When running under one user, will gett system tool spyware alert, whole screen is covered and overides anything I am doing.
DS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 17:34:00.00 on Tue 03/15/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.580 [GMT -5:00]
AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning enabled* (Updated) {12916D5B-EF29-4AD0-AB12-C7D3F61D4683}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\administrator.GONPH\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [OE] "c:\program files\trend micro\client server security agent\tmas_oe\TMAS_OEMon.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\viaimp~1.lnk - c:\program files\elinc\via\system\VIA Import Manager.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281534011664
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
TCP: {22E23B4F-4043-42CC-B3D6-F6A356E968DC} = 192.168.113.2
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-12-4 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-12-4 36368]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-8-11 57424]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-7-20 689416]
S4 NewServiceInstall1;VIA Service;c:\program files\elinc\via\via service\Eklin.Via.Service.exe [2010-5-20 11776]
=============== Created Last 30 ================
2011-03-15 16:14 <DIR> --d----- c:\docume~1\admini~1.gon\applic~1\Malwarebytes
2011-03-15 16:14 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 16:14 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-03-15 16:14 20,952 a------- c:\windows\system32\drivers\mbam.sys
2011-03-15 16:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2011-03-14 17:04 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\fNnJkKg06300
==================== Find3M ====================
2010-08-11 11:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010081120100812\index.dat
============= FINISH: 17:35:08.02 ===============
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:36:31 PM, on 3/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\administrator.GONPH\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VIA Import Manager.lnk = C:\Program Files\Elinc\Via\System\VIA Import Manager.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech....Detection32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1281534011664
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GONPH.local
O17 - HKLM\Software\..\Telephony: DomainName = GONPH.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{22E23B4F-4043-42CC-B3D6-F6A356E968DC}: NameServer = 192.168.113.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GONPH.local
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
--
End of file - 5098 bytes
OTL logfile created on: 3/15/2011 5:39:17 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\administrator.GONPH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 578.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 23.92 Gb Free Space | 64.28% Space Free | Partition Type: NTFS
Computer Name: LAB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\administrator.GONPH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)
PRC - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\administrator.GONPH\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (tmlisten) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (NewServiceInstall1) -- C:\Program Files\Elinc\Via\Via Service\Eklin.Via.Service.exe (Microsoft)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (BAsfIpM) -- C:\WINDOWS\system32\BAsfIpM.exe (Broadcom Corp.)
SRV - (spkrmon) -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe ()
========== Driver Services (SafeList) ==========
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys ()
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys ()
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys (Trend Micro Inc.)
DRV - (TmFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\WINDOWS\system32\drivers\BASFND.sys (Broadcom Corporation)
DRV - (USA49W) -- C:\WINDOWS\system32\drivers\usa49w2k.sys (Keyspan)
DRV - (USA49W2KP) -- C:\WINDOWS\system32\drivers\usa49w2kp.sys (Keyspan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010/10/25 01:29:11 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VIA Import Manager.lnk = C:\Program Files\Elinc\Via\System\VIA Import Manager.exe (Elinc Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281534011664 (WUWebControl Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GONPH.local
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/23 16:50:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2011/03/15 17:31:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\administrator.GONPH\Desktop\HiJackThis.exe
[2011/03/15 16:36:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\administrator.GONPH\Desktop\ATF_Cleaner.exe
[2011/03/15 16:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.GONPH\Application Data\Malwarebytes
[2011/03/15 16:14:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/15 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/15 16:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/03/15 16:14:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/15 16:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/15 16:13:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.GONPH\Desktop\OTL.exe
[2011/03/15 16:12:36 | 007,734,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator.GONPH\Desktop\mbam-setup.exe
[2011/03/14 17:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fNnJkKg06300
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/15 17:31:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\administrator.GONPH\Desktop\HiJackThis.exe
[2011/03/15 17:31:03 | 000,359,929 | ---- | M] () -- C:\Documents and Settings\administrator.GONPH\Desktop\dds.scr
[2011/03/15 16:46:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/15 16:36:36 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\administrator.GONPH\Desktop\ATF_Cleaner.exe
[2011/03/15 16:14:31 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E8E658E-685C-4E81-9166-7292136CC348}.job
[2011/03/15 16:14:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/15 16:13:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.GONPH\Desktop\OTL.exe
[2011/03/15 16:12:48 | 007,734,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator.GONPH\Desktop\mbam-setup.exe
[2011/03/15 16:07:58 | 000,014,674 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/03/15 16:07:05 | 000,443,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/15 16:07:05 | 000,070,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/15 16:05:35 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2011/03/15 16:04:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/15 17:31:02 | 000,359,929 | ---- | C] () -- C:\Documents and Settings\administrator.GONPH\Desktop\dds.scr
[2011/03/15 16:14:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 11:24:31 | 000,014,674 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2010/08/11 11:23:19 | 000,177,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/11 11:23:19 | 000,067,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/08/11 11:23:19 | 000,057,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/08/11 11:14:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\drivers\lw.ini
[2010/08/11 10:13:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Usa49wPropPage.dll
[2010/08/11 10:13:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k49winst.dll
[2010/08/09 15:02:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 14:54:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/09 09:44:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/09 09:43:24 | 000,103,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/10 16:03:30 | 000,462,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,443,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,070,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/06/23 12:20:22 | 000,068,608 | ---- | C] () -- C:\WINDOWS\AutoItX3.dll
[2002/06/28 15:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2002/03/26 06:59:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\DymoCfg.dll
[1997/08/04 16:37:30 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\RMTSHARE.EXE
========== LOP Check ==========
[2010/08/11 17:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.GONPH\Application Data\Xerox
[2010/08/11 09:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Eklin
[2011/03/14 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fNnJkKg06300
[2011/03/15 16:14:31 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E8E658E-685C-4E81-9166-7292136CC348}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2005/09/23 16:50:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/09 14:52:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2005/09/23 16:50:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/23 16:50:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/09/23 16:50:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/11 10:57:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/15 16:04:24 | 1195,376,640 | -HS- | M] () -- C:\pagefile.sys
[2011/03/15 16:05:35 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/08/09 14:57:54 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/08/09 09:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/08/09 09:42:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/08/09 09:42:42 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/08/11 11:02:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/11 08:39:44 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\administrator.GONPH\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/08/11 08:39:43 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\administrator.GONPH\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2011/03/15 16:36:36 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\administrator.GONPH\Desktop\ATF_Cleaner.exe
[2011/03/15 17:31:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\administrator.GONPH\Desktop\HiJackThis.exe
[2011/03/15 16:12:48 | 007,734,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator.GONPH\Desktop\mbam-setup.exe
[2011/03/15 16:13:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.GONPH\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 4
"UseWUServer" = 1
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report >
OTL Extras logfile created on: 3/15/2011 4:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\administrator.GONPH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 653.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 23.92 Gb Free Space | 64.29% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 0.07 Gb Free Space | 3.98% Space Free | Partition Type: FAT
Computer Name: LAB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager" = %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager
"%ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application" = %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application
"%ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager" = %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"35186:TCP" = 35186:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4F84DFF6-EB5B-4B5B-926D-C4A768CBADBC}" = Keyspan USB 4-Port Serial Adapter
"{5F48C5E7-142E-4E0B-9BB2-DD815ABCEAF8}" = Dymo Drivers and Settings
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C20144B-0CD3-4EBD-A566-D31926AAC005}" = VIA
"{90BA5FE3-B858-4939-B9AF-3CCC33CF6112}" = MultiRes 1.46
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EB33A035-9C61-449D-982A-A2BC706BA2D2}" = Deploy.ScriptTools
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ie8" = Windows Internet Explorer 8
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/26/2011 9:50:08 AM | Computer Name = LAB | Source = UserInit | ID = 1000
Description = Could not execute the following script \\hdc\netlogon\Proc.Printers.vbs.
The network location cannot be reached. For information about network troubleshooting,
see Windows Help. .
Error - 2/26/2011 9:50:08 AM | Computer Name = LAB | Source = UserInit | ID = 1000
Description = Could not execute the following script \\hdc\NETLOGON\Proc.Wallpaper.VBS.
The network location cannot be reached. For information about network troubleshooting,
see Windows Help. .
Error - 2/26/2011 9:51:50 AM | Computer Name = LAB | Source = Application Hang | ID = 1002
Description = Hanging application VIA Import Manager.exe, version 6.0.0.78, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/26/2011 9:54:48 AM | Computer Name = LAB | Source = Application Management | ID = 102
Description = The install of application Via Managed 3.8.6 from policy Deploy.VIA3.8.6
failed. The error was : %1612
Error - 2/26/2011 9:54:49 AM | Computer Name = LAB | Source = Application Management | ID = 108
Description = Failed to apply changes to software installation settings. Software
changes could not be applied. A previous log entry with details should exist.
The error was : %1612
Error - 2/26/2011 9:54:49 AM | Computer Name = LAB | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Software Installation failed
to execute. Please look for any errors reported earlier by that extension.
Error - 3/9/2011 6:00:05 PM | Computer Name = LAB | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/15/2011 5:04:49 PM | Computer Name = LAB | Source = Application Management | ID = 102
Description = The install of application Via Managed 3.8.6 from policy Deploy.VIA3.8.6
failed. The error was : %1612
Error - 3/15/2011 5:04:49 PM | Computer Name = LAB | Source = Application Management | ID = 108
Description = Failed to apply changes to software installation settings. Software
changes could not be applied. A previous log entry with details should exist.
The error was : %1612
Error - 3/15/2011 5:04:49 PM | Computer Name = LAB | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Software Installation failed
to execute. Please look for any errors reported earlier by that extension.
[ System Events ]
Error - 11/9/2010 1:46:06 PM | Computer Name = LAB | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/11/2010 1:46:07 PM | Computer Name = LAB | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >
Thanks for your help.
Brad