o Connect to PC and check if you can observe anything unusual and fix. You may be able to identify and fix issue remotely.   o Analyze client event logs to find clue on why SAV got disabled. Check the client logs.  You may understand that SAV is able to get/download the latest definitions. Couldn’t find any other relevant errors.   o Check in SSC, if you can completely/partially able to manage the client. You may be able to partially manage the client (like was able to push the defs to client, run the scan) but couldn’t get the logs. […]

Windows Prompts:   Processes: Running as administrator: rmsink.exe, rundll32.exe(#2), googletalk.exe, DVDLAu~1.exe, dmremote.exe, cvpnd.exe, CnxDslTb.exe, Apoint.exe, ApntEx.exe, ISUSPM.exe Local service: scardsvr.exe, wdfmgr.exe   Registry Keys Modified: New Run keys: HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun + C:Program FilesVideo Add-onicthis.exe HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun + C:Program FilesApointApoint.exe HKCUSoftwareMicrosoftWindowsCurrentVersionRun + "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" –scheduler   Machine Level Run Keys: C:>reg query HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun /s ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Apoint REG_SZ C:Program FilesApointApoint.exe DellTouch REG_SZ C:WINNTMMKeybd.exe BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent ccApp REG_SZ "C:Program FilesCommon FilesSymantec SharedccApp.exe" vptray REG_SZ C:PROGRA~1SYMANT~1VPTray.exe QuickTime Task REG_SZ "C:PROGRA~1QUICKT~1qttask.exe" -atboottime CnxDslTaskBar REG_SZ "C:Program FilesBIPAC-7000 ADSL USB ModemCnxDslTb.exe" SigmatelSysTrayApp REG_SZ stsystra.exe NvCplDaemon REG_SZ RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup nwiz REG_SZ nwiz.exe /installquiet […]