Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Nissi1

Pages: [1]
1
Hello, my issues began when I started updating Palemoon, my default browser.  During the update I received the following notice:  Controlled folder access blocked C:\Program....\Palemoon.exe from making changes to the folder %userprofile%\Desktop

Later I noticed I could not download anything, even with FireFox. Sites I had used for years was suddenly blocked by the firewall (I also received firewall notices that these sites were blocked due to changes made to my profile). Then I did something really stupid, to download I not only disabled my ad blockers but also excluded the website from the firewall block. This is when the alerts started in Palemoon.  The first alert appeared to be from TimeWarner/Spectrum, my cable/internet company directing me to immediately call, blah, blah. I did so but used the telephone number on my bill. They said the alert did not come from them.  I then ran MBAM and Windows Defender.  Nothing was found. Then the audio alerts began and a tab opened with a blue background and white writing: 

"A problem has been detected and Window has been shutdown to prevent damage to your computer."  Then there is some "Technical Information" and "Memory Dump" "Contact your technical support." etc.

I am using Firefox to communicate with you, I only hope it gets through the firewall.

Thank you.

2
Security Software Programs / Continuous Alert
« on: July 19, 2012, 04:16:10 PM »
Hello,

I updated FireFox and received a 'WinPatrol has detected the Windows Remove, Repair or Uninstall function has been removed for a program" popup alert.  However, the alert is continuous.  My only means of stopping the alert popups was to uncheck the 'Uninstall Alerts' notification which I feel my computer should have.  Is there another fix for this problem?

Thank you.

3
Suggestions and Site Feedback / Repair Information Needed
« on: November 21, 2010, 05:09:28 PM »
Happy Holidays to the Landzdown Community,

A year ago a neighbor, who did not have any computer knowledge, bought a computer fully loaded with bootleg programs: XP Professional, the total Word 2007 package, video editing programs, games, etc., from a computer repair and sales store.  Today, Windows Genuine Advantage displays a warning about the bootleg copy of XP Professional also he cannot access the internet, which his provider has determined the issue is not with the line but perhaps a virus.

I have suggested he purchase a new copy of Windows and have a reputable company repair his computer, clean the hard drive and install the new OS.  We live in New York City and I need suggestions of repair companies with reasonable prices to do the job.  I have heard of Geek Squad but have no further information about them.

Any information provided will be greatly appreciated.

Nissi1

4
Analysis and Malware Removal / It began with a mysterious toolbar
« on: April 29, 2010, 09:19:37 PM »
Hello,

A week ago after completing a banking transaction, I exited the private browsing window in FireFox and discovered a new toolbar had been added to the second window beneath.  I ran MBAM, OneCare (my resident security app.) and SAS, but found nothing.  I restored to remove the toolbar, but when the computer booted up, in place of the wallpaper there was a black screen instead.   Since only the desktop screen was affected and I was not in safe mode, I restored again to no avail.  Finally I installed another wallpaper and this seemed to be the solution.  FireFox began crashing constantly and I was forced to uninstall and reinstall it.

After this my computer took longer and longer to boot up.  Today I turned it on and because it could not boot up, it began repairing itself by restoring to an earlier point.  (A popup indicated all of this.)  Ten minutes later it finally booted up, although two FF add-ons were missing.  

I finally discovered the toolbar was part of a music download and convert program I have been using for the past year.  As part of its latest update a nag screen was added hawking this toolbar.  It continues to be a mystery how the toolbar was installed since I had not used the program in over a week before the incident.  

With all that has happened I thought it prudent to seek further assistance, especially since I am now reluctant to turn off my computer.  I ran MBAM again today and found nothing.  Nothing else was done.  

Thank you.


Logfile of random's system information tool 1.06 (written by random/random)
Run by ZANDRA JONES at 2010-04-29 16:44:42
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 154 GB (67%) free of 228 GB
Total RAM: 3006 MB (56% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3728476250-1701664626-1355148271-1001Core.job
C:\Windows\tasks\User_Feed_Synchronization-{60FF668E-BFFB-457E-9FBB-8765E0A01407}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{981FE6A8-260C-4930-960F-C3BC82746CB0}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2010-02-05 65256]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"Immunet Protect"=C:\Program Files\Immunet Protect\1.0.26\iptray.exe [2010-04-13 1315656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ZANDRA JONES^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wkcalrem.LNK]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\WkCalRem.exe [2006-06-05 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-29 16:44:42 ----D---- C:\rsit
2010-04-29 16:44:42 ----D---- C:\Program Files\trend micro
2010-04-29 14:02:35 ----D---- C:\Program Files\SpywareBlaster
2010-04-29 12:54:00 ----D---- C:\Program Files\ERUNT
2010-04-21 16:45:42 ----D---- C:\Users\ZANDRA JONES\AppData\Roaming\Mozilla
2010-04-21 16:45:28 ----D---- C:\Program Files\Mozilla Firefox
2010-04-18 14:51:31 ----D---- C:\Program Files\AnvSoft
2010-04-16 15:34:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-15 17:29:56 ----D---- C:\ProgramData\Sun
2010-04-15 17:28:49 ----A---- C:\Windows\system32\javaws.exe
2010-04-15 17:28:49 ----A---- C:\Windows\system32\javaw.exe
2010-04-15 17:28:49 ----A---- C:\Windows\system32\java.exe
2010-04-15 17:28:49 ----A---- C:\Windows\system32\deployJava1.dll
2010-04-15 17:23:29 ----D---- C:\Program Files\DVDVideoSoft
2010-04-15 16:25:09 ----A---- C:\Windows\system32\RENCDFF.tmp
2010-04-15 16:25:09 ----A---- C:\Windows\system32\RENCDFE.tmp
2010-04-15 16:25:09 ----A---- C:\Windows\system32\RENCDED.tmp
2010-04-14 08:36:33 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 08:36:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 08:36:26 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 08:36:20 ----A---- C:\Windows\system32\vbscript.dll
2010-04-13 16:52:09 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 16:52:01 ----A---- C:\Windows\system32\wintrust.dll
2010-04-13 02:16:48 ----D---- C:\Program Files\Immunet Protect
2010-03-31 08:19:20 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 08:19:19 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 08:19:18 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 08:19:18 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 08:19:17 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 08:19:17 ----A---- C:\Windows\system32\occache.dll
2010-03-31 08:19:17 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 08:19:17 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 08:19:17 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 08:19:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 08:19:16 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 08:19:16 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-31 08:19:15 ----A---- C:\Windows\system32\iernonce.dll

======List of files/folders modified in the last 1 months======

2010-04-29 16:44:42 ----D---- C:\Windows\Prefetch
2010-04-29 16:44:42 ----D---- C:\Program Files
2010-04-29 16:26:55 ----D---- C:\Windows\Temp
2010-04-29 14:07:20 ----AD---- C:\ProgramData\TEMP
2010-04-29 13:44:02 ----D---- C:\Windows\system32\config
2010-04-29 13:43:52 ----D---- C:\Windows\Tasks
2010-04-29 13:43:52 ----D---- C:\Windows\system32\Tasks
2010-04-29 13:43:52 ----D---- C:\Windows\system32\spool
2010-04-29 13:43:52 ----D---- C:\Windows\system32\Msdtc
2010-04-29 13:43:52 ----D---- C:\Windows\system32\catroot2
2010-04-29 13:43:52 ----D---- C:\Windows
2010-04-29 13:43:44 ----D---- C:\Windows\system32\wbem
2010-04-29 13:43:44 ----D---- C:\Windows\registration
2010-04-29 09:52:48 ----D---- C:\Windows\System32
2010-04-29 09:52:48 ----D---- C:\Windows\inf
2010-04-29 09:52:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-29 09:47:08 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2010-04-28 17:02:07 ----SHD---- C:\System Volume Information
2010-04-28 03:01:24 ----D---- C:\Windows\winsxs
2010-04-28 00:25:40 ----D---- C:\Windows\system32\catroot
2010-04-24 22:58:11 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-04-24 22:32:43 ----SD---- C:\ProgramData\Microsoft
2010-04-24 21:49:27 ----HD---- C:\ProgramData
2010-04-23 05:20:36 ----SHD---- C:\Windows\Installer
2010-04-23 05:20:34 ----D---- C:\Windows\system32\drivers
2010-04-22 20:37:39 ----D---- C:\Windows\Debug
2010-04-22 17:34:26 ----D---- C:\Windows\AppPatch
2010-04-22 07:49:21 ----D---- C:\Program Files\Microsoft ATS
2010-04-21 10:56:48 ----SHD---- C:\$Recycle.Bin
2010-04-21 10:20:09 ----D---- C:\Program Files\Internet Explorer
2010-04-19 13:58:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-18 14:51:42 ----D---- C:\Users\ZANDRA JONES\AppData\Roaming\AnvSoft
2010-04-15 17:29:55 ----D---- C:\Program Files\Common Files\Java
2010-04-15 17:27:50 ----D---- C:\Program Files\Java
2010-04-15 08:57:41 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-15 07:03:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-14 08:59:36 ----D---- C:\Program Files\Windows Mail
2010-04-12 22:54:40 ----D---- C:\Program Files\CCleaner
2010-04-09 17:48:44 ----D---- C:\Users\ZANDRA JONES\AppData\Roaming\Windows Live Writer
2010-04-06 10:52:56 ----A---- C:\Windows\system32\mrt.exe
2010-03-31 09:02:48 ----D---- C:\Windows\system32\migration
2010-03-30 15:22:46 ----D---- C:\Program Files\Microsoft Office
2010-03-30 15:22:46 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-30 15:21:46 ----D---- C:\Users\ZANDRA JONES\AppData\Roaming\SoftGrid Client
2010-03-30 00:08:30 ----D---- C:\Windows\pss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-09 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 ImmunetMonitorDriver;ImmunetMonitorDriver; C:\Windows\system32\DRIVERS\ImmunetMonitor.sys [2010-04-13 20040]
R1 ImmunetProtectDriver;ImmunetProtectDriver; C:\Windows\system32\DRIVERS\ImmunetProtect.sys [2010-04-13 38856]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver; C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys [2010-04-13 29640]
R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-22 66632]
R1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [2010-04-12 95024]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-08 4456416]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-06-10 33352]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-10 326656]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2008-01-19 11264]
R2 ImmunetProtect;Immunet Protect; C:\Program Files\Immunet Protect\1.0.26\agent.exe [2010-04-13 717552]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2010-02-05 26120]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-10 94208]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2010-02-05 1141112]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe []
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe []

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-04-29 16:44:45

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x9 -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x9 -u
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Agent Ransack Version 1.7.3-->"C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe"
Any Video Converter 3.0.5-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.3-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Immunet Protect-->"C:\Program Files\Immunet Protect\1.0.26\uninstall.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service-->MsiExec.exe /I{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Live OneCare Resources v2.5.2900.30-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.30-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Revo Uninstaller 1.87-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
runtime-->MsiExec.exe /I{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WOT for Internet Explorer-->MsiExec.exe /X{DB6BD5D5-8482-45C0-99CF-745C5B924497}

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: AdwareAlert (disabled)

======System event log======

Computer Name: ZANDRAJONES-PC
Event Code: 412
Message: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
Record Number: 346392
Source Name: Microsoft-Windows-TaskScheduler
Time Written: 20091016183950.686321-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: ZANDRAJONES-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 346390
Source Name: volmgr
Time Written: 20091016183940.562064-000
Event Type: Error
User:

Computer Name: ZANDRAJONES-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 346384
Source Name: volmgr
Time Written: 20091016183935.382831-000
Event Type: Error
User:

Computer Name: ZANDRAJONES-PC
Event Code: 15301
Message: SSL Certificate Settings created by an admin process for Port : 192.168.1.46:63331 .
Record Number: 346279
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091016123532.899333-000
Event Type: Warning
User:

Computer Name: ZANDRAJONES-PC
Event Code: 15300
Message: SSL Certificate Settings deleted for Port : 192.168.1.46:63331 .
Record Number: 346278
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091016123532.727733-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: ZANDRAJONES-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {931d5e9c-157a-4dad-8348-78191b66699b}
Record Number: 59325
Source Name: VSS
Time Written: 20090106234737.000000-000
Event Type: Error
User:

Computer Name: ZANDRAJONES-PC
Event Code: 3013
Message: The entry <C:\WINDOWS\INF\WMIAPRPL\WMIAPRPL.H> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Record Number: 59315
Source Name: Microsoft-Windows-Search
Time Written: 20090106165736.000000-000
Event Type: Error
User:

Computer Name: ZANDRAJONES-PC
Event Code: 3013
Message: The entry <C:\WINDOWS\INF\WMIAPRPL\WMIAPRPL.H> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Record Number: 59314
Source Name: Microsoft-Windows-Search
Time Written: 20090106165736.000000-000
Event Type: Error
User:

Computer Name: ZANDRAJONES-PC
Event Code: 1002
Message: The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: f9c Start Time: 01c96d25999e6280 Termination Time: 7
Record Number: 59157
Source Name: Application Hang
Time Written: 20090102220121.000000-000
Event Type: Error
User:

Computer Name: ZANDRAJONES-PC
Event Code: 1000
Message: Faulting application wlmail.exe, version 12.0.1606.1023, time stamp 0x471e44f8, faulting module MAILCOMM.dll, version 12.0.1606.1023, time stamp 0x471e44e3, exception code 0xc0000005, fault offset 0x0002f3ff, process id 0xa50, application start time 0x01c96d028e288980.
Record Number: 59150
Source Name: Application Error
Time Written: 20090102181336.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: ZANDRAJONES-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 506426
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119201153.173123-000
Event Type: Audit Success
User:

Computer Name: ZANDRAJONES-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      ZANDRAJONES-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x234
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:   
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi  
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 506425
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119201153.173123-000
Event Type: Audit Success
User:

Computer Name: ZANDRAJONES-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
   Security ID:      S-1-5-18
   Account Name:      ZANDRAJONES-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Target Server:
   Target Server Name:   localhost
   Additional Information:   localhost

Process Information:
   Process ID:      0x234
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Network Address:   -
   Port:         -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 506424
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119201153.173123-000
Event Type: Audit Success
User:

Computer Name: ZANDRAJONES-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-21-3728476250-1701664626-1355148271-1001
   Account Name:      ZANDRA JONES
   Account Domain:      ZANDRAJONES-PC
   Logon ID:      0x1becf

Privileges:      SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 506423
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119201152.785123-000
Event Type: Audit Success
User:

Computer Name: ZANDRAJONES-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      ZANDRAJONES-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         2

New Logon:
   Security ID:      S-1-5-21-3728476250-1701664626-1355148271-1001
   Account Name:      ZANDRA JONES
   Account Domain:      ZANDRAJONES-PC
   Logon ID:      0x1bf18
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x298
   Process Name:      C:\Windows\System32\winlogon.exe

Network Information:
   Workstation Name:   ZANDRAJONES-PC
   Source Network Address:   127.0.0.1
   Source Port:      0

Detailed Authentication Information:
   Logon Process:      User32
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 506422
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119201152.785123-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=4b02
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------




Pages: [1]