-03-27 11:30 - 2011-03-27 11:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2440591$
2011-03-27 11:30 - 2011-03-27 11:27 - 0018872 ____A C:\Windows\KB2419632.log
2011-03-27 11:30 - 2011-03-27 11:27 - 0018498 ____A C:\Windows\KB2478971.log
2011-03-27 11:29 - 2011-03-27 11:29 - 0007105 ____A C:\Windows\KB2423089.log
2011-03-27 11:29 - 2011-03-27 11:29 - 0003722 ____A C:\Windows\KB2443685.log
2011-03-27 11:29 - 2011-03-27 11:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2443685$
2011-03-27 11:29 - 2011-03-27 11:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2443105$
2011-03-27 11:29 - 2011-03-27 11:29 - 0000000 __HDC C:\Windows\$NtUninstallKB2423089$
2011-03-27 11:29 - 2011-03-27 11:23 - 0011176 ____A C:\Windows\KB2443105.log
2011-03-27 11:29 - 2007-12-05 14:38 - 0732398 ____A C:\Windows\System32\TZLog.log
2011-03-27 11:29 - 2007-12-05 12:56 - 0000000 ____D C:\Program Files\Outlook Express
2011-03-27 11:18 - 2011-03-27 11:18 - 0090112 ____A C:\Windows\Minidump\Mini032711-01.dmp
2011-03-27 06:20 - 2011-03-27 06:20 - 0000000 ____D C:\Program Files\AVAST Software
2011-03-27 00:33 - 2007-12-05 07:43 - 0512374 ____A C:\Windows\System32\PerfStringBackup.INI
2011-03-27 00:33 - 2004-08-04 04:00 - 0436932 ____A C:\Windows\System32\perfh009.dat
2011-03-27 00:33 - 2004-08-04 04:00 - 0069032 ____A C:\Windows\System32\perfc009.dat
2011-03-26 22:12 - 2010-11-20 12:48 - 0000000 ____D C:\Documents and Settings\Guard\My Documents\1982 MSG Blessing documents
2011-03-26 18:12 - 2007-12-06 17:12 - 0000000 __SHD C:\Documents and Settings\Guard\Local Settings\Temporary Internet Files
2011-03-26 07:57 - 2008-08-11 08:23 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-03-26 07:55 - 2010-11-20 13:35 - 0001024 ____A C:\Windows\System32\AutoPartNt.let
2011-03-26 07:29 - 2007-12-08 05:28 - 0000000 ____D C:\Documents and Settings\Guard\Desktop\Kill Spyware
2011-03-26 07:27 - 2011-03-26 07:16 - 0252080 ____A C:\Windows\System32\nvdrsdb1.bin
2011-03-26 07:27 - 2011-03-26 07:16 - 0252080 ____A C:\Windows\System32\nvdrsdb0.bin
2011-03-26 07:27 - 2011-03-26 07:16 - 0000001 ____A C:\Windows\System32\nvdrssel.bin
2011-03-26 07:26 - 2011-03-26 07:25 - 0000014 ____A C:\Windows\System32\nvModes.dat
2011-03-26 07:23 - 2011-03-26 07:23 - 0018905 ____A C:\Windows\System32\CCCInstall_201103261123071718.log
2011-03-26 07:17 - 2011-03-26 07:17 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2011-03-26 07:17 - 2011-03-26 07:16 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-03-26 07:16 - 2011-03-26 07:16 - 0000000 ____D C:\NVIDIA
2011-03-26 07:16 - 2011-03-26 07:16 - 0000000 ____A C:\Windows\System32\nvdrswr.lk
2011-03-26 07:12 - 2008-01-29 09:20 - 0004760 ____A C:\Windows\setupact.log
2011-03-26 06:43 - 2010-11-20 13:35 - 1882904 ____A (Acronis) C:\Windows\System32\AutoPartNt.exe
2011-03-25 11:20 - 2010-11-20 12:55 - 0000000 ____D C:\Documents and Settings\Guard\My Documents\Word files
2011-03-25 07:45 - 2011-03-25 07:45 - 0000000 ____D C:\Documents and Settings\Guard\My Documents\Belvedere Fire Alarm System Zones
2011-03-25 02:18 - 2007-12-05 12:56 - 0000000 ____D C:\Windows\System32\Restore
2011-03-02 15:56 - 2007-12-05 14:39 - 37943240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-02-23 06:04 - 2011-03-28 07:19 - 0190016 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-02-23 06:04 - 2011-03-28 07:19 - 0040648 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-02-23 05:57 - 2011-03-28 07:20 - 0101976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2011-02-23 05:56 - 2011-03-28 07:20 - 0301528 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-02-23 05:56 - 2011-03-28 07:19 - 0371544 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-02-23 05:56 - 2011-03-28 07:19 - 0192728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2011-02-23 05:55 - 2011-03-28 07:19 - 0102232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys
2011-02-23 05:55 - 2011-03-28 07:19 - 0096344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon.sys
2011-02-23 05:55 - 2011-03-28 07:19 - 0049240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-02-23 05:55 - 2011-03-28 07:19 - 0025432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-02-23 05:54 - 2011-03-28 07:20 - 0019544 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-02-23 05:54 - 2011-03-28 07:19 - 0030680 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys
2011-02-23 04:34 - 2011-03-28 07:19 - 0012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2011-02-09 05:53 - 2004-08-04 04:00 - 0270848 ___AC C:\Windows\System32\dllcache\sbe.dll
2011-02-09 05:53 - 2004-08-04 04:00 - 0186880 ___AC C:\Windows\System32\dllcache\encdec.dll
2011-02-01 23:58 - 2007-12-05 12:54 - 2067456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lhmstscx.dll
2011-02-01 23:58 - 2007-12-05 12:54 - 2067456 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

============ Known DLLs ============

[2008-04-13 15:00] - [2008-04-13 15:00] - 0617472 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2010-11-20 13:23] - [2010-11-20 13:23] - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0276992 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0285184 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2010-11-20 13:24] - [2010-12-20 15:59] - 1991680 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0110080 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0989696 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\lz32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2010-11-20 13:24] - [2010-11-20 13:24] - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 1287168 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0551936 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0584704 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0985088 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 8461312 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0474112 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0037888 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0619520 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0578560 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0406016 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0018944 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0666112 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0172032 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2008-04-13 15:00] - [2008-04-13 15:00] - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
RP: -> 2011-04-08 06:23 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP481

RP: -> 2011-04-07 04:29 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP480

RP: -> 2011-04-06 06:44 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP479

RP: -> 2011-03-31 06:31 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP478

RP: -> 2011-03-31 06:23 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP477

RP: -> 2011-03-28 07:19 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP476

RP: -> 2011-03-28 07:10 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP475

RP: -> 2011-03-28 07:00 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP474

RP: -> 2011-03-28 05:00 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP473

RP: -> 2011-03-27 14:48 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP472

RP: -> 2011-03-27 14:34 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP471

RP: -> 2011-03-27 11:29 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP470

RP: -> 2011-03-27 06:49 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP469

RP: -> 2011-03-27 06:20 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP468

RP: -> 2011-03-27 06:18 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP467

RP: -> 2011-03-26 15:40 - 028672 _restore{91380B45-F608-4EDE-BA96-16D58CE92DF6}\RP466


========================= Memory info ========================

Percentage of memory in use: 11%
Total physical RAM: 4094.31 MB
Available physical RAM: 3631.57 MB
Total Pagefile: 3841.74 MB
Available Pagefile: 3668.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.94 MB

======================= Partitions ===========================

2 Drive c: (System) (Fixed) (Total:97.65 GB) (Free:45.67 GB) NTFS
3 Drive d: (Acronis) (Fixed) (Total:1397.26 GB) (Free:1196.66 GB) NTFS
4 Drive e: (Backups) (Fixed) (Total:298.09 GB) (Free:111.09 GB) NTFS
5 Drive f: (Data) (Fixed) (Total:368.1 GB) (Free:206.92 GB) NTFS
6 Drive g: (CD_ROM) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
7 Drive h: (REPAIRS) (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

BTW, my copy of BARTpe didn't see the flash drive or manage to get the NIC working so I ran this from Active Boot Disk. Hope that's OK

Dominic

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 01 May 2011 - 05:36 AM

I don't blame you enjoying the nice day instead of fiddling with the computer. In fact I did the same.:)

The log doesn't show any infection. The only thing we can't see is MBR. AVG rescue CD has checked it as you say. We will take a look at it to make sure. Also we take a look at a dump file.

  • Please tell me when you start the computer how far the system goes before getting a BSOD?
  • Please tell me when approximately the BSOD and boot problem started.
  • Please download MBR.EXE by GMER. Save the file on your flash drive.
  • Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    cmd: copy /y C:\Windows\Minidump\Mini040911-01.dmp h:\
    cmd: copy /y h:\mbr.exe c:\
    cmd: c:\MBR.exe -c 0 1 h:\MBR.zip
    
    Now please boot into the Active Boot Disk.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    There will be two files on the flashdrive, please attach MBR.zip to your reply and upload Mini040911-01.dmp.
    To upload the minidump file Click on this link: http://www.bleepingcomputer.com/submit-malware.php?channel=66
  • Click Browse... and navigate to this file on the flash drive and highlight it to select:

    Mini040911-01.dmp

  • Click Open.
  • Copy the link to this topic in the appropriate box.
  • Click Send File.


#7 kernowlad

kernowlad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 01 May 2011 - 09:12 AM

Hi

Here's the response from this last endeavor

Dominic

Attached Files

  • Attached File  MBR.zip   512bytes   6 downloads


#8 kernowlad

kernowlad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 01 May 2011 - 09:15 AM

I also uploaded the memory dump as you asked

Thanks again

Dominic

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 01 May 2011 - 10:54 AM

Hi Dominic,

Well done. :thumbup2:

Seems you forgot to answer those question but they are now academic as your MBR is infected and we need to repair it.

I see you have backed up your data and need not to worry about them, however the fix in the vast majority of cases doesn't do any harm.

Please use your Windows install disc to enter Recovery Console.
At the command prompt type the following and press Enter:

fixmbr

If an invalid or nonstandard partition table signature is detected, you will be prompted whether you want to continue. Enter Y and press Enter.

Then exit Recovery Console, make sure the BIOS settings are returned to factory default and start computer and tell me how it went.

#10 kernowlad

kernowlad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 01 May 2011 - 04:31 PM

Hello again

For the record, the computer got to JGOGO.SYS (right after Mup.sys) before showing the BSOD, and this all first happened on April 21st, I believe. Right now after doing the fixmbr it it still shows a BSOD but with a different STOP error:

Problem caused by . . . nv4_mini.sys

DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS

. . .

STOP: 0x000000CE (0xB7025410, 0x00000008, 0xB7025412, 0x00000000)

nv4_mini.sys

I tried to get into safe mode after this, and it almost gets there. It tells me that Win XP setup cannot run in safe mode and wants me to click OK to reboot.

Dominic

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 01 May 2011 - 04:40 PM

Did you set the BIOS to factory default again before booting to Windows?

#12 kernowlad

kernowlad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 01 May 2011 - 04:44 PM

Yes I did

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 01 May 2011 - 04:54 PM

Try to start the computer a couple of times and see if it boots.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:25 PM

Posted 01 May 2011 - 05:00 PM

Just letting you know it is too late over here and I'm going to sleep. We will continue tomorrow.

#15 kernowlad

kernowlad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 01 May 2011 - 05:06 PM

I've been trying various ways to start - Normal, Safe Mode, SMCP, but the same message appears in safe mode and the same BSOD in normal. I suppose nv4_mini.sys is a video driver file of some sort. Do you think I can replace it from a backup?

One more thing I noticed was that the drive letters for the drives D and E have switched. They are individual drives. The partitioned one is C and F which looks normal in Active Boot DIsk. I suppose I can just change them back again.

Dominic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users