Thanks you for the specs. I did give you directions to copy the information I need in the Event Viewer- all you gave me is the Description. Each Event has an ID# and a Source. I need that info to go with the Description you copied. But I'm going to wing it and give you what I "THINK" they are, with the understanding that I am working backwards:
1.Event Description: "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." is "probably"
Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
And means that incomplete outbound TCP connection attempts were made that exceeded the limit put on by SP2. This frequently is seen on systems with P2p. Or it could mean malware trying to call home. But note, if your Event is the same as this, it is a Warning.
The limit only applies to connections in which the destinations are unreachable. You absolutely should not hit it if you are opening TCP connections to addresses that are live with an active listener on the destination port. It is enforced by the stack and has nothing to do with your firewall software (third party or ours).
So it would appear that something is your system is attempting to access the internet. Because of the nature of this warning, suspect malware.
2. For Description:The tmcomm service failed to start due to the following error: The system cannot find the file specified.
TrendMicro has TmComm Service listed as their A permission error exists that allows anyone to write to the TmComm DoS interface. It has a vulnerability in that a permission error exists that allows anyone to write to the TmComm DoS interface.
From CIAC and TrendMicro Support which should be handled immediately per TM Support Bulletin:
http://tinyurl.com/2dmeab
3. For Description "The following boot-start or system-start driver(s) failed to load: Fips, intelppm" this is "probably" the following:
Event # 7026
Event Source: Service Control Manager:
FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, provide standard algorithms for searching, and provide other information processing standards for use within government agencies.
intelppm.sys is a Processor Device Driver from either Microsoft or Intel.
If a device is not working properly, its driver fails to load. A device can be related to a backup tape, cdrom driver, zip drive, any type of hardware. It could be caused by removing a tape driver from a server.
4. For Description: DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF},
the Event is "Probably":
Event ID: 10005
Source: DCOM
This one is self-explanatory. It doesn't work in Safe Mode! Is there any problem in Normal Mode? DCOM Error?
These Events for TCP and tmcomm point to malware in your system. The Events for DCOM and intelppm point to driver failures., taken together point to hardware problems. There's also a possible memory problem-possibly bad modules which need to be run through memtest..Did you install any hardware before you left? Any software? Update any drivers?
Edit to clean up.