Yep, I was doing it wrong. I started Deckard properly this time. First will be the mail log then the extra log. Main:
Deckard's System Scanner v20071014.68
Run by adler on 2008-06-29 18:18:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
46: 2008-06-28 21:35:55 UTC - RP177 - Deckard's System Scanner Restore Point
45: 2008-06-28 17:44:32 UTC - RP176 - Installed Java(TM) 6 Update 6
44: 2008-06-28 17:32:42 UTC - RP175 - Removed Java(TM) 6 Update 5
43: 2008-06-28 17:31:27 UTC - RP174 - Removed Java(TM) 6 Update 3
42: 2008-06-28 01:52:58 UTC - RP173 - System Checkpoint
-- First Restore Point --
1: 2008-05-07 04:00:04 UTC - RP132 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as adler.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:52 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\QFC5B4.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\adler\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\adler.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "U:\Trend Image 8.0 setup utility\ImgSetup.exe" "/000d567b3e84" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -
https://burnt-orange/officescan/console ... nNTChk.cabO16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) -
https://burnt-orange/officescan/console ... /setup.cabO16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
https://burnt-orange/officescan/console ... AtxEnc.cabO16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) -
https://burnt-orange/officescan/console ... veCtrl.cabO16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KRON.com
O17 - HKLM\Software\..\Telephony: DomainName = KRON.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KRON.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KRON.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6440 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 Scap (SecureClient Application Policy Module) - c:\windows\system32\drivers\scap.sys <Not Verified; Check Point Software Technologies; desktop>
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; VPN-1 SecuRemote/SecureClient>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_1260&DEV_3886&SUBSYS_00031630&REV_01\5&11F07975&0&0008F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1260&DEV_3886&SUBSYS_00031630&REV_01\5&11F07975&0&0008F0
Service:
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 1144)
2004-07-13 23:14:08 24673 --a------ C:\WINDOWS\system32\ckpNotify.dll <Not Verified; Check Point Software Technologies; desktop>
C:\WINDOWS\explorer.exe (pid 1612)
2002-10-11 08:10:00 20552 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing, Inc.; WinZip>
-- Scheduled Tasks -------------------------------------------------------------
2008-06-29 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-06-29 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-06-28 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-06-28 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-06-28 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-06-28 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-06-28 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-06-28 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-06-28 14:45:26 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-06-28 14:00:11 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-06-28 14:00:03 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-06-28 13:00:15 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-06-28 13:00:08 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-06-28 12:00:09 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-06-28 11:00:01 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-06-28 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-06-27 21:46:19 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-06-27 20:00:09 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-06-27 19:11:14 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-06-27 19:00:01 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-06-27 06:39:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-06-26 23:00:07 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-06-26 06:00:16 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-06-26 06:00:03 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-06-26 05:00:13 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-06-26 05:00:04 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-06-26 04:00:12 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-06-26 04:00:06 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-06-26 03:00:11 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-06-26 03:00:03 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-06-26 02:00:11 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-06-26 02:00:04 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-06-26 01:00:11 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-06-26 01:00:03 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-06-26 00:40:02 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-06-26 00:21:11 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-06-23 23:10:44 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-06-23 23:10:43 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-06-23 23:10:43 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-06-23 23:10:43 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-06-23 23:10:43 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-06-23 23:10:43 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-06-22 21:00:02 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-06-22 18:00:03 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-06-22 15:00:04 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-06-22 10:00:03 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-06-22 09:00:42 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-06-22 08:00:05 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-05-12 09:36:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-29 and 2008-06-29 -----------------------------
2008-06-28 10:44:37 0 d-------- C:\Program Files\Common Files\Java
2008-06-27 19:20:42 0 d-------- C:\Documents and Settings\adler\Application Data\Malwarebytes
2008-06-27 19:20:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 19:20:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 23:19:44 5 --a------ C:\WINDOWS\system32\system.dat
2008-06-25 23:17:43 0 d-------- C:\Program Files\easetech
2008-06-24 07:00:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-06-24 07:00:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-06-24 07:00:11 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-06-24 06:48:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-22 21:23:56 0 d-------- C:\Documents and Settings\adler\.housecall6.6
-- Find3M Report ---------------------------------------------------------------
2008-06-28 10:45:35 0 d-------- C:\Program Files\Java
2008-06-28 10:44:37 0 d-------- C:\Program Files\Common Files
2008-06-26 07:43:40 0 d-------- C:\Documents and Settings\adler\Application Data\Azureus
2008-06-26 07:36:13 0 d-------- C:\Documents and Settings\adler\Application Data\Apple Computer
2008-06-25 21:34:40 0 d-------- C:\Program Files\Trend Micro
2008-06-17 23:11:14 0 d-------- C:\Program Files\Azureus
2008-06-16 22:47:36 0 d-------- C:\Documents and Settings\adler\Application Data\com.zipeg
2008-06-16 22:46:53 0 d-------- C:\Program Files\Zipeg
2008-05-26 07:32:39 0 d-------- C:\Documents and Settings\adler\Application Data\BitZipper
2008-05-07 21:41:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-07 06:39:25 0 d-------- C:\Documents and Settings\adler\Application Data\Winamp
2008-05-07 06:24:22 0 d-------- C:\Program Files\Winamp
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 10:05 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 10:08 AM]
"Trend OfficeScan ImageSetup"="U:\Trend Image 8.0 setup utility\ImgSetup.exe" []
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/08/2007 12:43 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 07/13/2004 11:14 PM 24673 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-905031722-3973244588-3983749042-1123\Scripts\Logon\0\0]
"Script"=\\KRON.com\SysVol\KRON.com\scripts\IT.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-905031722-3973244588-3983749042-1172\Scripts\Logon\0\0]
"Script"=\\Radical-red\SYSVOL\KRON.com\scripts\IT-Test.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-905031722-3973244588-3983749042-1976\Scripts\Logon\0\0]
"Script"=\\Radical-red\SYSVOL\KRON.com\scripts\Creative_Services.vbs
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- Hosts -----------------------------------------------------------------------
10.21.0.4 hal2 hal2.kron.com
10.21.0.32 radical-red radical-red.kron.com
10.21.0.33 pacific-blue pacific-blue.kron.com
10.21.0.34 screamin-green screamin-green.kron.com
10.21.0.35 indigo indigo.kron.com
10.21.0.36 laser-lemon laser-lemon.kron.com
10.21.0.37 electric-lime electric-lime.kron.com
10.21.0.38 unmellow-yellow unmellow-yellow.kron.com
10.21.0.30 kron-enps1 kron-enps1.kron.com
10.21.0.31 kron-enps2 kron-enps2.kron.com
8755 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-29 18:19:27 ------------
Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.23 MiB / 577.55 MiB
Pagefile Memory (total/avail): 2462 MiB / 2077.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.87 MiB
C: is Fixed (NTFS) - 18.62 GiB total, 9.47 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC25N020ATMR04-0 - 18.63 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 18.62 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
UpdatesDisableNotify is set.
FW: Trend Micro Personal Firewall v3.3 (Trend Micro Inc.)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:SecureClient Application"
"C:\\Program Files\\ENPS\\ENPS.EXE"="C:\\Program Files\\ENPS\\ENPS.EXE:*:Enabled:ENPS"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:SecureClient Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\adler\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADLER-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\adler
LOGONSERVER=\\PACIFIC-BLUE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\adler\LOCALS~1\Temp
TMP=C:\DOCUME~1\adler\LOCALS~1\Temp
USERDNSDOMAIN=KRON.COM
USERDOMAIN=KRON
USERNAME=adler
USERPROFILE=C:\Documents and Settings\adler
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator
(admin)proffitt
(new local, admin, net ready)wsadmin
(admin)adler
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Check Point VPN-1 SecuRemote NG_AI_R56 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FCF2FC0-8268-11D4-A313-0006290D766E}\setup.exe" ADD_REMOVE
Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Printer Software Uninstall --> C:\Program Files\Dell\Install\Uninstall.exe
Dell Software Uninstall --> C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Ease Audio Converter 1.30 --> "C:\Program Files\easetech\AudioConverter\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InFlac 1.1.1 --> "C:\Program Files\Winamp\InFlac-Uninstall.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Zipeg --> "C:\Program Files\Zipeg\zipeg.exe" -uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type2974 / Error
Event Submitted/Written: 06/29/2008 06:09:19 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script \\Radical-red\SYSVOL\KRON.com\scripts\Creative_Services.vbs. The network path was not found.
.
Event Record #/Type2973 / Error
Event Submitted/Written: 06/29/2008 06:05:27 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type2971 / Error
Event Submitted/Written: 06/29/2008 06:04:50 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type2966 / Error
Event Submitted/Written: 06/29/2008 06:04:27 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type2964 / Warning
Event Submitted/Written: 06/29/2008 07:14:16 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type13750 / Error
Event Submitted/Written: 06/29/2008 06:12:59 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\system32\PTi040cT.dll.
Reference error message: The operation completed successfully.
.
Event Record #/Type13749 / Error
Event Submitted/Written: 06/29/2008 06:12:59 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.ATL.
Reference error message: The referenced assembly is not installed on your system.
.
Event Record #/Type13748 / Error
Event Submitted/Written: 06/29/2008 06:12:59 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.ATL could not be found and Last Error was The referenced assembly is not installed on your system.
Event Record #/Type13731 / Error
Event Submitted/Written: 06/29/2008 06:05:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The QoS Packet Scheduler service failed to start due to the following error:
%%1058
Event Record #/Type13730 / Error
Event Submitted/Written: 06/29/2008 06:04:46 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
-- End of Deckard's System Scanner: finished at 2008-06-29 18:19:27 ------------
I also did the OTMovIt but failed to copy it before closing. I did it a second time and the item you listed did not show up. Here is the OTMoveIt log after I did it a second time:
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_182227
Nothing. As for your final question on how the computer is running...yes, much better. Before and while we were doing this Explorer kept shutting down and it was quite frustrating. The random pop-up has also vanished. So far, so good.
Nice job! Thank you. Thank you!