Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Tons of problem with the BSOD

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Tons of problem with the BSOD

Unread postby ncbasser » December 2nd, 2010, 12:59 am

Hi, my wife and I have a big problem with our desktop that get random BSOD. We bought our PC new 3 yrs ago and all the problem started last month and its getting worse. We were using comodo firewall, avast antivirus, CCleaner all these years til problem begun so we uninstalled the firewall and antivirus to replace comodo combo firewall/antivirus. No solution. Uninstalled the combo to go with the MS built in firewall and put in AVG antivirus. Uninstalled the AVG to go back to avast. Same thing. The BSOD gotten real bad. We had the system restored with recovery disk on 6th effort until windows come up. I've tested all of the hardware and none was found error. All passed every time. I freq MS update but lot of em failed. Even SP1 nor SP2 can't be updated. I googled and found a forum that stated not to use registry cleaner. My gut tells me that I screwed it up because I was using registry cleaner through CCleaner so I'm pretty certain its where it all started. Also to let you know yesterday I noticed there was 3 Firefox running in task manager. Knew it wasn't right. Hope somebody can point me in right direction to get this issue fixed. Appreciated in advance!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:33 PM, on 12/1/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\chrisnnena\Desktop\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4085 bytes
----------------------------------------------------------------------------------------------------------------

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
AIM 7
avast! Free Antivirus
CCleaner
CyberLink DVD Suite Deluxe
Enhanced Multimedia Keyboard Solution
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Update
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6 Update 1
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
muvee autoProducer 6.1
NVIDIA Drivers
Power2Go
PowerDirector
Python 2.5
Realtek High Definition Audio Driver
Soft Data Fax Modem with SmartCP
WeatherBug Gadget
ncbasser
Active Member
 
Posts: 7
Joined: December 1st, 2010, 9:07 pm
Advertisement
Register to Remove

Re: Tons of problem with the BSOD

Unread postby MWR 3 day Mod » December 5th, 2010, 1:43 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 7th, 2010, 4:42 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Windows Vista Intructions
Since you are running Windows Vista, please make sure that all of the tools that I ask you to run are run by right clicking and selecting Run as administrator. This will ensure the correct functionality of the tools with Windows Vista compatibility.



Let’s have a look, be warned though that because the machine has been running without service packs you might find the only option will be to reformat and reinstall the Operating System.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



Please reply with:-
  • Security Application check
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Tons of problem with the BSOD

Unread postby ncbasser » December 7th, 2010, 8:30 am

Appreciated you come to my rescue. Just so you know, after two of RSIT logs opened the windows toolbar on bottom turns all white.

Here's Security Application then RSIT logs

Results of screen317's Security Check version 0.99.6
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

-------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by chrisnnena at 2010-12-07 07:17:14
Microsoft® Windows Vista™ Home Premium
System drive C: has 275 GB (93%) free of 296 GB
Total RAM: 2942 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:17 AM, on 12/7/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chrisnnena\Desktop\RSIT.exe
C:\Program Files\trend micro\chrisnnena.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4349 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-10 1006264]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-22 526880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2006-11-02 1196032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-07 07:17:14 ----D---- C:\rsit
2010-12-07 07:17:14 ----D---- C:\Program Files\trend micro
2010-12-06 09:41:05 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-06 09:41:05 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-06 09:41:04 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-06 09:41:04 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-06 09:41:03 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-06 09:40:44 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-02 00:54:24 ----A---- C:\Program Files\uninstall_list.txt
2010-11-29 17:22:45 ----D---- C:\perflogs
2010-11-29 15:39:40 ----RASH---- C:\MSDOS.SYS
2010-11-29 15:39:40 ----RASH---- C:\IO.SYS
2010-11-27 07:34:00 ----D---- C:\Windows\CheckSur
2010-11-27 05:57:08 ----D---- C:\Users\chrisnnena\AppData\Roaming\InstallShield
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkAPO.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-11-27 05:55:21 ----A---- C:\Windows\RtlUpd.exe
2010-11-27 05:55:21 ----A---- C:\Windows\RtHDVCpl.exe
2010-11-27 05:53:13 ----A---- C:\FINIS_IT.TXT
2010-11-27 05:49:05 ----D---- C:\Users\chrisnnena\AppData\Roaming\WinBatch
2010-11-26 13:05:31 ----D---- C:\Users\chrisnnena\AppData\Roaming\Adobe
2010-11-26 11:47:32 ----D---- C:\Users\chrisnnena\AppData\Roaming\acccore
2010-11-26 11:47:23 ----D---- C:\ProgramData\AIM
2010-11-26 11:47:21 ----D---- C:\Program Files\AIM
2010-11-26 11:47:20 ----D---- C:\Program Files\Common Files\AOL
2010-11-26 05:53:02 ----D---- C:\Windows\SoftwareDistribution
2010-11-26 05:51:00 ----SHD---- C:\System Volume Information
2010-11-26 05:50:29 ----D---- C:\Windows\Minidump
2010-11-26 05:47:21 ----ASH---- C:\pagefile.sys
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP5530.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP50dd.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP4aa6.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP3b4a.tmp
2010-11-26 04:11:17 ----N---- C:\Windows\system32\MpSigStub.exe
2010-11-26 03:54:21 ----D---- C:\Program Files\CCleaner
2010-11-26 03:53:04 ----D---- C:\Users\chrisnnena\AppData\Roaming\Malwarebytes
2010-11-26 03:52:58 ----D---- C:\ProgramData\Malwarebytes
2010-11-26 03:52:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-26 03:52:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-26 03:52:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-26 03:46:33 ----D---- C:\ProgramData\Alwil Software
2010-11-26 03:46:33 ----D---- C:\Program Files\Alwil Software
2010-11-26 03:38:46 ----D---- C:\Users\chrisnnena\AppData\Roaming\Mozilla
2010-11-26 03:38:37 ----D---- C:\Program Files\Mozilla Firefox
2010-11-26 03:30:31 ----A---- C:\Windows\system32\wintrust.dll
2010-11-26 03:30:28 ----A---- C:\Windows\system32\cabview.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wups2.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wucltux.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wuaueng.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wuauclt.exe
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wups.dll
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wudriver.dll
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wuapi.dll
2010-11-26 03:23:35 ----A---- C:\Windows\system32\wuwebv.dll
2010-11-26 03:23:35 ----A---- C:\Windows\system32\wuapp.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\javaws.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\javaw.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\java.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\deployJava1.dll
2010-11-26 03:11:33 ----D---- C:\Windows\pss
2010-11-26 03:09:14 ----D---- C:\Users\chrisnnena\AppData\Roaming\Snapfish
2010-11-26 03:08:53 ----D---- C:\Users\chrisnnena\AppData\Roaming\Identities
2010-11-26 03:08:04 ----D---- C:\Users\chrisnnena\AppData\Roaming\Macromedia
2010-11-26 03:07:50 ----D---- C:\Users\chrisnnena\AppData\Roaming\Hewlett-Packard
2010-11-26 03:05:41 ----SD---- C:\Users\chrisnnena\AppData\Roaming\Microsoft
2010-11-26 03:05:41 ----D---- C:\Users\chrisnnena\AppData\Roaming\Media Center Programs
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Templates
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Start Menu
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Favorites
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Documents
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Desktop
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Application Data
2010-11-26 03:02:27 ----SHD---- C:\Documents and Settings

======List of files/folders modified in the last 1 months======

2010-12-07 07:17:14 ----D---- C:\Program Files
2010-12-07 07:16:54 ----D---- C:\Windows\Prefetch
2010-12-07 07:16:45 ----D---- C:\Windows\Temp
2010-12-07 06:59:06 ----D---- C:\WINDOWS
2010-12-07 06:57:06 ----D---- C:\Windows\SMINST
2010-12-06 11:47:30 ----D---- C:\Windows\System32
2010-12-06 11:47:30 ----D---- C:\Windows\inf
2010-12-06 11:47:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-06 09:41:05 ----D---- C:\Windows\system32\drivers
2010-12-06 09:40:51 ----SHD---- C:\Windows\Installer
2010-12-06 09:07:38 ----D---- C:\Windows\system32\LogFiles
2010-12-06 08:14:20 ----D---- C:\Windows\system32\Tasks
2010-12-04 17:10:16 ----D---- C:\Windows\system32\WDI
2010-12-02 21:00:37 ----D---- C:\Windows\system32\catroot
2010-12-02 20:30:01 ----D---- C:\ProgramData\NVIDIA
2010-12-02 14:17:22 ----D---- C:\Windows\system32\catroot2
2010-12-02 08:57:05 ----D---- C:\Windows\LiveKernelReports
2010-11-29 15:09:04 ----HD---- C:\hp
2010-11-29 14:18:57 ----D---- C:\Windows\Debug
2010-11-27 11:00:28 ----SD---- C:\ProgramData\Microsoft
2010-11-27 06:25:16 ----D---- C:\Program Files\Common Files
2010-11-27 05:55:45 ----D---- C:\Windows\system32\RTCOM
2010-11-27 05:55:24 ----A---- C:\Windows\DIFxAPI.dll
2010-11-27 05:52:33 ----D---- C:\Windows\winsxs
2010-11-27 05:52:02 ----D---- C:\Program Files\Hewlett-Packard
2010-11-26 11:47:23 ----HD---- C:\ProgramData
2010-11-26 05:55:06 ----D---- C:\Windows\Panther
2010-11-26 05:52:26 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-26 03:36:13 ----D---- C:\Windows\rescache
2010-11-26 03:34:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-26 03:33:35 ----D---- C:\Windows\system32\en-US
2010-11-26 03:32:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 03:32:31 ----D---- C:\Program Files\CyberLink
2010-11-26 03:30:20 ----D---- C:\Program Files\Microsoft Office
2010-11-26 03:30:20 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-26 03:29:25 ----D---- C:\ProgramData\WildTangent
2010-11-26 03:27:53 ----D---- C:\Program Files\Yahoo!
2010-11-26 03:27:01 ----D---- C:\ProgramData\Symantec
2010-11-26 03:25:05 ----RSD---- C:\Windows\assembly
2010-11-26 03:21:29 ----D---- C:\Program Files\Java
2010-11-26 03:09:45 ----D---- C:\ProgramData\Hewlett-Packard
2010-11-26 03:09:05 ----SHD---- C:\$Recycle.Bin
2010-11-26 03:08:48 ----D---- C:\Windows\system
2010-11-26 03:06:16 ----D---- C:\Windows\system32\restore
2010-11-26 03:05:41 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-10-26 110624]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2009-07-14 1443584]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-30 9803464]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-12 25760]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-12-07 07:17:18

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 7-->C:\Program Files\AIM\uninst.exe
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFAD41A9-9687-48A3-848F-693C11451433}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LightScribe System Software 1.10.16.1-->MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LightScribe Template Labeler-->MsiExec.exe /X{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}\muveesetup.exe -removeonly -runfromtemp
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}

======Security center information======

AV: avast! Antivirus
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Windows Defender
AS: Norton Internet Security (outdated)
AS: avast! Antivirus

======System event log======

Computer Name: chrisnnena-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance.
Record Number: 20425
Source Name: ACPI
Time Written: 20101207115626.812002-000
Event Type: Error
User:

Computer Name: chrisnnena-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance.
Record Number: 20426
Source Name: ACPI
Time Written: 20101207115626.812002-000
Event Type: Error
User:

Computer Name: chrisnnena-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
Record Number: 20427
Source Name: ACPI
Time Written: 20101207115626.812002-000
Event Type: Error
User:

Computer Name: chrisnnena-PC
Event Code: 1000
Message: CBS Client initialization failed. Last error: 0x80070422
Record Number: 20512
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20101207121157.097939-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: chrisnnena-PC
Event Code: 1001
Message: Application initialization failed. Last error: 0x80004005
Record Number: 20513
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20101207121157.098939-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: chrisnnena-PC
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6000.16386, time stamp 0x4549b091, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc000001d, fault offset 0x0003a738, process id 0x9a8, application start time 0x01cb960488b55423.
Record Number: 3143
Source Name: Application Error
Time Written: 20101207114736.000000-000
Event Type: Error
User:

Computer Name: chrisnnena-PC
Event Code: 1000
Message: Faulting application svchost.exe_WinDefend, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x00043a93, process id 0x394, application start time 0x01cb9604e5669a95.
Record Number: 3150
Source Name: Application Error
Time Written: 20101207115010.000000-000
Event Type: Error
User:

Computer Name: chrisnnena-PC
Event Code: 0
Message:
Record Number: 3154
Source Name: AtBroker
Time Written: 20101207115018.000000-000
Event Type: Warning
User:

Computer Name: chrisnnena-PC
Event Code: 0
Message:
Record Number: 3155
Source Name: AtBroker
Time Written: 20101207115018.000000-000
Event Type: Warning
User:

Computer Name: chrisnnena-PC
Event Code: 0
Message:
Record Number: 3156
Source Name: AtBroker
Time Written: 20101207115019.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: chrisnnena-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CHRISNNENA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-352484174-1341986189-1462360868-1000
Account Name: chrisnnena
Account Domain: chrisnnena-PC
Logon ID: 0x47c02
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x35c
Process Name: C:\WINDOWS\System32\winlogon.exe

Network Information:
Workstation Name: CHRISNNENA-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127003532.738137-000
Event Type: Audit Success
User:

Computer Name: chrisnnena-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CHRISNNENA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-352484174-1341986189-1462360868-1000
Account Name: chrisnnena
Account Domain: chrisnnena-PC
Logon ID: 0x47c25
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x35c
Process Name: C:\WINDOWS\System32\winlogon.exe

Network Information:
Workstation Name: CHRISNNENA-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 828
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127003532.738137-000
Event Type: Audit Success
User:

Computer Name: chrisnnena-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-352484174-1341986189-1462360868-1000
Account Name: chrisnnena
Account Domain: chrisnnena-PC
Logon ID: 0x47c02

Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
Record Number: 829
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127003532.738137-000
Event Type: Audit Success
User:

Computer Name: chrisnnena-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 830
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127004748.321770-000
Event Type: Audit Failure
User:

Computer Name: chrisnnena-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: CHRISNNENA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x290
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 831
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127024223.119680-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services

-----------------EOF-----------------
ncbasser
Active Member
 
Posts: 7
Joined: December 1st, 2010, 9:07 pm

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 7th, 2010, 4:53 pm

We had the system restored with recovery disk

Did you have service packs prior to this?

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Norton Internet Security (outdated)


Lets get rid of Norton first.

Remove Norton

Please go to this -page- and select the product you have

    1 Download the Norton Removal Tool.
    Save the file to the Windows desktop.
    2 On the Windows desktop, double-click the Norton Removal Tool icon.
    3 Follow the on-screen instructions.
    Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Once done please re-run RSIT and post the one log it produces this time.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Tons of problem with the BSOD

Unread postby ncbasser » December 7th, 2010, 5:27 pm

Yes we had SP2 prior to this. Here is RSIT log.

Logfile of random's system information tool 1.08 (written by random/random)
Run by chrisnnena at 2010-12-07 16:37:05
Microsoft® Windows Vista™ Home Premium
System drive C: has 275 GB (93%) free of 296 GB
Total RAM: 2942 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:37:09 PM, on 12/7/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\chrisnnena\Desktop\RSIT.exe
C:\Program Files\trend micro\chrisnnena.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4104 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-26 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-10 1006264]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-22 526880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2006-11-02 1196032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-07 07:17:14 ----D---- C:\rsit
2010-12-07 07:17:14 ----D---- C:\Program Files\trend micro
2010-12-06 09:41:05 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-06 09:41:05 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-06 09:41:04 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-06 09:41:04 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-06 09:41:03 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-06 09:40:44 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-02 00:54:24 ----A---- C:\Program Files\uninstall_list.txt
2010-11-29 17:22:45 ----D---- C:\perflogs
2010-11-29 15:39:40 ----RASH---- C:\MSDOS.SYS
2010-11-29 15:39:40 ----RASH---- C:\IO.SYS
2010-11-27 07:34:00 ----D---- C:\Windows\CheckSur
2010-11-27 05:57:08 ----D---- C:\Users\chrisnnena\AppData\Roaming\InstallShield
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkAPO.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-11-27 05:55:21 ----A---- C:\Windows\RtlUpd.exe
2010-11-27 05:55:21 ----A---- C:\Windows\RtHDVCpl.exe
2010-11-27 05:53:13 ----A---- C:\FINIS_IT.TXT
2010-11-27 05:49:05 ----D---- C:\Users\chrisnnena\AppData\Roaming\WinBatch
2010-11-26 13:05:31 ----D---- C:\Users\chrisnnena\AppData\Roaming\Adobe
2010-11-26 11:47:32 ----D---- C:\Users\chrisnnena\AppData\Roaming\acccore
2010-11-26 11:47:23 ----D---- C:\ProgramData\AIM
2010-11-26 11:47:21 ----D---- C:\Program Files\AIM
2010-11-26 11:47:20 ----D---- C:\Program Files\Common Files\AOL
2010-11-26 05:53:02 ----D---- C:\Windows\SoftwareDistribution
2010-11-26 05:51:00 ----SHD---- C:\System Volume Information
2010-11-26 05:50:29 ----D---- C:\Windows\Minidump
2010-11-26 05:47:21 ----ASH---- C:\pagefile.sys
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP5530.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP50dd.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP4aa6.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP3b4a.tmp
2010-11-26 04:11:17 ----N---- C:\Windows\system32\MpSigStub.exe
2010-11-26 03:54:21 ----D---- C:\Program Files\CCleaner
2010-11-26 03:53:04 ----D---- C:\Users\chrisnnena\AppData\Roaming\Malwarebytes
2010-11-26 03:52:58 ----D---- C:\ProgramData\Malwarebytes
2010-11-26 03:52:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-26 03:52:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-26 03:52:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-26 03:46:33 ----D---- C:\ProgramData\Alwil Software
2010-11-26 03:46:33 ----D---- C:\Program Files\Alwil Software
2010-11-26 03:38:46 ----D---- C:\Users\chrisnnena\AppData\Roaming\Mozilla
2010-11-26 03:38:37 ----D---- C:\Program Files\Mozilla Firefox
2010-11-26 03:30:31 ----A---- C:\Windows\system32\wintrust.dll
2010-11-26 03:30:28 ----A---- C:\Windows\system32\cabview.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wups2.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wucltux.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wuaueng.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wuauclt.exe
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wups.dll
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wudriver.dll
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wuapi.dll
2010-11-26 03:23:35 ----A---- C:\Windows\system32\wuwebv.dll
2010-11-26 03:23:35 ----A---- C:\Windows\system32\wuapp.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\javaws.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\javaw.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\java.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\deployJava1.dll
2010-11-26 03:11:33 ----D---- C:\Windows\pss
2010-11-26 03:09:14 ----D---- C:\Users\chrisnnena\AppData\Roaming\Snapfish
2010-11-26 03:08:53 ----D---- C:\Users\chrisnnena\AppData\Roaming\Identities
2010-11-26 03:08:04 ----D---- C:\Users\chrisnnena\AppData\Roaming\Macromedia
2010-11-26 03:07:50 ----D---- C:\Users\chrisnnena\AppData\Roaming\Hewlett-Packard
2010-11-26 03:05:41 ----SD---- C:\Users\chrisnnena\AppData\Roaming\Microsoft
2010-11-26 03:05:41 ----D---- C:\Users\chrisnnena\AppData\Roaming\Media Center Programs
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Templates
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Start Menu
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Favorites
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Documents
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Desktop
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Application Data
2010-11-26 03:02:27 ----SHD---- C:\Documents and Settings

======List of files/folders modified in the last 1 months======

2010-12-07 16:37:03 ----D---- C:\Windows\Temp
2010-12-07 16:36:39 ----D---- C:\Windows\SMINST
2010-12-07 16:34:51 ----HD---- C:\ProgramData
2010-12-07 16:33:22 ----D---- C:\Windows\Prefetch
2010-12-07 14:42:24 ----D---- C:\WINDOWS
2010-12-07 07:17:14 ----D---- C:\Program Files
2010-12-06 11:47:30 ----D---- C:\Windows\System32
2010-12-06 11:47:30 ----D---- C:\Windows\inf
2010-12-06 11:47:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-06 09:41:05 ----D---- C:\Windows\system32\drivers
2010-12-06 09:40:51 ----SHD---- C:\Windows\Installer
2010-12-06 09:07:38 ----D---- C:\Windows\system32\LogFiles
2010-12-06 08:14:20 ----D---- C:\Windows\system32\Tasks
2010-12-04 17:10:16 ----D---- C:\Windows\system32\WDI
2010-12-02 21:00:37 ----D---- C:\Windows\system32\catroot
2010-12-02 20:30:01 ----D---- C:\ProgramData\NVIDIA
2010-12-02 14:17:22 ----D---- C:\Windows\system32\catroot2
2010-12-02 08:57:05 ----D---- C:\Windows\LiveKernelReports
2010-11-29 15:09:04 ----HD---- C:\hp
2010-11-29 14:18:57 ----D---- C:\Windows\Debug
2010-11-27 11:00:28 ----SD---- C:\ProgramData\Microsoft
2010-11-27 06:25:16 ----D---- C:\Program Files\Common Files
2010-11-27 05:55:45 ----D---- C:\Windows\system32\RTCOM
2010-11-27 05:55:24 ----A---- C:\Windows\DIFxAPI.dll
2010-11-27 05:52:33 ----D---- C:\Windows\winsxs
2010-11-27 05:52:02 ----D---- C:\Program Files\Hewlett-Packard
2010-11-26 05:55:06 ----D---- C:\Windows\Panther
2010-11-26 05:52:26 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-26 03:36:13 ----D---- C:\Windows\rescache
2010-11-26 03:34:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-26 03:33:35 ----D---- C:\Windows\system32\en-US
2010-11-26 03:32:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 03:32:31 ----D---- C:\Program Files\CyberLink
2010-11-26 03:30:20 ----D---- C:\Program Files\Microsoft Office
2010-11-26 03:30:20 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-26 03:29:25 ----D---- C:\ProgramData\WildTangent
2010-11-26 03:27:53 ----D---- C:\Program Files\Yahoo!
2010-11-26 03:25:05 ----RSD---- C:\Windows\assembly
2010-11-26 03:21:29 ----D---- C:\Program Files\Java
2010-11-26 03:09:45 ----D---- C:\ProgramData\Hewlett-Packard
2010-11-26 03:09:05 ----SHD---- C:\$Recycle.Bin
2010-11-26 03:08:48 ----D---- C:\Windows\system
2010-11-26 03:06:16 ----D---- C:\Windows\system32\restore
2010-11-26 03:05:41 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-10-26 110624]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2009-07-14 1443584]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-30 9803464]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-12 25760]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]

-----------------EOF-----------------
ncbasser
Active Member
 
Posts: 7
Joined: December 1st, 2010, 9:07 pm

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 8th, 2010, 6:18 am

So far so good,I am just checking you are Malware free, before we go too much further. Apart from the BSOD’s and the Service Packs not installing are you noticing any other issues?

I see that you have Malwarebytes' Anti-Malware installed. Have you used this, and more importantly did it find anything? If it did please post the log it produced.

I would like you to run an online scan for me please.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please reply with:-
  • Eset log
  • MBAM log (if applicable)
  • Answer to questions
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Tons of problem with the BSOD

Unread postby ncbasser » December 8th, 2010, 9:51 am

Hi muppy,

To answer your first question, every time I open Windows Update I click Check for updates... keep getting red shield "Windows could not search for new updates"

And a few time while surfing I get Microsoft Windows pop up saying Desktop Window Manager has stopped working.

As for Malwarebytes' Anti-Malware it didn't find anything.

Here's Eset log...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=330dce0e098fe14cb5656bdd77f73f17
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-08 01:37:45
# local_time=2010-12-08 08:37:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=770 16774141 100 100 0 67597654 0 0
# compatibility_mode=5892 16776573 100 100 0 128420510 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=112620
# found=0
# cleaned=0
# scan_time=2482
ncbasser
Active Member
 
Posts: 7
Joined: December 1st, 2010, 9:07 pm

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 9th, 2010, 6:42 am

Well your problem does not appear to be malware related. :(

One of the Masters here had a similar problem and had to download SP 1 manually, it needs to be in place before SP2 can be installed.

He went here to do this.

I feel your other option is a complete reformat and fresh install of the operating system. You state that you had the “system restored with recovery disk”. I am not completely sure what you mean by this, was it an R & R or a repair?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Tons of problem with the BSOD

Unread postby ncbasser » December 11th, 2010, 5:51 pm

Hi muppy,

I've done both R & R and repair. Its gotten worse after that.

Per start up I've been getting the same windows updates (securtiy update for windows vista) was installed (success) but same installed updates keep returning after per shut down or crashed. Same with the MS .NET Framework 3.5 SP1 & .NET Framework 3.5 Family Update failed EVERY time since 11/27... Seem like the previous pre-installed Vista is running in the background with the recovery vista bloated the hard disk. I don't know. It irritating me! I've downloaded SP1 from MS site. Same thing- failed. Now I'm left without it. I'm not a computer whiz so I don't know what else to do.
ncbasser
Active Member
 
Posts: 7
Joined: December 1st, 2010, 9:07 pm

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 11th, 2010, 7:32 pm

To do complete R & R everything needs to be wiped from the computer, sounds like you have reinstalled over the existing problems.

Most computers have a recovery partition that you can use to return your computer to how it was when first received. This is, if you have one, your best option. Alternately if using disks you need to boot the computer from the disks to do this. It cannot be done when the computer is already turned on with windows loaded. If using disks you need to make sure that you have a “drivers” disk as they are loaded separately.

In either option above All Data that you need to keep will have to be backed up as IT WILL BE LOST.

Here at MRU we primarily deal with Malware, but there are other general tech help sites that will be able to assist you and answer your questions. I will list a few below. Like MRU they are free.

Tech help sites.

Tech Support Guy
Tech Support Forum
The Elder Geek on Windows
BleepingComputer.com
WhattheTech...formerly TomCoyote[/quote]

I hope all works out, and sorry I have not been much help to you.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Tons of problem with the BSOD

Unread postby ncbasser » December 11th, 2010, 8:31 pm

My wife did call HP support to see if they could help us with this issue when it started. The first person she spoke with walked her through a complete restore by wiping clean and using the disks to reinstall. The first disk was inserted into the computer before it was wiped clean and since it was going to take a while to delete everything he let us go but did explain that the computer would ask for disk 2 and then disk 3 and to just follow directions on the monitor. On disk 3 at 99% the computer shut down and so I kept trying, starting with disk 1 again and finally it finished. Still kept getting the BSODs so called back and a lady walked us through a restore using the partition which we were told was the backup on the hard drive. So obviously it wasnt completely wiped clean the first time. She doesnt remember exact steps the first support person had us do but it involved tapping the esc key at startup and then she remembers having to keep tapping the backspace key. Do either of those sound like the process of a complete restore?

The other day I was running a hardware diagnostic and noticed there were 2 partitions in C drive and one in D drive.

I understand that this site deals with Malware and I appreciate your time and the links to the other tech help sites.
ncbasser
Active Member
 
Posts: 7
Joined: December 1st, 2010, 9:07 pm

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 12th, 2010, 7:01 pm

I would hate to guess at what is happening but if working with HP did not solve the problem then something else must be going on. Sounds like she got you to reset the computer back to factory default using the HP hidden partition. Having 2 partitions in c drive is perfectly normal, D drive could be the restore partition.

Although using a registry cleaner might have caused initial problems that would have been corrected with the Re install.

You might need to take the computer somewhere and see it they can do the Reinstall and get them to update while they are at it.

I wish I could give you an answer as to what is happening, unfortunately technical help is beyond my ability and I would hate to lead you down the wrong path.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Tons of problem with the BSOD

Unread postby muppy03 » December 15th, 2010, 4:31 pm

This topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 261 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware