I have gotten the BSOD a couple of times lately.
The error is 0x00000050
Win32.sys address
That is all i got before it went away.
any help would be great.
Thanks
Michael
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by mike at 15:31:21 on 2012-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1331 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fiery\Command WorkStation 4\cws 4.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://google.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DWABrowserHlprObj Class: {2709D830-B643-4e72-9A1E-701CFFFCF30C} - c:\windows\system32\dwabho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mike\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [CANON DR6080_7580_9080C SVC] rundll32.exe DR9KSVC.dll,EntryPointUserMessage
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\comman~1.lnk - c:\program files\fiery\command workstation 4\cws 4.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://webmail.jlclark.com/dwa85W.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355520264890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxps://secure.thefilingroom.com/members/XUpload.ocx
TCP: NameServer = 65.183.98.90 8.8.4.4
TCP: Interfaces\{9DBDBF82-8E96-447E-A55D-9AB93324B5DE} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9DBDBF82-8E96-447E-A55D-9AB93324B5DE} : DHCPNameServer = 65.183.98.90 8.8.4.4
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-11-3 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-11-3 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-1 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-1 132768]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-11-3 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-1 149624]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-8-30 39408]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
R3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
R3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [2011-7-6 24092]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20121212.001\IDSXpx86.sys [2012-12-12 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20121214.003\NAVENG.SYS [2012-12-14 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20121214.003\NAVEX15.SYS [2012-12-14 1601184]
S0 cerc6;cerc6; [x]
S1 MpKsl01f59dae;MpKsl01f59dae;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\mpksl01f59dae.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\MpKsl01f59dae.sys [?]
S1 MpKsl0c33b6e7;MpKsl0c33b6e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{142b1b15-8cb7-4457-ad8a-645445a5b6d2}\mpksl0c33b6e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{142b1b15-8cb7-4457-ad8a-645445a5b6d2}\MpKsl0c33b6e7.sys [?]
S1 MpKsl6ff1f11a;MpKsl6ff1f11a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c72011c-2627-40b4-bb6d-da2761ee6f0e}\mpksl6ff1f11a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c72011c-2627-40b4-bb6d-da2761ee6f0e}\MpKsl6ff1f11a.sys [?]
S1 MpKsl91562297;MpKsl91562297;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d4cccc7-834d-4c32-a948-86caf34973e4}\mpksl91562297.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d4cccc7-834d-4c32-a948-86caf34973e4}\MpKsl91562297.sys [?]
S1 MpKsla2a419bb;MpKsla2a419bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\mpksla2a419bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\MpKsla2a419bb.sys [?]
S1 MpKslaabdc588;MpKslaabdc588;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e16578ee-a009-468d-975c-948613816693}\mpkslaabdc588.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e16578ee-a009-468d-975c-948613816693}\MpKslaabdc588.sys [?]
S1 MpKslf01f00d3;MpKslf01f00d3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba0d18e5-5b59-4a5d-b219-b24d6c2b928b}\mpkslf01f00d3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba0d18e5-5b59-4a5d-b219-b24d6c2b928b}\MpKslf01f00d3.sys [?]
S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys [2011-6-30 19824]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
S3 72230298;72230298;c:\windows\system32\72230298.exe --> c:\windows\system32\72230298.exe [?]
S3 D595F017;D595F017;c:\windows\system32\d595f017.exe --> c:\windows\system32\D595F017.exe [?]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-8-25 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?]
.
=============== Created Last 30 ================
.
2012-12-14 21:06:19 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-12-14 21:06:04 -------- d-----w- C:\Intel
2012-12-14 21:04:31 -------- d-----w- c:\program files\SystemRequirementsLab
2012-12-14 17:31:02 172032 ---ha-w- c:\windows\system32\igfxres.dll
2012-12-14 17:03:59 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll
2012-12-14 17:02:59 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-12-14 16:55:34 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-12-14 16:55:34 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-12-14 16:55:34 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-12-14 16:55:34 13312 ----a-w- c:\windows\system32\irclass.dll
2012-12-14 16:55:20 16535 ----a-r- c:\windows\SET7E.tmp
2012-12-14 16:55:17 1088840 ----a-r- c:\windows\SET72.tmp
2012-12-14 16:55:13 1296669 ----a-r- c:\windows\SET6F.tmp
2012-12-03 19:16:20 -------- d-----w- C:\Jobs
.
==================== Find3M ====================
.
2012-12-14 17:38:20 4896 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-12-12 13:13:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 13:13:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 13:40:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-10-01 13:40:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 15:32:13.68 ===============
The error is 0x00000050
Win32.sys address
That is all i got before it went away.
any help would be great.
Thanks
Michael
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by mike at 15:31:21 on 2012-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1331 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fiery\Command WorkStation 4\cws 4.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://google.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DWABrowserHlprObj Class: {2709D830-B643-4e72-9A1E-701CFFFCF30C} - c:\windows\system32\dwabho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mike\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [CANON DR6080_7580_9080C SVC] rundll32.exe DR9KSVC.dll,EntryPointUserMessage
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\comman~1.lnk - c:\program files\fiery\command workstation 4\cws 4.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://webmail.jlclark.com/dwa85W.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355520264890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxps://secure.thefilingroom.com/members/XUpload.ocx
TCP: NameServer = 65.183.98.90 8.8.4.4
TCP: Interfaces\{9DBDBF82-8E96-447E-A55D-9AB93324B5DE} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9DBDBF82-8E96-447E-A55D-9AB93324B5DE} : DHCPNameServer = 65.183.98.90 8.8.4.4
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-11-3 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-11-3 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-1 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-1 132768]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-11-3 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-1 149624]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-8-30 39408]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
R3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
R3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [2011-7-6 24092]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20121212.001\IDSXpx86.sys [2012-12-12 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20121214.003\NAVENG.SYS [2012-12-14 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20121214.003\NAVEX15.SYS [2012-12-14 1601184]
S0 cerc6;cerc6; [x]
S1 MpKsl01f59dae;MpKsl01f59dae;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\mpksl01f59dae.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\MpKsl01f59dae.sys [?]
S1 MpKsl0c33b6e7;MpKsl0c33b6e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{142b1b15-8cb7-4457-ad8a-645445a5b6d2}\mpksl0c33b6e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{142b1b15-8cb7-4457-ad8a-645445a5b6d2}\MpKsl0c33b6e7.sys [?]
S1 MpKsl6ff1f11a;MpKsl6ff1f11a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c72011c-2627-40b4-bb6d-da2761ee6f0e}\mpksl6ff1f11a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c72011c-2627-40b4-bb6d-da2761ee6f0e}\MpKsl6ff1f11a.sys [?]
S1 MpKsl91562297;MpKsl91562297;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d4cccc7-834d-4c32-a948-86caf34973e4}\mpksl91562297.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d4cccc7-834d-4c32-a948-86caf34973e4}\MpKsl91562297.sys [?]
S1 MpKsla2a419bb;MpKsla2a419bb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\mpksla2a419bb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bedd579c-3cb1-4bea-b418-3a4c76db8035}\MpKsla2a419bb.sys [?]
S1 MpKslaabdc588;MpKslaabdc588;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e16578ee-a009-468d-975c-948613816693}\mpkslaabdc588.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e16578ee-a009-468d-975c-948613816693}\MpKslaabdc588.sys [?]
S1 MpKslf01f00d3;MpKslf01f00d3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba0d18e5-5b59-4a5d-b219-b24d6c2b928b}\mpkslf01f00d3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba0d18e5-5b59-4a5d-b219-b24d6c2b928b}\MpKslf01f00d3.sys [?]
S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys [2011-6-30 19824]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
S3 72230298;72230298;c:\windows\system32\72230298.exe --> c:\windows\system32\72230298.exe [?]
S3 D595F017;D595F017;c:\windows\system32\d595f017.exe --> c:\windows\system32\D595F017.exe [?]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-8-25 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?]
.
=============== Created Last 30 ================
.
2012-12-14 21:06:19 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-12-14 21:06:04 -------- d-----w- C:\Intel
2012-12-14 21:04:31 -------- d-----w- c:\program files\SystemRequirementsLab
2012-12-14 17:31:02 172032 ---ha-w- c:\windows\system32\igfxres.dll
2012-12-14 17:03:59 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll
2012-12-14 17:02:59 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-12-14 16:55:34 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-12-14 16:55:34 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-12-14 16:55:34 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-12-14 16:55:34 13312 ----a-w- c:\windows\system32\irclass.dll
2012-12-14 16:55:20 16535 ----a-r- c:\windows\SET7E.tmp
2012-12-14 16:55:17 1088840 ----a-r- c:\windows\SET72.tmp
2012-12-14 16:55:13 1296669 ----a-r- c:\windows\SET6F.tmp
2012-12-03 19:16:20 -------- d-----w- C:\Jobs
.
==================== Find3M ====================
.
2012-12-14 17:38:20 4896 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-12-12 13:13:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 13:13:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 13:40:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-10-01 13:40:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 15:32:13.68 ===============