Appreciated you come to my rescue. Just so you know, after two of RSIT logs opened the windows toolbar on bottom turns all white.
Here's Security Application then RSIT logs
Results of screen317's Security Check version 0.99.6
Windows Vista (UAC is enabled)
Out of date service pack!! Internet Explorer 7
Out of date! ``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Enabled!
avast! Free Antivirus
Antivirus out of date! ```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.0
Out of date Adobe Reader installed! Mozilla Firefox (3.6.12)
````````````````````````````````
Process Check:
objlist.exe by Laurent Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?) ``````````End of Log```````````` -------------------------------------------------------------------------------------------------------------------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by chrisnnena at 2010-12-07 07:17:14
Microsoft® Windows Vista™ Home Premium
System drive C: has 275 GB (93%) free of 296 GB
Total RAM: 2942 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:17 AM, on 12/7/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chrisnnena\Desktop\RSIT.exe
C:\Program Files\trend micro\chrisnnena.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4349 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-26 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-10 1006264]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-05-22 526880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2006-11-02 1196032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-12-07 07:17:14 ----D---- C:\rsit
2010-12-07 07:17:14 ----D---- C:\Program Files\trend micro
2010-12-06 09:41:05 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-06 09:41:05 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-06 09:41:04 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-06 09:41:04 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-06 09:41:03 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-06 09:40:44 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-02 00:54:24 ----A---- C:\Program Files\uninstall_list.txt
2010-11-29 17:22:45 ----D---- C:\perflogs
2010-11-29 15:39:40 ----RASH---- C:\MSDOS.SYS
2010-11-29 15:39:40 ----RASH---- C:\IO.SYS
2010-11-27 07:34:00 ----D---- C:\Windows\CheckSur
2010-11-27 05:57:08 ----D---- C:\Users\chrisnnena\AppData\Roaming\InstallShield
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\RtkAPO.dll
2010-11-27 05:55:21 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-11-27 05:55:21 ----A---- C:\Windows\RtlUpd.exe
2010-11-27 05:55:21 ----A---- C:\Windows\RtHDVCpl.exe
2010-11-27 05:53:13 ----A---- C:\FINIS_IT.TXT
2010-11-27 05:49:05 ----D---- C:\Users\chrisnnena\AppData\Roaming\WinBatch
2010-11-26 13:05:31 ----D---- C:\Users\chrisnnena\AppData\Roaming\Adobe
2010-11-26 11:47:32 ----D---- C:\Users\chrisnnena\AppData\Roaming\acccore
2010-11-26 11:47:23 ----D---- C:\ProgramData\AIM
2010-11-26 11:47:21 ----D---- C:\Program Files\AIM
2010-11-26 11:47:20 ----D---- C:\Program Files\Common Files\AOL
2010-11-26 05:53:02 ----D---- C:\Windows\SoftwareDistribution
2010-11-26 05:51:00 ----SHD---- C:\System Volume Information
2010-11-26 05:50:29 ----D---- C:\Windows\Minidump
2010-11-26 05:47:21 ----ASH---- C:\pagefile.sys
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP5530.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP50dd.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP4aa6.tmp
2010-11-26 05:47:21 ----A---- C:\Windows\DUMP3b4a.tmp
2010-11-26 04:11:17 ----N---- C:\Windows\system32\MpSigStub.exe
2010-11-26 03:54:21 ----D---- C:\Program Files\CCleaner
2010-11-26 03:53:04 ----D---- C:\Users\chrisnnena\AppData\Roaming\Malwarebytes
2010-11-26 03:52:58 ----D---- C:\ProgramData\Malwarebytes
2010-11-26 03:52:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-26 03:52:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-26 03:52:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-26 03:46:33 ----D---- C:\ProgramData\Alwil Software
2010-11-26 03:46:33 ----D---- C:\Program Files\Alwil Software
2010-11-26 03:38:46 ----D---- C:\Users\chrisnnena\AppData\Roaming\Mozilla
2010-11-26 03:38:37 ----D---- C:\Program Files\Mozilla Firefox
2010-11-26 03:30:31 ----A---- C:\Windows\system32\wintrust.dll
2010-11-26 03:30:28 ----A---- C:\Windows\system32\cabview.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wups2.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wucltux.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wuaueng.dll
2010-11-26 03:24:09 ----A---- C:\Windows\system32\wuauclt.exe
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wups.dll
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wudriver.dll
2010-11-26 03:23:51 ----A---- C:\Windows\system32\wuapi.dll
2010-11-26 03:23:35 ----A---- C:\Windows\system32\wuwebv.dll
2010-11-26 03:23:35 ----A---- C:\Windows\system32\wuapp.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\javaws.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\javaw.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\java.exe
2010-11-26 03:21:50 ----A---- C:\Windows\system32\deployJava1.dll
2010-11-26 03:11:33 ----D---- C:\Windows\pss
2010-11-26 03:09:14 ----D---- C:\Users\chrisnnena\AppData\Roaming\Snapfish
2010-11-26 03:08:53 ----D---- C:\Users\chrisnnena\AppData\Roaming\Identities
2010-11-26 03:08:04 ----D---- C:\Users\chrisnnena\AppData\Roaming\Macromedia
2010-11-26 03:07:50 ----D---- C:\Users\chrisnnena\AppData\Roaming\Hewlett-Packard
2010-11-26 03:05:41 ----SD---- C:\Users\chrisnnena\AppData\Roaming\Microsoft
2010-11-26 03:05:41 ----D---- C:\Users\chrisnnena\AppData\Roaming\Media Center Programs
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Templates
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Start Menu
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Favorites
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Documents
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Desktop
2010-11-26 03:02:27 ----SHD---- C:\ProgramData\Application Data
2010-11-26 03:02:27 ----SHD---- C:\Documents and Settings
======List of files/folders modified in the last 1 months======
2010-12-07 07:17:14 ----D---- C:\Program Files
2010-12-07 07:16:54 ----D---- C:\Windows\Prefetch
2010-12-07 07:16:45 ----D---- C:\Windows\Temp
2010-12-07 06:59:06 ----D---- C:\WINDOWS
2010-12-07 06:57:06 ----D---- C:\Windows\SMINST
2010-12-06 11:47:30 ----D---- C:\Windows\System32
2010-12-06 11:47:30 ----D---- C:\Windows\inf
2010-12-06 11:47:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-06 09:41:05 ----D---- C:\Windows\system32\drivers
2010-12-06 09:40:51 ----SHD---- C:\Windows\Installer
2010-12-06 09:07:38 ----D---- C:\Windows\system32\LogFiles
2010-12-06 08:14:20 ----D---- C:\Windows\system32\Tasks
2010-12-04 17:10:16 ----D---- C:\Windows\system32\WDI
2010-12-02 21:00:37 ----D---- C:\Windows\system32\catroot
2010-12-02 20:30:01 ----D---- C:\ProgramData\NVIDIA
2010-12-02 14:17:22 ----D---- C:\Windows\system32\catroot2
2010-12-02 08:57:05 ----D---- C:\Windows\LiveKernelReports
2010-11-29 15:09:04 ----HD---- C:\hp
2010-11-29 14:18:57 ----D---- C:\Windows\Debug
2010-11-27 11:00:28 ----SD---- C:\ProgramData\Microsoft
2010-11-27 06:25:16 ----D---- C:\Program Files\Common Files
2010-11-27 05:55:45 ----D---- C:\Windows\system32\RTCOM
2010-11-27 05:55:24 ----A---- C:\Windows\DIFxAPI.dll
2010-11-27 05:52:33 ----D---- C:\Windows\winsxs
2010-11-27 05:52:02 ----D---- C:\Program Files\Hewlett-Packard
2010-11-26 11:47:23 ----HD---- C:\ProgramData
2010-11-26 05:55:06 ----D---- C:\Windows\Panther
2010-11-26 05:52:26 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-26 03:36:13 ----D---- C:\Windows\rescache
2010-11-26 03:34:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-26 03:33:35 ----D---- C:\Windows\system32\en-US
2010-11-26 03:32:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 03:32:31 ----D---- C:\Program Files\CyberLink
2010-11-26 03:30:20 ----D---- C:\Program Files\Microsoft Office
2010-11-26 03:30:20 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-26 03:29:25 ----D---- C:\ProgramData\WildTangent
2010-11-26 03:27:53 ----D---- C:\Program Files\Yahoo!
2010-11-26 03:27:01 ----D---- C:\ProgramData\Symantec
2010-11-26 03:25:05 ----RSD---- C:\Windows\assembly
2010-11-26 03:21:29 ----D---- C:\Program Files\Java
2010-11-26 03:09:45 ----D---- C:\ProgramData\Hewlett-Packard
2010-11-26 03:09:05 ----SHD---- C:\$Recycle.Bin
2010-11-26 03:08:48 ----D---- C:\Windows\system
2010-11-26 03:06:16 ----D---- C:\Windows\system32\restore
2010-11-26 03:05:41 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-10-26 110624]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2009-07-14 1443584]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-30 9803464]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-12 25760]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2010-12-07 07:17:18
======Uninstall list======
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 7-->C:\Program Files\AIM\uninst.exe
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFAD41A9-9687-48A3-848F-693C11451433}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LightScribe System Software 1.10.16.1-->MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LightScribe Template Labeler-->MsiExec.exe /X{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}\muveesetup.exe -removeonly -runfromtemp
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
======Security center information======
AV: avast! Antivirus
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Windows Defender
AS: Norton Internet Security (outdated)
AS: avast! Antivirus
======System event log======
Computer Name: chrisnnena-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance.
Record Number: 20425
Source Name: ACPI
Time Written: 20101207115626.812002-000
Event Type: Error
User:
Computer Name: chrisnnena-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance.
Record Number: 20426
Source Name: ACPI
Time Written: 20101207115626.812002-000
Event Type: Error
User:
Computer Name: chrisnnena-PC
Event Code: 6
Message: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
Record Number: 20427
Source Name: ACPI
Time Written: 20101207115626.812002-000
Event Type: Error
User:
Computer Name: chrisnnena-PC
Event Code: 1000
Message: CBS Client initialization failed. Last error: 0x80070422
Record Number: 20512
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20101207121157.097939-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: chrisnnena-PC
Event Code: 1001
Message: Application initialization failed. Last error: 0x80004005
Record Number: 20513
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20101207121157.098939-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: chrisnnena-PC
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6000.16386, time stamp 0x4549b091, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc000001d, fault offset 0x0003a738, process id 0x9a8, application start time 0x01cb960488b55423.
Record Number: 3143
Source Name: Application Error
Time Written: 20101207114736.000000-000
Event Type: Error
User:
Computer Name: chrisnnena-PC
Event Code: 1000
Message: Faulting application svchost.exe_WinDefend, version 6.0.6000.16386, time stamp 0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x00043a93, process id 0x394, application start time 0x01cb9604e5669a95.
Record Number: 3150
Source Name: Application Error
Time Written: 20101207115010.000000-000
Event Type: Error
User:
Computer Name: chrisnnena-PC
Event Code: 0
Message:
Record Number: 3154
Source Name: AtBroker
Time Written: 20101207115018.000000-000
Event Type: Warning
User:
Computer Name: chrisnnena-PC
Event Code: 0
Message:
Record Number: 3155
Source Name: AtBroker
Time Written: 20101207115018.000000-000
Event Type: Warning
User:
Computer Name: chrisnnena-PC
Event Code: 0
Message:
Record Number: 3156
Source Name: AtBroker
Time Written: 20101207115019.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: chrisnnena-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: CHRISNNENA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 2
New Logon:
Security ID: S-1-5-21-352484174-1341986189-1462360868-1000
Account Name: chrisnnena
Account Domain: chrisnnena-PC
Logon ID: 0x47c02
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x35c
Process Name: C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: CHRISNNENA-PC
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127003532.738137-000
Event Type: Audit Success
User:
Computer Name: chrisnnena-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: CHRISNNENA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 2
New Logon:
Security ID: S-1-5-21-352484174-1341986189-1462360868-1000
Account Name: chrisnnena
Account Domain: chrisnnena-PC
Logon ID: 0x47c25
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x35c
Process Name: C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: CHRISNNENA-PC
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 828
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127003532.738137-000
Event Type: Audit Success
User:
Computer Name: chrisnnena-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-21-352484174-1341986189-1462360868-1000
Account Name: chrisnnena
Account Domain: chrisnnena-PC
Logon ID: 0x47c02
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
Record Number: 829
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127003532.738137-000
Event Type: Audit Success
User:
Computer Name: chrisnnena-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 830
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127004748.321770-000
Event Type: Audit Failure
User:
Computer Name: chrisnnena-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: CHRISNNENA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x290
Process Name: C:\WINDOWS\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 831
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101127024223.119680-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
-----------------EOF-----------------