Hi Again,
This is the log of main.txt
Deckard's System Scanner v20071014.68
Run by Santos_GDV on 2008-08-15 16:53:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
8: 2008-08-15 08:53:29 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-08-15 05:20:39 UTC - RP7 - Installed Windows Media Player 11
6: 2008-08-15 04:06:14 UTC - RP6 - System Checkpoint
5: 2008-08-14 04:01:35 UTC - RP5 - System Checkpoint
4: 2008-08-11 03:10:13 UTC - RP4 - Installed Windows Media Player 9 Series Winter Fun Pack
-- First Restore Point --
1: 2008-08-08 07:56:53 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Santos_GDV.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:59 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TOB1CC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Santos_GDV\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SANTOS~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://192.9.1.247:8.../servlet/ddrintR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.9.1.192:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.9.1.249;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cabO23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 6216 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080808-162714-436 O4 - HKLM\..\Run: [lphcn8pj0ej67] C:\WINDOWS\system32\lphcn8pj0ej67.exe
-- File Associations -----------------------------------------------------------
.ini - UltraEdit.ini - DefaultIcon - unable to read value.ini - UltraEdit.ini - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1".js - UltraEdit.js - DefaultIcon - unable to read value.js - UltraEdit.js - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1".reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*.txt - UltraEdit.txt - DefaultIcon - unable to read value.txt - UltraEdit.txt - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
S3 PSSdk21 - c:\windows\system32\drivers\hnpssdk.drv (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 acs (Atheros Configuration Service) - c:\windows\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
R2 ntrtscan (OfficeScanNT RealTime Scan) - "c:\program files\trend micro\officescan client\ntrtscan.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - "c:\program files\trend micro\officescan client\ofcpfwsvc.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 tmlisten (OfficeScanNT Listener) - "c:\program files\trend micro\officescan client\tmlisten.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 Cwbrxd (iSeries Access for Windows Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® iSeries Access for Windows>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-31 10:06:04 116 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job
-- Files created between 2008-07-15 and 2008-08-15 -----------------------------
2008-08-15 09:55:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-15 09:55:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-15 09:02:11 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Malwarebytes
2008-08-15 09:02:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 09:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 11:10:16 0 d-------- C:\Program Files\Windows XP Fun Pack
2008-07-31 10:42:35 0 d--hs---- C:\Documents and Settings\Santos_GDV\Phone Browser
2008-07-28 08:53:28 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-28 08:40:51 0 dr-h----- C:\MSOCache
2008-07-25 19:45:36 0 d-------- C:\Program Files\The KMPlayer
2008-07-25 19:45:13 14047581 --a------ C:\Program Files\kmp_1430 (May 2008 version).exe
2008-07-23 13:43:06 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Nokia
2008-07-23 13:43:06 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-23 13:42:28 0 d-------- C:\Program Files\DIFX
2008-07-23 13:42:26 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\PC Suite
2008-07-23 13:42:21 0 d-------- C:\Program Files\PC Connectivity Solution
2008-07-23 13:42:02 0 d-------- C:\Program Files\Nokia
2008-07-23 13:40:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
-- Find3M Report ---------------------------------------------------------------
2008-08-12 12:32:35 72154 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-08 16:23:07 0 d-------- C:\Program Files\Trend Micro
2008-08-08 15:05:16 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\AdobeUM
2008-07-23 13:42:46 0 d-------- C:\Program Files\Common Files
2008-07-22 17:45:50 0 d-------- C:\Program Files\Online Services
2008-07-10 09:54:51 0 d-------- C:\Program Files\WinPcap
2008-06-30 13:50:41 0 d-------- C:\Program Files\Ahead
2008-06-30 13:48:50 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\Ahead
2008-06-30 13:47:31 0 d-------- C:\Program Files\Common Files\Nero
2008-06-30 13:45:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-30 09:22:09 0 d-------- C:\Documents and Settings\Santos_GDV\Application Data\IDMComp
2008-06-25 15:52:40 0 d-------- C:\Program Files\FORT
2008-06-23 10:13:29 0 d-------- C:\Program Files\activePDF
2008-06-18 10:12:21 376 --a------ C:\ACH16301
2008-06-17 09:08:36 0 d-------- C:\Program Files\microsoft frontpage
2008-06-11 18:09:56 73216 --a----c- C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-10 22:15:46 62 --ahs---- C:\Documents and Settings\Santos_GDV\Application Data\desktop.ini
2008-06-10 14:26:41 0 -rahs---- C:\MSDOS.SYS
2008-06-10 14:26:41 0 -rahs---- C:\IO.SYS
2008-06-10 14:26:41 0 --a------ C:\CONFIG.SYS
2008-06-10 14:26:41 0 --a------ C:\AUTOEXEC.BAT
2008-06-10 14:23:19 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/21/2008 08:49 AM]
"nwiz"="nwiz.exe" [03/21/2008 08:49 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/21/2008 08:49 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [01/24/2008 10:21 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/24/2008 05:53 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/08/2007 09:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [08/19/2003 05:23 PM]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [01/23/2004 05:30 AM]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [01/23/2004 05:30 AM]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [01/23/2004 05:30 AM]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [01/23/2004 05:30 AM]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [01/23/2004 05:30 AM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/05/2008 03:30 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/05/2007 04:14 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/05/2007 04:14 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"EtherDetect"="" []
"AIM Sniffer"="" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/28/2006 02:12 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/11/2008 11:10:42 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 04:37 PM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2007 04:36 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c7f9ce-5a3a-11dd-9571-001f3c4ddd4f}]
AutoRun\command- E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a462c57-379b-11dd-9533-001f3c4ddd4f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe S3Update64.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eccc7e4-4251-11dd-9546-001f3c4ddd4f}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830f919e-391b-11dd-9539-001f3c4ddd4f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe S3Update64.dll.vbs
-- End of Deckard's System Scanner: finished at 2008-08-15 16:54:30 ------------
This is the log of extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Core2 Duo CPU T5750 @ 2.00GHz
CPU 1: Intel® Core2 Duo CPU T5750 @ 2.00GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2014.22 MiB / 1572.81 MiB
Pagefile Memory (total/avail): 3907.39 MiB / 3609.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.16 MiB
A: is Network (NTFS)
B: is Network (NTFS)
C: is Fixed (NTFS) - 149.05 GiB total, 133.62 GiB free.
D: is CDROM (No Media)
U: is Network (NTFS)
Z: is Network (NTFS)
\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-08RST2 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Trend Micro OfficeScan Enterprise Client Firewall v7.3 (TrendFirewall)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
-- Environment Variables -------------------------------------------------------
ALLIANT=C:\PROGRA~1\COMMON~1\BORLAN~1\Bde;C:\PROGRA~1\Fiserv\Alliant\Common\ImageMan;C:\PROGRA~1\Fiserv\Alliant\Common
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Santos_GDV\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EIBAUD001
ComSpec=C:\WINDOWS\system32\cmd.exe
FISERVSHARED=C:\PROGRA~1\COMMON~1\FISERV~1\Alliant
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Santos_GDV
INFORMIXDIR=C:\PROGRAM FILES\INFORMIX
LOGONSERVER=\\EIBCHINOROCES
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\PROGRA~1\COMMON~1\BORLAN~1\Bde;C:\PROGRA~1\Fiserv\Alliant\Common\ImageMan;C:\PROGRA~1\Fiserv\Alliant\Common;C:\PROGRA~1\COMMON~1\FISERV~1\Alliant;C:\PROGRAM FILES\INFORMIX\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SANTOS~1\LOCALS~1\Temp
USERDOMAIN=EIB_HO
USERNAME=Santos_GDV
USERPROFILE=C:\Documents and Settings\Santos_GDV
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
EXPORT BANK
(admin)Administrator
(admin)Santos_GDV
(admin) -- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Aoc\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL16.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL17.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL18.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL19.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL20.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL21.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL22.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL23.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL24.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL25.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL26.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL27.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL28.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL29.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL30.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL31.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL32.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL33.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL34.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL35.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL36.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL68.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\EZSetup\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL2.isu"
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Fiserv Alliant Branch Teller Products --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fiserv\Alliant\Uninst.isu"
FORT v1.13 --> "C:\Program Files\FORT\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
INFORMIX-CLI 32 --> C:\WINDOWS\uninst.exe -f"C:\PROGRAM FILES\INFORMIX\BIN\DeIsL1.isu"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java 2 SDK, SE v1.4.2_01 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
u/SWITCHWARE --> MsiExec.exe /I{01A75A0F-9CFB-4609-BC22-38A61F7849CE}
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinPcap 4.1 beta2 --> C:\Program Files\WinPcap\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type1538 / Error
Event Submitted/Written: 08/15/2008 03:49:30 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type1514 / Error
Event Submitted/Written: 08/15/2008 09:37:08 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type1507 / Error
Event Submitted/Written: 08/15/2008 09:35:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x10078f40.
Processing media-specific event for [ctfmon.exe!ws!]
Event Record #/Type1501 / Error
Event Submitted/Written: 08/15/2008 08:32:22 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type1495 / Error
Event Submitted/Written: 08/14/2008 04:34:47 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3506 / Warning
Event Submitted/Written: 08/15/2008 04:23:06 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet P1505 for Windows NT x86 Version-3 was added or updated. Files:- HP1006K.DLL, HP1006U.DLL, HP1006K.DLL, HP1006H.CHM, P1006CLP.dll, HP1006C.DLL, HP1006D.DLL, HP1006J.DLL, HP1006LM.DLL, HP1006MC.EXE, HP1006MP.DLL, HP1006MT.DLL, HP1006P.DLL, HP1006S.DLL, HP1006SM.exe, HP1006SX.dll, P1006MAN.dll, P1006SSL.exe, P1006SIG.gif, P1006DEF.css, P1006BTN.js, P1006GLB.js, P1005DP.PRN, P1006DP.PRN, P1505DP.PRN, P1505nDP.PRN, P1006CLS.dll, HP1006L.DLL, HP1006LG.dll, HP1006S.CHM, P1006OS.htm, P1006IPS.dll, HP1006S.HLP, P1005.img, P1006.img, P1505.img.
Event Record #/Type3489 / Warning
Event Submitted/Written: 08/15/2008 03:49:57 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet P1505 for Windows NT x86 Version-3 was added or updated. Files:- HP1006K.DLL, HP1006U.DLL, HP1006K.DLL, HP1006H.CHM, P1006CLP.dll, HP1006C.DLL, HP1006D.DLL, HP1006J.DLL, HP1006LM.DLL, HP1006MC.EXE, HP1006MP.DLL, HP1006MT.DLL, HP1006P.DLL, HP1006S.DLL, HP1006SM.exe, HP1006SX.dll, P1006MAN.dll, P1006SSL.exe, P1006SIG.gif, P1006DEF.css, P1006BTN.js, P1006GLB.js, P1005DP.PRN, P1006DP.PRN, P1505DP.PRN, P1505nDP.PRN, P1006CLS.dll, HP1006L.DLL, HP1006LG.dll, HP1006S.CHM, P1006OS.htm, P1006IPS.dll, HP1006S.HLP, P1005.img, P1006.img, P1505.img.
Event Record #/Type3485 / Error
Event Submitted/Written: 08/15/2008 03:48:30 PM
Event ID/Source: 28 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are accessible.
NtpClient has no source of accurate time.
Event Record #/Type3484 / Warning
Event Submitted/Written: 08/15/2008 03:48:30 PM
Event ID/Source: 13 / W32Time
Event Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to
determine its time source, but the computer is joined to a
Windows NT 4.0 domain. Windows NT 4.0 domain controllers do not have
a time service and do not support domain hierarchy as a time source.
NtpClient will attempt to use an alternate configured external time
source if available. If an external time source is not configured
or used for this computer, you may choose to disable the NtpClient.
Event Record #/Type3480 / Warning
Event Submitted/Written: 08/15/2008 01:29:14 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet P1505 for Windows NT x86 Version-3 was added or updated. Files:- HP1006K.DLL, HP1006U.DLL, HP1006K.DLL, HP1006H.CHM, P1006CLP.dll, HP1006C.DLL, HP1006D.DLL, HP1006J.DLL, HP1006LM.DLL, HP1006MC.EXE, HP1006MP.DLL, HP1006MT.DLL, HP1006P.DLL, HP1006S.DLL, HP1006SM.exe, HP1006SX.dll, P1006MAN.dll, P1006SSL.exe, P1006SIG.gif, P1006DEF.css, P1006BTN.js, P1006GLB.js, P1005DP.PRN, P1006DP.PRN, P1505DP.PRN, P1505nDP.PRN, P1006CLS.dll, HP1006L.DLL, HP1006LG.dll, HP1006S.CHM, P1006OS.htm, P1006IPS.dll, HP1006S.HLP, P1005.img, P1006.img, P1505.img.
-- End of Deckard's System Scanner: finished at 2008-08-15 16:54:30 ------------
Thanks again!