DESKTOP
Another problem we are having is it won't read certain discs in the CD driver but others it will just fine..for example I can't uninstall Office 97 because it can't read the disc that it tells me to insert into the drive...
ComboFixComboFix 11-06-22.02 - Charlie 06/22/2011 23:11:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1778 [GMT -4:00]
Running from: c:\users\Charlie\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\pswi_preloaded.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 03:24 . 2011-06-23 03:26 -------- d-----w- c:\users\Charlie\AppData\Local\temp
2011-06-23 03:24 . 2011-06-23 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 03:24 . 2011-06-23 03:24 -------- d-----w- c:\users\Becky\AppData\Local\temp
2011-06-23 03:24 . 2011-06-23 03:24 -------- d-----w- c:\users\Austin\AppData\Local\temp
2011-06-21 05:51 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2697AB4C-9652-4F50-AABA-A7BC11D001D8}\mpengine.dll
2011-06-16 07:05 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 07:05 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 07:05 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 01:33 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 01:33 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 01:33 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 01:33 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 01:33 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 01:33 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 01:33 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 01:33 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 01:33 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 01:33 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-12 23:49 . 2011-06-14 23:53 -------- d-----w- c:\users\Charlie\AppData\Roaming\Apple Computer
2011-06-12 23:47 . 2011-06-12 23:47 -------- d-----w- c:\program files\iPod
2011-06-12 23:47 . 2011-06-12 23:48 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-12 23:47 . 2011-06-12 23:48 -------- d-----w- c:\program files\iTunes
2011-06-12 23:44 . 2011-06-12 23:44 -------- d-----w- c:\program files\Bonjour
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\plugins\nppdf32.dll
2011-05-27 18:17 . 2011-05-27 18:17 644360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-08 10:44 . 2011-05-18 22:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11 . 2011-01-12 02:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-01-12 02:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2009-10-03 05:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-29 18:08 . 2011-04-13 12:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-29 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-23 8425472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-23 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-17 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Get 2 FREE Audiobooks.lnk - c:\users\Charlie\AppData\Local\Temp\HelpInstaller_StartUp.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 136176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-04-05 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-05-04 22528]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110622.001\IDSvix86.sys [2011-06-03 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-14 569344]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 04:29]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 04:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lenovo.com/welcome/3000desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 24.159.64.23 24.178.162.3 97.81.22.195
FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\hgei34s8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.aol.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-06-22 23:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6244)
c:\windows\System32\NaturalLanguage6.dll
c:\windows\system32\msi.dll
c:\program files\Norton 360\Engine\4.3.0.5\ccIPC.dll
c:\program files\Norton 360\Engine\4.3.0.5\ccGEvt.dll
.
Completion time: 2011-06-22 23:37:40
ComboFix-quarantined-files.txt 2011-06-23 03:37
.
Pre-Run: 129,302,065,152 bytes free
Post-Run: 129,303,134,208 bytes free
.
- - End Of File - - 3D090A5546B02E02F25B0AD03364FE43
PROCEPTProcess PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 83.49 0 K 24 K
System 4 < 0.01 0 K 28,816 K
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
smss.exe 400 292 K 568 K Windows Session Manager Microsoft Corporation
csrss.exe 532 < 0.01 2,184 K 6,688 K Client Server Runtime Process Microsoft Corporation
wininit.exe 584 1,264 K 3,400 K Windows Start-Up Application Microsoft Corporation
services.exe 628 < 0.01 2,864 K 6,100 K Services and Controller app Microsoft Corporation
svchost.exe 836 < 0.01 3,572 K 6,028 K Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 2804 8,148 K 9,504 K WMI Provider Host Microsoft Corporation
dllhost.exe 3096 1,568 K 3,880 K COM Surrogate Microsoft Corporation
unsecapp.exe 7836 3,040 K 6,776 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
WmiPrvSE.exe 7236 3,224 K 6,052 K WMI Provider Host Microsoft Corporation
svchost.exe 896 < 0.01 4,048 K 6,188 K Host Process for Windows Services Microsoft Corporation
svchost.exe 932 75,276 K 37,992 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1024 15,576 K 10,924 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 1200 11,324 K 9,432 K Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1100 < 0.01 93,868 K 93,876 K Host Process for Windows Services Microsoft Corporation
WUDFHost.exe 2992 < 0.01 3,152 K 4,008 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
dwm.exe 3400 0.77 75,600 K 38,176 K Desktop Window Manager Microsoft Corporation
svchost.exe 1136 < 0.01 75,644 K 47,524 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 3648 2,120 K 5,308 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 4192 10,728 K 9,708 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 7572 7,844 K 10,748 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1228 2,212 K 3,956 K Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1244 6,548 K 10,240 K Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1296 < 0.01 8,604 K 12,480 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1424 < 0.01 23,452 K 18,464 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1620 < 0.01 7,484 K 8,724 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1664 13,368 K 9,852 K Host Process for Windows Services Microsoft Corporation
IPSSVC.EXE 200 1,616 K 2,488 K IPS Core Service Lenovo Group Limited
AOLacsd.exe 276 2,244 K 3,464 K AOL Connectivity Service AOL LLC
AppleMobileDeviceService.exe 316 < 0.01 3,116 K 4,020 K MobileDeviceService Apple Inc.
BcmSqlStartupSvc.exe 412 984 K 2,588 K BCM SQL Startup Service Microsoft Corporation
mDNSResponder.exe 500 1,856 K 4,324 K Bonjour Service Apple Inc.
CTSVCCDA.EXE 512 760 K 2,032 K Creative Service for CDROM Access Creative Technology Ltd
DkService.exe 536 < 0.01 22,044 K 25,284 K DKSERVICE.EXE Diskeeper Corporation
DkIcon.exe 3780 < 0.01 1,644 K 5,484 K DKICON.EXE Diskeeper Corporation
ijplmsvc.exe 832 952 K 2,628 K PIXMA Extended Servey Program Service
ccsvchst.exe 1148 14.69 102,548 K 13,872 K Symantec Service Framework Symantec Corporation
ccsvchst.exe 2136 36,716 K 7,504 K Symantec Service Framework Symantec Corporation
svchost.exe 1956 1,652 K 4,228 K Host Process for Windows Services Microsoft Corporation
PSIService.exe 2008 2,248 K 2,756 K nTitles PSIService
svchost.exe 2044 876 K 2,352 K Host Process for Windows Services Microsoft Corporation
sqlbrowser.exe 1936 1,052 K 2,496 K SQL Browser Service EXE Microsoft Corporation
sqlwriter.exe 2096 3,672 K 3,912 K SQL Server VSS Writer Microsoft Corporation
svchost.exe 2168 < 0.01 17,524 K 5,028 K Host Process for Windows Services Microsoft Corporation
tvt_reg_monitor_svc.exe 2188 < 0.01 1,612 K 2,904 K ThinkVantage Registry Monitor Service Lenovo Group Limited
tvttcsd.exe 2232 848 K 2,996 K tvttcsd Application IBM
rrpservice.exe 2264 2,204 K 3,440 K rrpservice Module
rrservice.exe 2296 9,076 K 6,868 K Rescue and Recovery Backup Service Lenovo Group Limited
tvtsched.exe 2352 7,900 K 5,876 K ThinkVantage Scheduler Lenovo Group Limited
svchost.exe 2392 1,056 K 3,244 K Host Process for Windows Services Microsoft Corporation
WLIDSVC.EXE 2408 4,196 K 6,424 K Microsoft® Windows Live ID Service Microsoft Corporation
WLIDSVCM.EXE 3252 848 K 2,128 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
SearchIndexer.exe 2444 < 0.01 50,432 K 44,296 K Microsoft Windows Search Indexer Microsoft Corporation
SUService.exe 2520 16,968 K 11,360 K ThinkVantage System Update Service Lenovo Group Limited
svchost.exe 3684 2,476 K 5,700 K Host Process for Windows Services Microsoft Corporation
wmpnetwk.exe 2516 < 0.01 13,940 K 12,332 K Windows Media Player Network Sharing Service Microsoft Corporation
iPodService.exe 4648 < 0.01 3,128 K 4,872 K iPodService Module (32-bit) Apple Inc.
lsass.exe 640 < 0.01 3,404 K 4,276 K Local Security Authority Process Microsoft Corporation
lsm.exe 648 1,944 K 3,300 K Local Session Manager Service Microsoft Corporation
csrss.exe 596 < 0.01 2,608 K 7,180 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 760 2,076 K 4,428 K Windows Logon Application Microsoft Corporation
explorer.exe 6244 < 0.01 32,080 K 43,964 K Windows Explorer Microsoft Corporation
procexp.exe 4300 0.77 17,720 K 30,096 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MSASCui.exe 3840 10,284 K 12,852 K Windows Defender User Interface Microsoft Corporation
ico.exe 3616 1,176 K 3,344 K Mouse Suite 98 Daemon Primax Electronics Ltd.
scheduler_proxy.exe 1440 3,372 K 3,108 K scheduler_proxy Application Lenovo Group Limited
BJMYPRT.EXE 1864 1,716 K 4,016 K Canon My Printer CANON INC.
iTunesHelper.exe 1076 < 0.01 7,184 K 6,972 K iTunesHelper Apple Inc.
QTTask.exe 1992 1,472 K 3,840 K QuickTime Task Apple Inc.
Weather.exe 3756 < 0.01 40,732 K 4,876 K AWS Convergence Technologies, Inc.
wmpnscfg.exe 3776 2,432 K 5,688 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
realsched.exe 6192 2,768 K 824 K RealNetworks Scheduler RealNetworks, Inc.
notepad.exe 5412 1,724 K 5,836 K Notepad Microsoft Corporation
VEW ApplicationVino's Event Viewer v01c run on Windows Vista in English
Report run at 22/06/2011 11:51:11 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/06/2011 3:38:04 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\CF21867.CFXXE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:35:11 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:35:11 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:35:11 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:35:11 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:18:46 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP4701> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:18:46 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP4701> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:18:36 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:18:36 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:16:06 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP0700> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:13:14 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\SOFTAV03> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:13:14 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\SOFTAV02> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:13:14 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\SOFTAV00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:13:14 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\SOFTAV00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:13:05 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP0002> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 23/06/2011 3:12:59 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 20/06/2011 1:16:56 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\RRBACKUPS\DOCUMENTS AND SETTINGS\AUSTIN\APPDATA\ROAMING\MICROSOFT\PROTECT\S-1-5-21-206110968-517032728-4089512812-1008> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 19/06/2011 8:09:14 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHARLIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 19/06/2011 8:09:14 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHARLIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Log: 'Application' Date/Time: 19/06/2011 8:09:14 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHARLIE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/06/2011 3:11:10 PM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.
Log: 'Application' Date/Time: 20/06/2011 1:13:01 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 20/06/2011 1:11:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo
Log: 'Application' Date/Time: 19/06/2011 8:14:06 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 12 time(s) since 4:09:14 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.
Log: 'Application' Date/Time: 19/06/2011 4:37:56 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 19/06/2011 4:35:34 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo
Log: 'Application' Date/Time: 18/06/2011 10:41:11 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 8 time(s) since 6:11:10 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.
Log: 'Application' Date/Time: 17/06/2011 1:45:44 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 17/06/2011 1:43:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Log: 'Application' Date/Time: 16/06/2011 12:59:48 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 12 time(s) since 8:48:40 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.
Log: 'Application' Date/Time: 16/06/2011 7:32:55 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 16/06/2011 7:29:23 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Log: 'Application' Date/Time: 14/06/2011 1:46:01 PM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.
Log: 'Application' Date/Time: 13/06/2011 9:48:37 PM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.
Log: 'Application' Date/Time: 13/06/2011 1:19:46 PM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.
Log: 'Application' Date/Time: 13/06/2011 1:19:43 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 13/06/2011 1:18:23 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3316 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Log: 'Application' Date/Time: 13/06/2011 11:49:34 AM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.
Log: 'Application' Date/Time: 13/06/2011 11:49:31 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 13/06/2011 11:44:10 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2960 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
VEW SYSTEM\
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/06/2011 11:51:40 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/06/2011 3:25:22 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Log: 'System' Date/Time: 23/06/2011 3:16:31 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Log: 'System' Date/Time: 23/06/2011 3:11:11 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Log: 'System' Date/Time: 21/06/2011 1:58:10 AM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. The backup browser is stopping.
Log: 'System' Date/Time: 21/06/2011 1:12:44 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.100 for the Network Card with network address 001617F810EC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Log: 'System' Date/Time: 20/06/2011 1:43:08 PM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. The backup browser is stopping.
Log: 'System' Date/Time: 20/06/2011 1:17:45 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 20/06/2011 1:17:45 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Log: 'System' Date/Time: 20/06/2011 1:17:45 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
Log: 'System' Date/Time: 20/06/2011 1:17:15 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
Log: 'System' Date/Time: 20/06/2011 1:16:46 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
Log: 'System' Date/Time: 20/06/2011 1:16:15 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
Log: 'System' Date/Time: 20/06/2011 1:15:42 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
Log: 'System' Date/Time: 20/06/2011 1:15:12 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
Log: 'System' Date/Time: 20/06/2011 1:14:08 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Lbd
Log: 'System' Date/Time: 19/06/2011 4:46:05 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.
Log: 'System' Date/Time: 19/06/2011 4:44:21 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Log: 'System' Date/Time: 19/06/2011 4:43:02 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
Log: 'System' Date/Time: 19/06/2011 4:42:32 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
Log: 'System' Date/Time: 19/06/2011 4:41:46 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/06/2011 3:50:17 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {6A869075-0AC5-4F6C-B224-6EF06CA41F46} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PROCEXP141 Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:50:17 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {63AAD1D4-2DF5-432C-A960-AD21BC3D2070} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PROCEXP141 Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:37:55 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {32A922A4-ABBA-455D-9A03-CA47E40D0F24} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318} Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:25 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {0F9C9121-CDFA-4B8D-B373-6660A1D02991} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:25 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {F8180C15-FD84-455B-AB49-7EDC0461A602} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:18 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {6581DE1B-FF39-4812-92FD-6620FA08FA49} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: file:C:\Windows\system32\drivers\etc\hosts Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:13 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {4C55AE84-4A28-4975-8594-E61707A4A4D4} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: iemain:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_Url Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:10 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {848F99B4-DAB5-47E6-BB6F-BE20CFC3FB5B} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: iemain:HKCU@S-1-5-21-206110968-517032728-4089512812-1010\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:10 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {BE89B232-F964-4A34-B59B-85A32355E843} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: iemain:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:25:08 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {DA907F4E-7444-45EC-AAF6-E6FCC8997960} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: shellopencmd:HKLM\Software\Classes\scrfile\shell\open\command\\ Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:16:33 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {3C1B6071-4525-4284-B43D-6B71471EF8F4} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:16:33 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {5C0411A8-BD2D-4763-A422-FADD3F66C2FB} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:11:24 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {2D79C702-58A0-4691-9EDD-D9D3827D3674} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:mbr Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:11:14 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {6EBBC46C-4891-463B-8C9F-918CC969DFFB} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:11:14 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {E6428100-C73A-44A6-8AC1-01506AEDF394} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:catchme Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:11:14 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {EB431E15-C96E-4D42-AEE1-D7CA1492C06F} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:07:18 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {2082E724-1B76-4288-9C63-BCC8780AF134} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PROCEXP113 Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:07:18 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {CB85BBC9-E8B8-49C3-B051-9400D04878C8} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:07:18 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {2C8541DA-0557-4F78-B4A8-A274F888641C} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart Alert Type: Unclassified software Detection Type:
Log: 'System' Date/Time: 23/06/2011 3:07:18 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {1FC4A1BA-12C0-44D1-BCF1-0EE711CD0070} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys Alert Type: Unclassified software Detection Type: