Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hard drive space disappearing and settings not saving.


  • Please log in to reply

#1
MarMah

MarMah

    New Member

  • Member
  • Pip
  • 3 posts
I have a Windows XP machine (GX260) in a small/medium network. I was called to take a look at the users computer because she was unable to open any programs because of low disk space. I ran the normal procedures that I have found that usually fixes this problem. The programs and things that I ran are as follows: I booted in safe mode and ran MBAM, and went in to TEMP folder and deleted those files. (that folder had about 5.16GB of files in it) I am still missing around 10GB or more of space.

I installed Firefox and had to log off of the user to change a setting under the admin account and when I logged back on the the user account Firefox was gone. I tried changing a display setting for her screen saver and it just changes itself back to the original.

I tried to do a system restore but there is no restore point to load from. I am pretty stumpped and if I could get another brain to think about this and throw me some ideas that would be great!

P.S. I forgot to mention that we run Symantec Antivirus Corporate Edition on all machines. I've had this virus before and other viruses similar to this and the virus always seems to stop the Realtime Protection associated with Symantec and puts a yellow exlamation point over the shield.

EDIT: Here is my OTL Log:

OTL logfile created on: 6/15/2010 10:50:12 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\apay\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 649.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 4.86 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 276.51 Gb Total Space | 102.67 Gb Free Space | 37.13% Space Free | Partition Type: NTFS
Drive O: | 256.91 Gb Total Space | 175.09 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Computer Name: TWFINAP12
Current User Name: apay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/15 10:50:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\apay\Desktop\OTL.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 01:21:18 | 000,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2010/06/15 10:50:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\apay\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2010/01/12 22:23:55 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100105.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/12 22:23:54 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100105.019\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/16 04:07:48 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/08/09 11:38:07 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:80

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1


[2007/08/11 16:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\apay\Application Data\Mozilla\Firefox\Profiles\6jkx8nwx.default\extensions
[2006/01/02 11:15:46 | 001,312,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1186663274265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1186663268796 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.129 66.0.214.14 207.230.75.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = twest.lan
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\apay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\apay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/27 13:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 10:50:08 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\apay\Desktop\OTL.exe
[2010/06/15 10:43:31 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/15 10:43:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/15 10:40:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/06/15 10:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/06/15 10:34:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 10:50:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\apay\Desktop\OTL.exe
[2010/06/15 10:48:08 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/15 10:44:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/15 10:43:08 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/15 10:36:27 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/06/15 10:32:44 | 000,001,016 | RHS- | M] () -- C:\Documents and Settings\apay\ntuser.pol
[2010/06/15 10:31:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 10:31:38 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\apay\NTUSER.DAT
[2010/06/15 10:31:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\apay\ntuser.ini
[2010/06/15 10:31:29 | 003,579,728 | -H-- | M] () -- C:\Documents and Settings\apay\Local Settings\Application Data\IconCache.db
[2010/06/15 10:16:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 10:16:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/15 08:25:38 | 000,063,592 | ---- | M] () -- C:\Documents and Settings\apay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/08 10:16:35 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\apay\Desktop\DEPARTMENT REQUEST.xls
[2010/05/28 16:45:24 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\apay\My Documents\OFFICE SUPPLY.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 10:43:08 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/15 10:36:27 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/28 16:45:23 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\apay\My Documents\OFFICE SUPPLY.doc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/08/09 11:51:17 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll
[2007/08/09 11:51:17 | 000,000,575 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2007/08/09 08:47:01 | 000,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

Mark

Edited by MarMah, 15 June 2010 - 08:53 AM.

  • 0

Advertisements


#2
MarMah

MarMah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the Extras.txt log as well:

OTL Extras logfile created on: 6/15/2010 10:50:12 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\apay\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 649.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 4.86 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 276.51 Gb Total Space | 102.67 Gb Free Space | 37.13% Space Free | Partition Type: NTFS
Drive O: | 256.91 Gb Total Space | 175.09 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Computer Name: TWFINAP12
Current User Name: apay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{2E56775F-12A6-44CB-A969-3C2CEB371313}" = Dexterity Shared Components 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{9DD36FEE-BEC3-436D-9E9F-95DBE6DA7BE3}" = Microsoft Dynamics GP 10.0 (GP10)
"{9DD36FEE-BEC3-436D-9E9F-95DBE6DA7BE3}_Ex" = Microsoft Dynamics GP 10.0 (GP10)
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NETGEAR Print Server Software" = NETGEAR Print Server Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Ethernet Adapter and Software
"WIC" = Windows Imaging Component

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2010 8:33:47 AM | Computer Name = TWFINAP12 | Source = ESENT | ID = 439
Description = wuauclt (844) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1808.

Error - 6/15/2010 8:33:48 AM | Computer Name = TWFINAP12 | Source = ESENT | ID = 482
Description = wuauclt (620) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 6/15/2010 8:33:48 AM | Computer Name = TWFINAP12 | Source = ESENT | ID = 439
Description = wuauclt (620) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1808.

Error - 6/15/2010 9:37:45 AM | Computer Name = TWFINAP12 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 6/15/2010 9:51:26 AM | Computer Name = TWFINAP12 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/15/2010 9:51:26 AM | Computer Name = TWFINAP12 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/15/2010 9:52:22 AM | Computer Name = TWFINAP12 | Source = Norton AntiVirus | ID = 16711694
Description = Symantec AntiVirus services failed to start. Virus definition file
is invalid. (CC001000)

Error - 6/15/2010 10:15:37 AM | Computer Name = TWFINAP12 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/15/2010 10:15:37 AM | Computer Name = TWFINAP12 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/15/2010 10:16:33 AM | Computer Name = TWFINAP12 | Source = Norton AntiVirus | ID = 16711694
Description = Symantec AntiVirus services failed to start. Virus definition file
is invalid. (CC001000)

[ Dexterity Events ]
Error - 8/31/2009 7:44:35 AM | Computer Name = TWFINAP12 | Source = Dexterity | ID = 1000
Description =

Error - 11/23/2009 6:03:39 PM | Computer Name = TWFINAP12 | Source = Dexterity | ID = 1000
Description =

Error - 12/9/2009 3:13:48 PM | Computer Name = TWFINAP12 | Source = Dexterity | ID = 1000
Description =

Error - 4/12/2010 4:32:09 PM | Computer Name = TWFINAP12 | Source = Dexterity | ID = 1000
Description =

Error - 5/12/2010 2:22:16 PM | Computer Name = TWFINAP12 | Source = Dexterity | ID = 1000
Description =

[ System Events ]
Error - 6/15/2010 9:53:46 AM | Computer Name = TWFINAP12 | Source = Service Control Manager | ID = 7023
Description = The Symantec AntiVirus Client service terminated with the following
error: %%10

Error - 6/15/2010 9:57:22 AM | Computer Name = TWFINAP12 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 6/15/2010 10:06:58 AM | Computer Name = TWFINAP12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2010 10:07:35 AM | Computer Name = TWFINAP12 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm

Error - 6/15/2010 10:11:04 AM | Computer Name = TWFINAP12 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 6/15/2010 10:15:37 AM | Computer Name = TWFINAP12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2010 10:15:37 AM | Computer Name = TWFINAP12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2010 10:15:37 AM | Computer Name = TWFINAP12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2010 10:17:56 AM | Computer Name = TWFINAP12 | Source = Service Control Manager | ID = 7023
Description = The Symantec AntiVirus Client service terminated with the following
error: %%10

Error - 6/15/2010 10:21:32 AM | Computer Name = TWFINAP12 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP