Hello - see reports as requested
==============================================
fixmsi.reg has been successfully entered into the registry.
==============================================
Ran the perms.bat file on the desktop of new User account. I could not use the windows 'switch user' button that switches from tenmeg to the new User account. I had to close tenmeg, restart computer and then logon to the new User account to run the perms.bat file from that new User account desktop. Then I realized you just hit the log out button and reopen either User account. See report below
==================================================================
C:\Documents and Settings\GemNet\Desktop 2WIRE200\GemNet:F
2WIRE200\GemNet:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
============================================================
Ran the wmidiag,vbs program
Rc’d the following error and I believed it ( no on screen visual of program running ) stopped at that point.
ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\TENMEG\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_2WIRE200_2009.09.21_22.46.15.LOG' for details.
============================================================
17281 23:10:09 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN -----------
-----------------------------------------------
17282 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17283 23:10:09 (0) **
17284 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17285 23:10:09 (0) ** Windows XP - No service pack - 32-bit (2600) - User '2WIRE200
\TENMEG' on computer '2WIRE200'.
17286 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17287 23:10:09 (0) ** INFO: Environment:
.................................................................................................. 1 ITEM(S)!
17288 23:10:09 (0) ** INFO: => 2 incorrect shutdown(s) detected on:
17289 23:10:09 (0) ** - Shutdown on 05 September 2009 23:30:19 (GMT+7).
17290 23:10:09 (0) ** - Shutdown on 06 September 2009 22:54:34 (GMT+7).
17291 23:10:09 (0) **
17292 23:10:09 (0) ** System drive:
....................................................................................................... C: (Disk #0 Partition #0).
17293 23:10:09 (0) ** Drive type:
......................................................................................................... IDE (TOSHIBA MK8032GAX).
17294 23:10:09 (0) ** There are no missing WMI system files:
.............................................................................. OK.
17295 23:10:09 (0) ** There are no missing WMI repository files:
.......................................................................... OK.
17296 23:10:09 (0) ** WMI repository state:
............................................................................................... N/A.
17297 23:10:09 (0) ** BEFORE running WMIDiag:
17298 23:10:09 (0) ** The WMI repository has a size of:
................................................................................... 7 MB.
17299 23:10:09 (0) ** - Disk free space on 'C:':
.......................................................................................... 54755 MB.
17300 23:10:09 (0) ** - INDEX.BTR, 1302528 bytes, 9/21/2009 10:22:34 PM
17301 23:10:09 (0) ** - INDEX.MAP, 668 bytes, 9/21/2009 10:22:34 PM
17302 23:10:09 (0) ** - OBJECTS.DATA, 5971968 bytes, 9/21/2009 10:22:33
PM
17303 23:10:09 (0) ** - OBJECTS.MAP, 2964 bytes, 9/21/2009 10:22:34
PM
17304 23:10:09 (0) ** AFTER running WMIDiag:
17305 23:10:09 (0) ** The WMI repository has a size of:
................................................................................... 7 MB.
17306 23:10:09 (0) ** - Disk free space on 'C:':
.......................................................................................... 54757 MB.
17307 23:10:09 (0) ** - INDEX.BTR, 1302528 bytes, 9/21/2009 10:22:34 PM
17308 23:10:09 (0) ** - INDEX.MAP, 668 bytes, 9/21/2009 10:22:34 PM
17309 23:10:09 (0) ** - OBJECTS.DATA, 5971968 bytes, 9/21/2009 10:22:33
PM
17310 23:10:09 (0) ** - OBJECTS.MAP, 2964 bytes, 9/21/2009 10:22:34
PM
17311 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17312 23:10:09 (0) ** Windows Firewall:
................................................................................................... NOT INSTALLED.
17313 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17314 23:10:09 (0) ** DCOM Status:
........................................................................................................ OK.
17315 23:10:09 (0) ** WMI registry setup:
................................................................................................. OK.
17316 23:10:09 (0) ** WMI Service has no dependents:
...................................................................................... OK.
17317 23:10:09 (0) ** RPCSS service:
...................................................................................................... OK (Already started).
17318 23:10:09 (0) ** WINMGMT service:
.................................................................................................... OK (Already started).
17319 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17320 23:10:09 (0) ** WMI service DCOM setup:
............................................................................................. OK.
17321 23:10:09 (2) !! WARNING: WMI DCOM components registration is missing for the
following EXE/DLLs: .................................... 6 WARNING(S)!
17322 23:10:09 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
17323 23:10:09 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
17324 23:10:09 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
17325 23:10:09 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
17326 23:10:09 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
17327 23:10:09 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
17328 23:10:09 (0) ** => WMI System components are not properly registered as COM
objects, which could make WMI to
17329 23:10:09 (0) ** fail depending on the operation requested.
17330 23:10:09 (0) ** => For a .DLL, you can correct the DCOM configuration by executing
the 'REGSVR32.EXE <Filename.DLL>' command.
17331 23:10:09 (0) **
17332 23:10:09 (0) ** WMI ProgID registrations:
........................................................................................... OK.
17333 23:10:09 (0) ** WMI provider DCOM registrations:
.................................................................................... OK.
17334 23:10:09 (0) ** WMI provider CIM registrations:
..................................................................................... OK.
17335 23:10:09 (0) ** WMI provider CLSIDs:
................................................................................................ OK.
17336 23:10:09 (0) ** WMI providers EXE/DLL availability:
................................................................................. OK.
17337 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17338 23:10:09 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch &
Activation Permissions): ........................... MODIFIED.
17339 23:10:09 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been
REMOVED!
17340 23:10:09 (0) ** - REMOVED ACE:
17341 23:10:09 (0) ** ACEType: &h0
17342 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17343 23:10:09 (0) ** ACEFlags: &h0
17344 23:10:09 (0) ** ACEMask: &h1
17345 23:10:09 (0) ** DCOM_RIGHT_EXECUTE
17346 23:10:09 (0) **
17347 23:10:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the
trustee.
17348 23:10:09 (0) ** Removing default security will cause some operations to fail!
17349 23:10:09 (0) ** It is possible to fix this issue by editing the security descriptor and
adding the ACE.
17350 23:10:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
17351 23:10:09 (0) **
17352 23:10:09 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch &
Activation Permissions): ........................... MODIFIED.
17353 23:10:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been
REMOVED!
17354 23:10:09 (0) ** - REMOVED ACE:
17355 23:10:09 (0) ** ACEType: &h0
17356 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17357 23:10:09 (0) ** ACEFlags: &h0
17358 23:10:09 (0) ** ACEMask: &h1
17359 23:10:09 (0) ** DCOM_RIGHT_EXECUTE
17360 23:10:09 (0) **
17361 23:10:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the
trustee.
17362 23:10:09 (0) ** Removing default security will cause some operations to fail!
17363 23:10:09 (0) ** It is possible to fix this issue by editing the security descriptor and
adding the ACE.
17364 23:10:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
17365 23:10:09 (0) **
17366 23:10:09 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch &
Activation Permissions): ........................... MODIFIED.
17367 23:10:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been
REMOVED!
17368 23:10:09 (0) ** - REMOVED ACE:
17369 23:10:09 (0) ** ACEType: &h0
17370 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17371 23:10:09 (0) ** ACEFlags: &h0
17372 23:10:09 (0) ** ACEMask: &h1
17373 23:10:09 (0) ** DCOM_RIGHT_EXECUTE
17374 23:10:09 (0) **
17375 23:10:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the
trustee.
17376 23:10:09 (0) ** Removing default security will cause some operations to fail!
17377 23:10:09 (0) ** It is possible to fix this issue by editing the security descriptor and
adding the ACE.
17378 23:10:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
17379 23:10:09 (0) **
17380 23:10:09 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
..................................................................... MODIFIED.
17381 23:10:09 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES
NOT match corresponding expected trustee rights (Actual->Default)
17382 23:10:09 (0) ** - ACTUAL ACE:
17383 23:10:09 (0) ** ACEType: &h0
17384 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17385 23:10:09 (0) ** ACEFlags: &h2
17386 23:10:09 (0) ** CONTAINER_INHERIT_ACE
17387 23:10:09 (0) ** ACEMask: &h1
17388 23:10:09 (0) ** WBEM_ENABLE
17389 23:10:09 (0) ** - EXPECTED ACE:
17390 23:10:09 (0) ** ACEType: &h0
17391 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17392 23:10:09 (0) ** ACEFlags: &h12
17393 23:10:09 (0) ** CONTAINER_INHERIT_ACE
17394 23:10:09 (0) ** INHERITED_ACE
17395 23:10:09 (0) ** ACEMask: &h13
17396 23:10:09 (0) ** WBEM_ENABLE
17397 23:10:09 (0) ** WBEM_METHOD_EXECUTE
17398 23:10:09 (0) ** WBEM_WRITE_PROVIDER
17399 23:10:09 (0) **
17400 23:10:09 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
17401 23:10:09 (0) ** This will cause some operations to fail!
17402 23:10:09 (0) ** It is possible to fix this issue by editing the security descriptor and
adding the removed right.
17403 23:10:09 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
17404 23:10:09 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
17405 23:10:09 (0) ** The security diagnostic is based on the WMI namespace expected
defaults.
17406 23:10:09 (0) ** A specific WMI application can always require a security setup
different
17407 23:10:09 (0) ** than the WMI security defaults.
17408 23:10:09 (0) **
17409 23:10:09 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
..................................................................... MODIFIED.
17410 23:10:09 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES
NOT match corresponding expected trustee rights (Actual->Default)
17411 23:10:09 (0) ** - ACTUAL ACE:
17412 23:10:09 (0) ** ACEType: &h0
17413 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17414 23:10:09 (0) ** ACEFlags: &h2
17415 23:10:09 (0) ** CONTAINER_INHERIT_ACE
17416 23:10:09 (0) ** ACEMask: &h1
17417 23:10:09 (0) ** WBEM_ENABLE
17418 23:10:09 (0) ** - EXPECTED ACE:
17419 23:10:09 (0) ** ACEType: &h0
17420 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17421 23:10:09 (0) ** ACEFlags: &h12
17422 23:10:09 (0) ** CONTAINER_INHERIT_ACE
17423 23:10:09 (0) ** INHERITED_ACE
17424 23:10:09 (0) ** ACEMask: &h13
17425 23:10:09 (0) ** WBEM_ENABLE
17426 23:10:09 (0) ** WBEM_METHOD_EXECUTE
17427 23:10:09 (0) ** WBEM_WRITE_PROVIDER
17428 23:10:09 (0) **
17429 23:10:09 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
17430 23:10:09 (0) ** This will cause some operations to fail!
17431 23:10:09 (0) ** It is possible to fix this issue by editing the security descriptor and
adding the removed right.
17432 23:10:09 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
17433 23:10:09 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
17434 23:10:09 (0) ** The security diagnostic is based on the WMI namespace expected
defaults.
17435 23:10:09 (0) ** A specific WMI application can always require a security setup
different
17436 23:10:09 (0) ** than the WMI security defaults.
17437 23:10:09 (0) **
17438 23:10:09 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
..................................................................... MODIFIED.
17439 23:10:09 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
17440 23:10:09 (0) ** - REMOVED ACE:
17441 23:10:09 (0) ** ACEType: &h0
17442 23:10:09 (0) ** ACCESS_ALLOWED_ACE_TYPE
17443 23:10:09 (0) ** ACEFlags: &h12
17444 23:10:09 (0) ** CONTAINER_INHERIT_ACE
17445 23:10:09 (0) ** INHERITED_ACE
17446 23:10:09 (0) ** ACEMask: &h13
17447 23:10:09 (0) ** WBEM_ENABLE
17448 23:10:09 (0) ** WBEM_METHOD_EXECUTE
17449 23:10:09 (0) ** WBEM_WRITE_PROVIDER
17450 23:10:09 (0) **
17451 23:10:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the
trustee.
17452 23:10:09 (0) ** Removing default security will cause some operations to fail!
17453 23:10:09 (0) ** It is possible to fix this issue by editing the security descriptor and
adding the ACE.
17454 23:10:09 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
17455 23:10:09 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
17456 23:10:09 (0) ** The security diagnostic is based on the WMI namespace expected
defaults.
17457 23:10:09 (0) ** A specific WMI application can always require a security setup
different
17458 23:10:09 (0) ** than the WMI security defaults.
17459 23:10:09 (0) **
17460 23:10:09 (0) **
17461 23:10:09 (0) ** DCOM security warning(s) detected:
.................................................................................. 0.
17462 23:10:09 (0) ** DCOM security error(s) detected:
.................................................................................... 3.
17463 23:10:09 (0) ** WMI security warning(s) detected:
................................................................................... 0.
17464 23:10:09 (0) ** WMI security error(s) detected:
..................................................................................... 3.
17465 23:10:09 (0) **
17466 23:10:09 (1) !! ERROR: Overall DCOM security status:
................................................................................ ERROR!
17467 23:10:09 (1) !! ERROR: Overall WMI security status:
................................................................................. ERROR!
17468 23:10:09 (0) ** - Started at 'Root' ------------------------------------------------------------------------
--------------------------------------
17469 23:10:09 (0) ** INFO: WMI permanent SUBSCRIPTION(S):
................................................................................ 3.
17470 23:10:09 (0) ** - ROOT/DEFAULT, MSFT_UCScenarioControl.Name="Microsoft WMI
Updating Consumer Scenario Control".
17471 23:10:09 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance
ISA 'MSFT_UCScenario''
17472 23:10:09 (0) ** - ROOT/SUBSCRIPTION,
MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
17473 23:10:09 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance
ISA 'MSFT_UCScenario''
17474 23:10:09 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM
Event Log Consumer".
17475 23:10:09 (0) ** 'select * from MSFT_SCMEventLogEvent'
17476 23:10:09 (0) **
17477 23:10:09 (0) ** WMI TIMER instruction(s):
........................................................................................... NONE.
17478 23:10:09 (0) ** INFO: WMI ADAP status:
.............................................................................................. 2.
17479 23:10:09 (0) ** => The WMI ADAP process is processing a performance library (2).
17480 23:10:09 (0) ** Some WMI performance classes could be missing at the time
WMIDiag was executed.
17481 23:10:09 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY:
.................................................................... 1 NAMESPACE(S)!
17482 23:10:09 (0) ** - ROOT/SERVICEMODEL.
17483 23:10:09 (0) ** => When remotely connecting, the namespace(s) listed require(s) the
WMI client to
17484 23:10:09 (0) ** use an encrypted connection by specifying the PACKET PRIVACY
authentication level.
17485 23:10:09 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
17486 23:10:09 (0) ** i.e. 'WMIC.EXE /NODE:"2WIRE200" /AUTHLEVEL:Pktprivacy
/NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
17487 23:10:09 (0) **
17488 23:10:09 (0) ** WMI MONIKER CONNECTIONS:
............................................................................................ OK.
17489 23:10:09 (0) ** WMI CONNECTIONS:
.................................................................................................... OK.
17490 23:10:09 (0) ** WMI GET operations:
................................................................................................. OK.
17491 23:10:09 (0) ** WMI MOF representations:
............................................................................................ OK.
17492 23:10:09 (0) ** WMI QUALIFIER access operations:
.................................................................................... OK.
17493 23:10:09 (2) !! WARNING: WMI ENUMERATION operation errors reported:
................................................................. 1 WARNING(S)!
17494 23:10:09 (0) ** - Root/Default, InstancesOf, 'SystemRestore' did not return any instance
while AT LEAST 1 instance is expected.
17495 23:10:09 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17496 23:10:09 (0) **
17497 23:10:09 (2) !! WARNING: WMI EXECQUERY operation errors reported:
................................................................... 1 WARNING(S)!
17498 23:10:09 (0) ** - Root/Default, 'Select * From SystemRestore' did not return any
instance while AT LEAST 1 instance is expected.
17499 23:10:09 (0) **
17500 23:10:09 (0) ** WMI GET VALUE operations:
........................................................................................... OK.
17501 23:10:09 (0) ** WMI WRITE operations:
............................................................................................... NOT TESTED.
17502 23:10:09 (0) ** WMI PUT operations:
................................................................................................. NOT TESTED.
17503 23:10:09 (0) ** WMI DELETE operations:
.............................................................................................. NOT TESTED.
17504 23:10:09 (0) ** WMI static instances retrieved:
..................................................................................... 648.
17505 23:10:09 (0) ** WMI dynamic instances retrieved:
.................................................................................... 0.
17506 23:10:09 (0) ** WMI instance request cancellations (to limit performance impact):
................................................... 0.
17507 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17508 23:10:09 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20
day(s):
17509 23:10:09 (0) ** DCOM:
............................................................................................................. 137.
17510 23:10:09 (0) ** WINMGMT:
.......................................................................................................... 1.
17511 23:10:09 (0) ** WMIADAPTER:
....................................................................................................... 0.
17512 23:10:09 (0) ** => Verify the WMIDiag LOG at line #16104 for more details.
17513 23:10:09 (0) **
17514 23:10:09 (0) ** # of additional Event Log events AFTER WMIDiag execution:
17515 23:10:09 (0) ** DCOM:
............................................................................................................. 0.
17516 23:10:09 (0) ** WINMGMT:
.......................................................................................................... 0.
17517 23:10:09 (0) ** WMIADAPTER:
....................................................................................................... 0.
17518 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17519 23:10:09 (0) ** WMI Registry key setup:
............................................................................................. OK.
17520 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17521 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17522 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17523 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17524 23:10:09 (0) **
17525 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17526 23:10:09 (0) ** ------------------------------------------------------ WMI REPORT: END -------------
----------------------------------------------
17527 23:10:09 (0) ** -------------------------------------------------------------------------------------------------
---------------------------------
17528 23:10:09 (0) **
17529 23:10:09 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work
properly!. Check 'C:\DOCUMENTS AND SETTINGS\TENMEG\LOCAL
SETTINGS\TEMP\WMIDIAG-
V2.0_XP___.CLI.RTM.32_2WIRE200_2009.09.21_23.07.37.LOG' for details.
17530 23:10:09 (0) **
17531 23:10:09 (0) ** WMIDiag v2.0 ended on Monday, September 21, 2009 at 23:10 (W:80
E:22 S:1).
(W:80 E:22 S:1).
=================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:33 PM, on 9/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hp-desktop.aol.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.personalfirewall.comodo.com/ ... CF6FF3F27FR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O15 - Trusted Zone:
http://forums.cnet.comO15 - Trusted Zone:
http://download.windowsupdate.comO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se1140.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9970259671O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 9971399281O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 8415 bytes