Dell Vista X32 Won't hibernate, sleep, shut down when lid is closed

[Jacee]

Rescan with HJT, check these items:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
see this link --> What is IoctlSvc.exe? IoctlSvc.exe Task Manager Process Information

Close all open windows except for HJT, then click 'fix checked'. Reboot.

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[HawkZ28]

Done on both. Here you go....

 

[Jacee]

Looks good. How are things running now?

 

[Jacee]

If you still can't set a restore point, please uninstall RegCure. You don't need this program, as it may be causing unnecessary problems with the registry.

How to Remove RegCure | eHow.com

 

[HawkZ28]

So far so good- it even seems to be running and booting faster!

I couldn't find regcure anywhere other than my dowload folder, so to be safe, I reinstalled, and uninstalled, and then deleted to make sure all components were uninstalled.

Also, I forgot to attach this pic earlier- this is what I ran into with HJT.....is this anything to be concerned about?

 

[Jacee]

No, nothing was listed and I would have had you 'fix' a hijacked domain a different way.

Now, remove ComboFix
Go to Start---> Run Command ---> In the space provided, type ComboFix /u and press the Enter Key.

Download Secunia's Personal Software Inspecter and run a scan for outdated, vulnerable software. PSI - Consumer - Products

Recommendations
Below are some recommendations to lower your chances of (re)infection.

• Install and maintain an outbound firewall
• Install Spyware Blaster and update it regularly
  If you wish, the commercial version provides automatic updating.
• Install the MVPs hosts file, and update it regularly
  You can use the HostMan host file manager to do this automaticly if you wish.
  For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
• Install an Anti-Spyware program, and update it regularly
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  
  Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and enable system restore here: Windows Vista System Restore Guide
  
  Re-enable system restore with instructions from tutorial above.
  
  Next, please hide your System Files. To do this, please refer to the following guide and reverse its steps: "How To See Hidden Files in Windows." You should also do a clean-up of your disks. To do this, please follow the steps in this guide: "Delete files using Disk Clean-up."
  
  This should give you a good start into malware free pc usage. However I do suggest to visit the following additional information listed below:
  • So How did I get infected?
  • Microsoft - 'Security at home'
  • Miekies' prevention suggestions

 

[richc46]

TY Jacee. I have always used, and suggested, MSE and Malwarebytes. I have been following this thread and now have included Spywareblaster.
I have researched to software and feel that it will increase my internet security.

 

[Jacee]

richc46 and HawkZ28, SpywareBlaster is a great asset for protecting your Hosts file and Active X drive-by downloads!
Make sure you update at least once a week or so, and click on "enable all protection"
I would not be without it!

 

[HawkZ28]

THANKS again for all the help fellas! I tried to run the command to uninstall combofix and it just wanted to run it again. Any ideas. For the time being I just moved it to the trash can in the case that my wife or 20 month old inadvertently start it. Will that uninstall if I empty the trash?

Ill have to DL and install the other programs later on tonight and tomorrow, as well as *hopefully* succeed with creating a restore point!

I still haven't gotten it to work yet- I thought id go back to the beginning of the thread and start the steps again.

In a side note I found 2 wma trojans on my wife's laptop with eset so I've been applying your guys help and advice to hers today. Thank God for phones!

 

[Jacee]

• Download OTC and run it.
• When it opens, close all other programs, and click "Clean Up!"
• Click "Yes" when it says "Begin Cleanup Process?"
• Click "Yes " when it asks you to reboot to finish the cleanup operation.

This will take care of Combofix and all files associated with it.

 

[HawkZ28]

THANKS Jacee- that worked perfect!

I still can't create a restore point, and now my D drive all of a sudden is almost full today- the first photo is from a couple days ago, the other from today.

Also, something else I noticed when running vssadmin list writers. I attached screenies. I have several that are failed that probably aren't helping my situation any.

I uninstalled Nero 7 since everything started about the time I installed it, and I have read where it's installation has messed up the backup function in Vista.

 

[richc46]

Now that the virus is gone, go over the thread and make sure that you follow all the steps for system restore.

 

[HawkZ28]

That's what I did a few times since Sunday- started on page 1 with your suggestions and worked my way through.

I think I'm insane because I keep doing the same thing over and over expecting to achieve a different result :D When I finally do create one I'll probably yell loud enough you'll hear me.

 

[Jacee]

What is local disk 'D'? Is this an external drive or a partition?

 

[HawkZ28]

Partition I'm pretty sure. I've attached a shot of what's inside. It seems the boot folder just contains the same thing over and over, but in different languages?

 

[Jacee]

Do you have scheduled backups that are being stored in drive "D"?

 

[Jacee]

I have another list of things I'd like to see

Download SilentRunners http://www.silentrunners.org/Silent Runners.zip
1. Unzip/extract the file to its own folder:
C:\Silent Runners. (right click in 'C' drive to make a new folder)

3. Right click the SilentRunners.vbs inside the folder or on your desktop
to run as Administrator.
4. A message box will appear asking if you want to skip the supplemental
searches.
5. Press "Yes" to skip [default] or "No" to include them.
6. Another message box will appear saying: "Silent Runners has started. A
message box like this will appear when its done." The tool will scan your
system and create a log by default, in the same directory as the script or
one your desktop. The log is named "Startup Programs (ComputerName)
date/timestamp.txt".
7. When finished, the next message to appear will say: "All Done! the
results are in the file..." (it will provide the full path location of the
log.
8. Copy & paste the log in your next reply.
Note: If you have a script blocking program you may get a warning asking if
you want to allow the script to run. Some will say "malicious script
warning" or something to that effect. There is nothing malicious about this
script, you can click to allow it to execute.

 

[HawkZ28]

I'm almost postive that I don't have any backups scheduled to D- when I open up backup and restore center, my only option is either my DVD drive or E (media direct). In SR, my only option is to backup C, but it doesn't tell me to where.

Here you go!


"Silent Runners.vbs", revision 63, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows Vista SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Google Update" = ""C:\Users\RHawkins\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVHotkey" = "rundll32.exe C:\Windows\system32\nvHotkey.dll,Start" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"]
"Apoint" = "C:\Program Files\DellTPad\Apoint.exe" ["Alps Electric Co., Ltd."]
"UfSeAgnt.exe" = ""C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"" ["Trend Micro Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{FFCB3198-32F3-4E8B-9539-4324694ED664}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SimpleAdblock Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll" ["Simple Adblock"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

UEAFOverlay\(Default) = "{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
-> {HKLM...CLSID} = "Safearchive ExtractIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

UEAFOverlayOpen\(Default) = "{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
-> {HKLM...CLSID} = "Safearchive ExtractIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

"{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E}" = "Safearchive ContextMenu Class"
-> {HKLM...CLSID} = "Safearchive ContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

"{055EF591-5C38-49a0-9BDA-51B1D69D0BF4}" = "Safearchive ShellFolder Class"
-> {HKLM...CLSID} = "@C:\Program Files\Protector Suite QL\farchns.dll,-4263"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

"{66C99756-1C92-4d3e-BA69-9400A6F731F5}" = "Safearchive PropertySheetHandler Class"
-> {HKLM...CLSID} = "Safearchive PropertySheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

"{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA}" = "Safearchive ExtractIcon Class"
-> {HKLM...CLSID} = "Safearchive ExtractIcon Class"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

"{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" = "NVIDIA Play On My TV Context Menu Extension"
-> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]

"{5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25}" = "Belkin History Browser"
-> {HKLM...CLSID} = "Belkin HistoryBrowser Class"
\InProcServer32\(Default) = "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll" ["Belkin International, Inc."]

"{21D928D4-4850-45E3-9982-AD57051ECD42}" = "Edrawings Document Thumbnail Handler"
-> {HKLM...CLSID} = "EdrawingThumbNailProvider Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\eDrawings2010\edrwthumbnailprovider.dll" ["Dassault Systèmes SolidWorks Corp."]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll" ["Trend Micro Inc."]

"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\VBProp.dll" ["Trend Micro Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> "{E31004D1-A431-41B8-826F-E902F9D95C81}" = "Windows DreamScene"
-> {HKLM...CLSID} = "Windows DreamScene"
\InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll" ["Google"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "vrlogon.dll" [file not found]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Notification Packages" = "scecli"|"C:\Program Files\Protector Suite QL\psqlpwd.dll"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{AE583D93-8D1B-424F-9858-5623FB7824EE}\(Default) = "UPEK Fingerprint Credential Provider Filter"
-> {HKLM...CLSID} = "Provider Filter Object"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\provider.dll" ["UPEK Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{18CBEEAA-6708-41A1-9379-D08915333CF2}\(Default) = "UPEK Fingerprint Credential Provider"
-> {HKLM...CLSID} = "Provider Object"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\provider.dll" ["UPEK Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

<<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}"
-> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS]

<<!>> x-excid\CLSID = "{9D6CC632-1337-4a33-9214-2DA092E776F4}"
-> {HKLM...CLSID} = "DB2XMLPlugProt Class"
\InProcServer32\(Default) = "c:\Windows\Downloaded Program Files\mimectl.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Belkin HistoryBrowser\(Default) = "{5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25}"
-> {HKLM...CLSID} = "Belkin HistoryBrowser Class"
\InProcServer32\(Default) = "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll" ["Belkin International, Inc."]

{48F45200-91E6-11CE-8A4F-0080C81A28D4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll" ["Trend Micro Inc."]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

{771A9DA0-731A-11CE-993C-00AA004ADB6C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\VBProp.dll" ["Trend Micro Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

SafearchiveContextMenu\(Default) = "{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E}"
-> {HKLM...CLSID} = "Safearchive ContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Protector Suite QL\farchns.dll" ["UPEK Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Belkin HistoryBrowser\(Default) = "{5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25}"
-> {HKLM...CLSID} = "Belkin HistoryBrowser Class"
\InProcServer32\(Default) = "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll" ["Belkin International, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

Roxio DragToDisc Shell Extension\(Default) = "{5E44E225-A408-11CF-B581-008029601108}"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

{5E44E225-A408-11CF-B581-008029601108}\(Default) = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

DreamScene\(Default) = "{BE800AEB-A440-4B63-94CD-AA6B43647DF9}"
-> {HKLM...CLSID} = "Windows DreamScene Shell Extension"
\InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

NvCplDesktopContext\(Default) = "{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}"
-> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Belkin HistoryBrowser\(Default) = "{5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25}"
-> {HKLM...CLSID} = "Belkin HistoryBrowser Class"
\InProcServer32\(Default) = "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll" ["Belkin International, Inc."]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

{48F45200-91E6-11CE-8A4F-0080C81A28D4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll" ["Trend Micro Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"LogonHoursAction" = (REG_DWORD) dword:0x00000002
{unrecognized setting}

"DontDisplayLogonHoursWarnings" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"disableregistrytools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"disablecmd" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\Pictures\Kayla and her Doggies 2.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\RHawkins\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\PhotoScreensaver.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CTPlayAudioOnArrivalu\
"Provider" = "Creative MediaSource 5 Player"
"InvokeProgID" = "CTAutoPLu.AudioCDPlayer.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = ""C:\Program Files\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow" ["Creative Technology Ltd"]

CTPlayMusicFilesOnArrivalu\
"Provider" = "Creative MediaSource 5 Player"
"InvokeProgID" = "CTAutoPLu.MusicFilesPlayer.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = ""C:\Program Files\Creative\MediaSource5\CTCMSu.exe" /PlayNow "%L"" ["Creative Technology Ltd"]

Lexmark_3500-4500_Series\
"Provider" = "Lexmark Imaging Studio-3500-4500 Series"
"InvokeProgID" = "Lexmark_3500-4500_Series"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Lexmark_3500-4500_Series\shell\Play\DropTarget\CLSID = "{4D36E979-E325-11CE-BFC1-08002BE10318}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [null data]

MediaCapture9Music\
"Provider" = "Media Import"
"InvokeProgID" = "RoxioMediaCapture9"
"InvokeVerb" = "Audio"
HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Audio\command\(Default) = "C:\Program Files\Roxio\Roxio MyDVD DE\Media Import 9\MediaCapture9.exe -audio %L" ["Sonic Solutions"]

MediaCapture9Photos\
"Provider" = "Media Import"
"InvokeProgID" = "RoxioMediaCapture9"
"InvokeVerb" = "Photo"
HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Photo\command\(Default) = "C:\Program Files\Roxio\Roxio MyDVD DE\Media Import 9\MediaCapture9.exe -photo %L" ["Sonic Solutions"]

MediaCapture9VideoCamera\
"Provider" = "Media Import"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Roxio\Roxio MyDVD DE\Media Import 9\MediaCapture9.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MediaCapture9Videos\
"Provider" = "Media Import"
"InvokeProgID" = "RoxioMediaCapture9"
"InvokeVerb" = "Video"
HKLM\SOFTWARE\Classes\RoxioMediaCapture9\shell\Video\command\(Default) = "C:\Program Files\Roxio\Roxio MyDVD DE\Media Import 9\MediaCapture9.exe -video %L" ["Sonic Solutions"]

MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

RoxioSCAudioCDTask33\
"Provider" = "Roxio Creator Audio"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]

RoxioSCCopyCD33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCCopyDisc33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCDataProject33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]

RoxioSCDataTask33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]

WIA_{F1767EFD-92C7-44C1-B30C-D5D535829D73}\
"Provider" = "Picasa2"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


Startup items in "RHawkins" & "All Users" startup folders:
----------------------------------------------------------

C:\Users\RHawkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Google Desktop Sidebar" -> shortcut to: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /sidebar" ["Google"]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
"Google Calendar Sync" -> shortcut to: "C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe" ["Google"]
"QuickSet" -> shortcut to: "C:\Program Files\Dell\QuickSet\quickset.exe" ["Dell Inc."]
"Secunia PSI Tray" -> shortcut to: "C:\Program Files\Secunia\PSI\psi_tray.exe" ["Secunia"]


Windows Sidebar Gadgets:
------------------------

C:\Users\RHawkins\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
%PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget
%PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget
"C:%5CUsers%5CRHawkins%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CAccuWeatherForecast%5B1%5D.gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CSlideShow.Gadget"


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"CC Cleaner" -> launches: ""C:\Program Files\CCleaner\CCleaner.exe"" ["Piriform Ltd"]
"Fast Optimize" -> launches: ""C:\Program Files\MyDefrag v4.1.2\Scripts\FastOptimize.MyD"" [file not found]
"Fast Update" -> launches: ""C:\Program Files\MyDefrag v4.1.2\Scripts\FastUpdate.MyD"" [file not found]
"GoogleUpdateTaskUserS-1-5-21-2722398415-892656049-3767323762-1000Core" -> launches: "C:\Users\RHawkins\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-2722398415-892656049-3767323762-1000UA" -> launches: "C:\Users\RHawkins\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-2722398415-892656049-3767323762-500Core" -> launches: "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-2722398415-892656049-3767323762-500UA" -> launches: "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"IP Config Renew" -> launches: ""C:\Windows\System32\IP config renew.txt"" [null data]
"MotoHelper MUM" -> launches: ""C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe" -MUM" [null data]
"MotoHelper Routing" -> launches: ""C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe" -r" [null data]
"MotoHelper Update" -> launches: ""C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe" -d -silent" [null data]
"MyDefrag v4.3.1 Daily" -> launches: ""C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD"" [null data]
"MyDefrag v4.3.1 Monthly" -> launches: ""C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD"" [null data]
"User_Feed_Synchronization-{AF33B893-7CCB-4A76-B8F4-0B6FCF887995}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"{22825C59-E89B-441F-96DF-4D480DC0756B}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\RHawkins\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OP1E5PV\dotnetfx[1].exe" -d C:\Users\RHawkins\Desktop" [MS]
"{70FD34BC-89FD-461D-8847-01B3101F43EB}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\dell\drivers\R140135\3100_216\Win32\Setup.exe -d C:\dell\drivers\R140135\3100_216\Win32" [MS]
"{8E884367-298C-4D0F-A834-316A745A7C29}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl" -c Audio Console" [MS]
"{CFD01F5F-798E-4898-AEA3-D5E4B3F4BE19}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\RHawkins\AppData\Local\Temp\Temp1_12.0.4.0_VT_DRIVERS[1].zip\Disk\Vista\Drivers\v32\dpinst32.exe" [MS]
"{D2E3487A-43F4-4451-A0CC-93FDF9D8680D}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\dell\drivers\R140135\3100_216\Setup.exe -d C:\dell\drivers\R140135\3100_216" [MS]
"{D5DB6CE6-FE14-4954-BF58-A4238483EEA2}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]
"Uploader" -> launches: "%windir%\system32\WSqmCons.exe -u" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ManualDefrag" -> launches: "%windir%\system32\defrag.exe \\?\Volume{559df4e0-6416-11dd-bf9d-806e6f6e6963}\" [MS]
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
"Mcbuilder" -> launches: "C:\Windows\System32\mcbuilder.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RestartManager
"{D2F4D330-D18B-4f87-B929-DAE514C37F83}" -> (HIDDEN!) launches: "C:\Windows\system32\rmclient.exe \\.\pipe\RestartManager-{86F8F20A-55F7-400d-AB4B-C99CFF441C7D}" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
"WSHReset" -> (HIDDEN!) launches: "%systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
"Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"
-> {HKLM...CLSID} = "Windows Live Social Object Extractor Engine Definition Updater"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\SOXE\wlsoxe.dll" [MS]

C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-2722398415-892656049-3767323762-1000" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 39


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AffinegyService, AffinegyService, ""C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe"" ["Affinegy, Inc."]
Andrea ST Filters Service, AESTFilters, "C:\Windows\system32\aestsrv.exe" ["Andrea Electronics Corporation"]
Belkin Local Backup Service, Belkin Local Backup Service, ""C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service" [null data]
Belkin Network USB Helper, Belkin Network USB Helper, ""C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service" [null data]
Bluetooth Support Service, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Computer Browser, Browser, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
Creative Audio Service, CTAudSvcService, "C:\Program Files\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"]
DeviceMonitorService, DeviceMonitorService, ""C:\Program Files\Motorola Media Link\NServiceEntry.exe"" ["Nero AG"]
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
Human Interface Device Access, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\hidserv.dll" [MS]}
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
lxdi_device, lxdi_device, "C:\Windows\system32\lxdicoms.exe -service" [" "]
lxdiCATSCustConnectService, lxdiCATSCustConnectService, "C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe" ["Lexmark International, Inc."]
MotoHelper Service, MotoHelper, "C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe" [null data]
NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\Windows\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
Secunia PSI Agent, Secunia PSI Agent, ""C:\Program Files\Secunia\PSI\PSIA.exe" --start-service" ["Secunia"]
Secunia Update Agent, Secunia Update Agent, ""C:\Program Files\Secunia\PSI\sua.exe" --start-service" ["Secunia"]
ShadowExplorer Service, sesvc, ""C:\Program Files\ShadowExplorer\sesvc.exe"" [null data]
SigmaTel Audio Service, STacSV, "C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe" ["IDT, Inc."]
Smart Card, SCardSvr, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\SCardSvr.dll" [MS]}
SQL Server (MSSMLBIZ), MSSQL$MSSMLBIZ, ""c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ" [MS]
SQL Server Browser, SQLBrowser, ""c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"" [MS]
SQL Server VSS Writer, SQLWriter, ""c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"" [MS]
Trend Micro Central Control Component, SfCtlCom, ""C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"" ["Trend Micro Inc."]
Trend Micro Personal Firewall, TmPfw, "C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe" ["Trend Micro Inc."]
Trend Micro Proxy Service, tmproxy, ""C:\Program Files\Trend Micro\Internet Security\TmProxy.exe"" ["Trend Micro Inc."]
Trend Micro Unauthorized Change Prevention Service, TMBMServer, ""C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service" ["Trend Micro Inc."]
Windows Backup, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [MS]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, "C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]
Windows Presentation Foundation Font Cache 4.0.0.0, WPFFontCache_v0400, "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe" [MS]
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, "Service"
<<!>> procexp90.Sys, "Driver"

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> GoToAssist, "Service"
<<!>> PEVSystemStart, "Service"
<<!>> procexp90.Sys, "Driver"


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
3500-4500 Series Port\Driver = "lxdilmpm.dll" [" "]
CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data]
Lexmark Print-2-Fax Port\Driver = "LXF3PMON.DLL" [empty string]
PJL Language Monitor\Driver = "PJLMON.DLL" [MS]


---------- (launch time: 2011-01-19 06:07:38)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 60 seconds, including 8 seconds for message boxes)

 

[Jacee]

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work.
TFC will close ALL open programs including your browser!

Using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After youcomputer reboots, please go here and follow the instructions. http://www.vistax64.com/tutorials/72805-system-restore-point-shortcut.html

If a restore point still can't be created, download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
and save it to your desktop
Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
Click the check boxes next to Application and System located under Select log to query on the upper left
Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
Once it finishes it will display a log file in notepad
Please copy and paste its entire contents into your next reply

 

[HawkZ28]

Tried both- no dice......here's the results of VEW.


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 19/01/2011 9:06:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/01/2011 3:02:34 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = test; Hr = 0x8004231f).

Log: 'Application' Date/Time: 20/01/2011 3:01:27 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = test; Hr = 0x8004231f).

Log: 'Application' Date/Time: 19/01/2011 7:05:38 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module wlansvc.dll, version 6.0.6002.18064, time stamp 0x4a58e1c8, exception code 0xc0000005, fault offset 0x0001e211, process id 0x428, application start time 0x01cbb7f1575a9fc7.

Log: 'Application' Date/Time: 18/01/2011 5:58:16 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SetupX.exe version 1.6.48.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 11c8 Start Time: 01cbb738d0cfda03 Termination Time: 8

Log: 'Application' Date/Time: 18/01/2011 5:32:00 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name VssSnapshotMgmt cannot be started. [0x80070005]

Log: 'Application' Date/Time: 18/01/2011 5:10:18 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Office 12
Rejected Safe Mode action : Microsoft Office Outlook.

Log: 'Application' Date/Time: 18/01/2011 1:09:28 PM
Type: Error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error RegOpenKeyExW(-2147483646,System\CurrentControlSet\Services\EventLog\Application\VSS,...). hr = 0x80070005.

Log: 'Application' Date/Time: 18/01/2011 1:09:00 PM
Type: Error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error RegOpenKeyExW(-2147483646,System\CurrentControlSet\Services\EventLog\Application\VSS,...). hr = 0x80070005.

Log: 'Application' Date/Time: 18/01/2011 3:22:51 AM
Type: Error Category: 0
Event: 4100 Source: Windows Backup
File backup failed because a shadow copy could not be created. The system might be low on resources. The error is: Insufficient storage available to create either the shadow copy storage file or other shadow copy data. (0x8004231F).

Log: 'Application' Date/Time: 18/01/2011 2:22:12 AM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 17/01/2011 8:22:48 PM
Type: Error Category: 3
Event: 3024 Source: Microsoft-Windows-Search
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 17/01/2011 8:19:03 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\DrvInst.exe "4" "10000000" "C:\Windows\system32\config\systemprofile\{6c66b684-f58a-40a5-9aad-5306ffab50d3}\tmwfp.inf" "0" "57c531a8f" "000004D4" "Service-0x0-3e7$\Default" "000002D8" "208" "C:\Program Files\Trend Micro\Internet Security\Component\Engine\0x22004000"; Descripton = Device Driver Package Install: Trend Micro Network Service; Hr = 0x8004231f).

Log: 'Application' Date/Time: 17/01/2011 8:18:57 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\DrvInst.exe "4" "10000000" "C:\Windows\system32\config\systemprofile\{966e5c60-29ab-460a-8c79-9d40031c047e}\tmlwf.inf" "0" "5b7bb5c4b" "000004D4" "Service-0x0-3e7$\Default" "00000534" "208" "C:\Program Files\Trend Micro\Internet Security\Component\Engine\0x22004000"; Descripton = Device Driver Package Install: TrendMicro Network Service; Hr = 0x8004231f).

Log: 'Application' Date/Time: 17/01/2011 8:18:52 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\DrvInst.exe "4" "10000000" "C:\Windows\system32\config\systemprofile\{5af89866-391f-4e31-9076-604585729cd6}\tmtdi.inf" "0" "565320277" "00000524" "Service-0x0-3e7$\Default" "000004D4" "208" "C:\Program Files\Trend Micro\Internet Security\Component\Engine\0x22010000"; Descripton = Device Driver Package Install: Trend Micro Network Service; Hr = 0x8004231f).

Log: 'Application' Date/Time: 17/01/2011 8:13:28 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed Trend Micro Internet Security; Hr = 0x8004231f).

Log: 'Application' Date/Time: 17/01/2011 8:12:46 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed Trend Micro Internet Security; Hr = 0x8004231f).

Log: 'Application' Date/Time: 17/01/2011 1:11:27 AM
Type: Error Category: 0
Event: 8210 Source: System Restore
The scheduled restore point could not be created. Additional information: (0x8004231f).

Log: 'Application' Date/Time: 17/01/2011 1:11:27 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8004231f).

Log: 'Application' Date/Time: 16/01/2011 11:28:27 PM
Type: Error Category: 0
Event: 11606 Source: MsiInstaller
Product: Java(TM) 6 Update 20 -- Error 1606.Could not access network location %APPDATA%\.

Log: 'Application' Date/Time: 16/01/2011 11:28:27 PM
Type: Error Category: 0
Event: 11606 Source: MsiInstaller
Product: Java(TM) 6 Update 20 -- Error 1606.Could not access network location %APPDATA%\.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/01/2011 2:56:52 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 20/01/2011 2:44:22 AM
Type: Warning Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 19/01/2011 7:51:05 PM
Type: Warning Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 19/01/2011 7:25:58 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{s-1-5-21-2722398415-892656049-3767323762-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (0x80041206)


Log: 'Application' Date/Time: 19/01/2011 7:22:06 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{s-1-5-21-2722398415-892656049-3767323762-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Unspecified error (0x80004005)


Log: 'Application' Date/Time: 19/01/2011 7:22:04 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{s-1-5-21-2722398415-892656049-3767323762-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Unspecified error (0x80004005)


Log: 'Application' Date/Time: 19/01/2011 7:22:03 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{s-1-5-21-2722398415-892656049-3767323762-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Unspecified error (0x80004005)


Log: 'Application' Date/Time: 19/01/2011 7:07:43 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 19/01/2011 6:54:10 PM
Type: Warning Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 19/01/2011 3:55:55 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 19/01/2011 5:33:23 AM
Type: Warning Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 18/01/2011 10:51:05 PM
Type: Warning Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 18/01/2011 10:00:02 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 18/01/2011 7:22:54 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 18/01/2011 5:06:45 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 18/01/2011 5:02:51 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 18/01/2011 1:18:19 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{s-1-5-21-2722398415-892656049-3767323762-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (0x80041206)


Log: 'Application' Date/Time: 18/01/2011 1:05:52 PM
Type: Warning Category: 3
Event: 4879 Source: Microsoft-Windows-MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system RHAWKINS-PC.

Log: 'Application' Date/Time: 18/01/2011 12:57:58 PM
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 18/01/2011 12:57:58 PM
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~