olt text
OTL logfile created on: 7/20/2009 1:14:50 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.60% Memory free
3.84 Gb Paging File | 2.98 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 136.71 Gb Total Space | 102.68 Gb Free Space | 75.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.76 Gb Total Space | 81.89 Gb Free Space | 73.28% Space Free | Partition Type: FAT32
Drive F: | 12.13 Gb Total Space | 12.00 Gb Free Space | 98.92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PUREWATER
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
PRC - [2007/02/17 10:03:35 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Dfssvc.exe
PRC - [2009/02/16 07:37:19 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dns.exe
PRC - [2007/02/17 10:03:42 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/03/31 12:26:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/02/17 10:03:43 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\llssrv.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
PRC - [2008/12/16 21:39:30 | 09,158,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
PRC - [2007/02/17 10:03:53 | 00,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntfrs.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/04/23 18:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/02/17 10:03:58 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sbscrexe.exe
PRC - [2007/04/19 14:08:48 | 00,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE
PRC - [2007/08/20 13:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
PRC - [2009/01/15 06:36:51 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wins.exe
PRC - [2003/09/10 15:26:10 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2003/09/10 15:26:10 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
PRC - [2009/02/03 06:05:41 | 00,217,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/03 06:05:41 | 00,217,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007/02/17 10:03:39 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/09/13 15:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/03/31 12:26:01 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/26 10:41:46 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2007/08/20 13:36:38 | 00,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
PRC - [2008/04/06 05:34:23 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/19 12:29:16 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2003/05/15 02:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/04/24 15:05:42 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2005/05/04 05:07:30 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2004/11/04 20:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2009/05/28 15:05:08 | 15,953,032 | ---- | M] (DefNiC Software) -- C:\Program Files\Dispatched\Disp.exe
PRC - [2006/03/28 22:47:20 | 04,455,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft MapPoint\MapPoint.exe
PRC - [2009/04/24 15:03:24 | 01,135,904 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2005\qbw32.exe
PRC - [2006/09/13 10:32:04 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2005\QBDBMgr.exe
PRC - [2009/04/24 15:03:12 | 00,124,192 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2009/05/18 11:29:22 | 01,556,480 | ---- | M] (DeFNiC Software) -- C:\Program Files\Dispatched\Poll.exe
PRC - [2009/07/20 13:14:32 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
========== Win32 Services (SafeList) ========== SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/26 10:41:46 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Stopped])
SRV - [2007/08/20 13:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/02/17 10:03:35 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Dfssvc.exe -- (Dfs [Auto | Running])
SRV - [2003/09/10 15:26:10 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (DHCPServer [Auto | Running])
SRV - [2009/02/16 07:37:19 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dns.exe -- (DNS [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/05/01 14:28:47 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2007/02/17 10:03:06 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/02/17 10:03:42 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2007/02/17 10:03:42 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ismserv.exe -- (IsmServ [Disabled | Stopped])
SRV - [2009/03/31 12:26:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/02/17 10:03:43 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\llssrv.exe -- (LicenseService [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/09/10 19:43:05 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector [Disabled | Stopped])
SRV - [2003/09/10 15:26:10 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH [Auto | Running])
SRV - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -- (MSSQL$ACT7 [Auto | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe -- (MSSQL$SBSMONITORING [Disabled | Stopped])
SRV - [2008/12/16 21:39:30 | 09,158,656 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe -- (MSSQL$SHAREPOINT [Auto | Running])
SRV - [2005/05/04 05:50:26 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/02/17 10:03:42 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (NntpSvc [Auto | Running])
SRV - [2007/02/17 10:03:53 | 00,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntfrs.exe -- (NtFrs [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/04/23 18:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/02/17 10:03:58 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\RSoPProv.exe -- (RSoPProv [On_Demand | Stopped])
SRV - [2003/09/10 15:26:10 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sacsvr.dll -- (sacsvr [On_Demand | Stopped])
SRV - File not found -- Service key not found. -- (SBCore [Unknown | Running])
SRV - [2007/02/17 10:03:42 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2007/04/19 14:08:48 | 00,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer [Auto | Running])
SRV - [2002/12/17 19:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -- (SQLAgent$ACT7 [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE -- (SQLAgent$SBSMONITORING [Disabled | Stopped])
SRV - [2008/12/16 18:51:14 | 00,323,584 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE -- (SQLAgent$SHAREPOINT [On_Demand | Stopped])
SRV - [2003/09/10 15:26:10 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\trksvr.dll -- (TrkSvr [Disabled | Stopped])
SRV - [2007/02/17 10:04:02 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tssdis.exe -- (Tssdis [Disabled | Stopped])
SRV - [2007/02/17 10:04:05 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/02/17 10:03:06 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Disabled | Stopped])
SRV - [2007/08/20 13:36:42 | 00,242,952 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT [Auto | Running])
SRV - [2007/02/17 10:02:54 | 00,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC [Auto | Running])
SRV - [2009/01/15 06:36:51 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wins.exe -- (WINS [Auto | Running])
========== Driver Services (SafeList) ========== DRV - [2005/03/04 10:58:04 | 00,241,815 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\aarich.sys -- (aarich [Boot | Running])
DRV - [2005/03/04 10:58:08 | 00,127,232 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2007/02/17 02:02:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ClusDisk.sys -- (ClusDisk [Disabled | Stopped])
DRV - [2007/02/17 01:51:18 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver [Boot | Running])
DRV - [2007/02/17 02:06:39 | 00,020,480 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 05:32:23 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/03/25 00:09:24 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2005/03/04 10:58:10 | 00,010,752 | ---- | M] (Intel ® Corporation) -- C:\WINDOWS\System32\DRIVERS\svgam.sys -- (svgam [On_Demand | Running])
DRV - [2007/08/20 13:38:16 | 00,026,376 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
DRV - [2007/08/20 13:38:16 | 00,021,128 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
DRV - [2009/05/26 10:41:45 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
DRV - [2009/05/26 10:41:45 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
DRV - [2007/08/20 13:38:20 | 00,021,512 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
DRV - [2007/08/20 13:38:22 | 00,032,264 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
DRV - [2007/02/17 02:29:40 | 00,169,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wlbs.sys -- (WLBS [On_Demand | Stopped])
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-790875022-3342801166-26691914-500\S-1-5-21-790875022-3342801166-26691914-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/31 10:23:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/31 12:26:01 | 00,000,000 | ---D | M]
O1 HOSTS File: (7686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.gi
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.ly
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.om
O1 - Hosts: 206.53.61.77 google.com.pa
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 250 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-790875022-3342801166-26691914-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-790875022-3342801166-26691914-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AuCaption] File not found
O4 - HKLM..\Run: [AuFlag] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [AuRemind] C:\WINDOWS\..\dell\openmanage\remind.exe File not found
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-790875022-3342801166-26691914-500..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-790875022-3342801166-26691914-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-790875022-3342801166-26691914-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [!teamcfg] C:\WINDOWS\..\dell\nicteaming\intel\nicteamconfig.bat File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [!teamcfg] C:\WINDOWS\..\dell\nicteaming\intel\nicteamconfig.bat File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [!teamcfg] C:\WINDOWS\..\dell\nicteaming\intel\nicteamconfig.bat File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [!teamcfg] C:\WINDOWS\..\dell\nicteaming\intel\nicteamconfig.bat File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\russ\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-790875022-3342801166-26691914-500\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/...b?1161461519140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdat...b?1161461207265 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: WebSignature Control
http://www.dispatched.com/Files/WebSign.x86.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Purologix.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/21 14:46:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 00,000,036 | RH-- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 00,000,000 | RH-D | M] - E:\autorun -- [ FAT32 ]
O33 - MountPoints2\{d4c7dbc8-fc38-11dd-872a-00132047b84d}\Shell - "" = AutoRun
O33 - MountPoints2\{d4c7dbc8-fc38-11dd-872a-00132047b84d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4c7dbc8-fc38-11dd-872a-00132047b84d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ========== [2009/07/20 13:14:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/07/15 10:16:37 | 00,561,358 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hampton.bmp
[2009/07/14 20:03:09 | 00,068,591 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2009/07/14 19:49:04 | 00,323,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TES ClO2 Treatment.pdf
[2009/07/11 13:33:51 | 00,188,316 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\runscanner.run
[2009/07/11 13:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Runscanner.net
[2009/07/11 13:19:00 | 01,402,624 | ---- | C] (Runscanner.net) -- C:\Documents and Settings\Administrator\Desktop\runscanner.exe
[2009/07/10 12:02:17 | 00,007,801 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rsit 5.JPG
[2009/07/10 12:01:31 | 00,107,100 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rsit 4.JPG
[2009/07/10 12:01:00 | 00,116,129 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rsit 3.JPG
[2009/07/10 11:59:51 | 00,111,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rsit 2.JPG
[2009/07/10 11:59:19 | 00,114,433 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rsit 1.JPG
[2009/07/10 11:57:30 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/10 11:56:16 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2009/07/10 10:40:09 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/07/06 15:42:01 | 00,033,357 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RO P&ID 07.06.pdf
[2009/07/06 15:41:49 | 00,023,143 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RO LAYOUT 07.06.pdf
[2009/07/03 10:48:19 | 03,452,214 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dispatch map.bmp
[2009/07/02 15:35:02 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\smally.xls
[2009/07/02 13:51:28 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/07/02 13:51:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/29 08:11:31 | 23,975,176 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2008/11/05 12:09:24 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/11/05 12:09:24 | 00,000,146 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/14 11:13:23 | 00,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2008/08/14 11:13:23 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2008/07/10 11:23:00 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/07/10 11:22:09 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/07/10 11:22:08 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/22 13:09:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/21 19:27:42 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/21 19:27:42 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D213DFF579.sys
[2006/10/21 17:18:30 | 00,000,648 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/10/21 15:10:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006/10/21 15:10:07 | 00,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/10/21 15:10:07 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/10/21 15:10:06 | 00,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2006/10/21 15:09:59 | 00,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/10/21 15:09:59 | 00,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/10/21 15:09:55 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/10/21 15:03:59 | 00,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2006/10/21 15:02:31 | 00,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2006/10/21 14:36:28 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/10/21 14:35:44 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/10/21 14:35:08 | 00,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2006/10/21 14:34:24 | 00,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2006/10/21 14:34:24 | 00,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2006/10/21 14:34:22 | 00,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2006/10/21 14:33:20 | 00,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2006/10/21 14:33:14 | 00,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[20 C:\WINDOWS\*.tmp files]
[2009/07/20 13:14:32 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/07/20 13:02:40 | 00,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2009/07/20 12:00:06 | 00,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{0986aa0d-6112-11db-8dca-806e6f6e6963}.job
[2009/07/20 08:12:12 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/07/19 16:43:07 | 00,000,600 | ---- | M] () -- C:\WINDOWS\tasks\Back Up Small Business Server.job
[2009/07/17 08:50:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/17 08:50:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/16 11:59:34 | 04,303,126 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/07/16 08:47:07 | 00,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ScheduledItems
[2009/07/16 08:47:01 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/15 10:16:37 | 00,561,358 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hampton.bmp
[2009/07/15 03:02:49 | 00,004,861 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 20:13:15 | 00,068,591 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2009/07/14 20:03:05 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/14 19:49:05 | 00,323,857 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TES ClO2 Treatment.pdf
[2009/07/11 13:33:51 | 00,188,316 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\runscanner.run
[2009/07/11 13:19:12 | 01,402,624 | ---- | M] (Runscanner.net) -- C:\Documents and Settings\Administrator\Desktop\runscanner.exe
[2009/07/10 12:12:20 | 00,007,801 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rsit 5.JPG
[2009/07/10 12:01:32 | 00,107,100 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rsit 4.JPG
[2009/07/10 12:01:00 | 00,116,129 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rsit 3.JPG
[2009/07/10 11:59:51 | 00,111,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rsit 2.JPG
[2009/07/10 11:59:19 | 00,114,433 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rsit 1.JPG
[2009/07/10 11:56:18 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 15:42:01 | 00,033,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RO P&ID 07.06.pdf
[2009/07/06 15:41:49 | 00,023,143 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RO LAYOUT 07.06.pdf
[2009/07/03 10:48:19 | 03,452,214 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dispatch map.bmp
[2009/07/02 15:35:02 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\smally.xls
[2009/07/02 13:51:28 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/06/29 08:11:31 | 23,975,176 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
< End of report >
extras text
OTL Extras logfile created on: 7/20/2009 1:14:50 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.60% Memory free
3.84 Gb Paging File | 2.98 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 136.71 Gb Total Space | 102.68 Gb Free Space | 75.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.76 Gb Total Space | 81.89 Gb Free Space | 73.28% Space Free | Partition Type: FAT32
Drive F: | 12.13 Gb Total Space | 12.00 Gb Free Space | 98.92% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PUREWATER
Current User Name: administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0C753D2F-C64A-44B9-8FF4-A7752D8F2EC7}" = Windows Small Business Server Admin
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2734011B-3709-45B2-A946-5A1ADB1AFCFE}" = Windows Small Business Server Documents
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{31271095-CD3A-4C9F-89F6-B5F6F3B35636}" = Windows Small Business Server Remote Portal
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{539B64D9-814D-475C-81EC-B82F3E79C23A}" = ACT!
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D622FC5-B037-4505-AD5A-60555C2A05E9}" = Microsoft Connector for POP3 Mailboxes
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64A411C9-DB09-4F01-A8D4-2D5227D7A074}" = Windows Small Business Server Licensing
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
"{66C8DA1B-9156-44B6-B222-2219BC6F21A9}" = Windows Small Business Server Client Setup
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}" = Microsoft MapPoint North America 2006
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8681E826-9DC6-4EAC-84B7-971EA795BD36}" = Microsoft Group Policy Management Console
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88A6C12D-DED9-412B-9CC2-643F03674EDF}" = Windows Small Business Server Fax Cfg
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8EFE8B68-29E3-4F11-980B-1CDC9E21B258}" = Windows Small Business Server Connectivity
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
"{980735D0-D588-403B-9BCC-AFA6D1D7E254}" = ACT! 2005
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACCB890A-C291-4157-92A1-5A56D71AB047}" = Windows Small Business Server Fax
"{ACE0B250-0370-42D3-B137-16BB4BC0BD61}" = Windows Small Business Server ActiveSync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMONITORING)
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}" = QuickBooks Customer Manager Version 2
"{E3DD8B4D-D2B2-457A-B5D6-66B5031535A2}" = Windows Small Business Server Backup
"{EB132F7D-C614-40F5-952C-ED7391638A1B}" = Windows Small Business Server Client Experience
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FFFFED3C-5E7E-4C6C-A7B9-8BAB6181852B}" = Windows Small Business Server Monitoring
"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dispatched_is1" = Dispatched v2.3 Trial
"eTrust Suite Personal" = CA Internet Security Suite
"getPlus®_ocx" = getPlus®_ocx
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{980735D0-D588-403B-9BCC-AFA6D1D7E254}" = ACT! 2005
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-790875022-3342801166-26691914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/19/2009 4:30:09 PM | Computer Name = PUREWATER | Source = VSS | ID = 6013
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 42000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft OLE DB Provider for SQL Server Error message: Login failed for user 'NT
AUTHORITY\SYSTEM'.
Error - 7/19/2009 4:43:02 PM | Computer Name = PUREWATER | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.
Error - 7/19/2009 4:43:06 PM | Computer Name = PUREWATER | Source = SmallBusinessServer | ID = 1054210
Description = One or more components of Small Business Server Backup failed. For
more information, click Backup in Server Management, and view the log files.
Error - 7/20/2009 8:25:36 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
Error - 7/20/2009 8:25:36 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
Error - 7/20/2009 8:25:36 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
Error - 7/20/2009 8:25:48 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
Error - 7/20/2009 8:25:48 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
Error - 7/20/2009 8:25:48 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
Error - 7/20/2009 8:26:23 AM | Computer Name = PUREWATER | Source = QuickBooks | ID = 4
Description =
[ DNS Server Events ]
Error - 4/22/2009 9:04:47 AM | Computer Name = PUREWATER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.
Error - 4/22/2009 9:04:47 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.
Error - 4/22/2009 9:04:47 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.Purologix.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.
Error - 4/22/2009 9:04:47 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 0.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.
Error - 4/22/2009 9:04:47 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone Purologix.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.
Error - 7/17/2009 8:48:44 AM | Computer Name = PUREWATER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.
Error - 7/17/2009 8:48:44 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.
Error - 7/17/2009 8:48:44 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.Purologix.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.
Error - 7/17/2009 8:48:44 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 0.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.
Error - 7/17/2009 8:48:44 AM | Computer Name = PUREWATER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone Purologix.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.
[ System Events ]
Error - 1/8/2009 1:42:48 PM | Computer Name = PUREWATER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 1/8/2009 1:42:48 PM | Computer Name = PUREWATER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .
Error - 1/8/2009 1:42:48 PM | Computer Name = PUREWATER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_DEC6DDD2\MFC80.DLL.
Reference
error message: The referenced assembly is not installed on your system. .
Error - 1/8/2009 6:23:36 PM | Computer Name = PUREWATER | Source = NETLOGON | ID = 5513
Description = The computer RUSS tried to connect to the server \\PUREWATER using
the
trust relationship established by the PUROLOGIX domain. However, the computer lost
the correct security identifier (SID) when the domain was reconfigured. Reestablish
the trust relationship.
Error - 1/8/2009 6:38:51 PM | Computer Name = PUREWATER | Source = NETLOGON | ID = 5723
Description = The session setup from computer 'RUSS' failed because the security
database does not contain a trust account 'RUSS$' referenced by the specified computer.
USER
ACTION If this is the first occurrence of this event for the specified computer and
account, this may be a transient issue that doesn't require any action at this time.
Otherwise, the following steps may be taken to resolve this problem: If 'RUSS$'
is a legitimate machine account for the computer 'RUSS', then 'RUSS' should be rejoined
to the domain. If 'RUSS$' is a legitimate interdomain trust account, then the trust
should be recreated. Otherwise, assuming that 'RUSS$' is not a legitimate account,
the following action should be taken on 'RUSS': If 'RUSS' is a Domain Controller,
then the trust associated with 'RUSS$' should be deleted. If 'RUSS' is not a Domain
Controller, it should be disjoined from the domain.
Error - 1/8/2009 6:49:37 PM | Computer Name = PUREWATER | Source = NETLOGON | ID = 5805
Description = The session setup from the computer RUSS failed to authenticate. The
following error occurred: %%5
Error - 1/9/2009 8:26:30 AM | Computer Name = PUREWATER | Source = NETLOGON | ID = 5513
Description = The computer RUSS tried to connect to the server \\PUREWATER using
the
trust relationship established by the PUROLOGIX domain. However, the computer lost
the correct security identifier (SID) when the domain was reconfigured. Reestablish
the trust relationship.
Error - 1/9/2009 12:46:34 PM | Computer Name = PUREWATER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
RUSS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4B6EDFB8-EF70-4C3B-ABA2.
The
master browser is stopping or an election is being forced.
Error - 1/9/2009 1:00:36 PM | Computer Name = PUREWATER | Source = NETLOGON | ID = 5513
Description = The computer RUSS tried to connect to the server \\PUREWATER using
the
trust relationship established by the PUROLOGIX domain. However, the computer lost
the correct security identifier (SID) when the domain was reconfigured. Reestablish
the trust relationship.
Error - 1/9/2009 5:00:37 PM | Computer Name = PUREWATER | Source = NETLOGON | ID = 5513
Description = The computer RUSS tried to connect to the server \\PUREWATER using
the
trust relationship established by the PUROLOGIX domain. However, the computer lost
the correct security identifier (SID) when the domain was reconfigured. Reestablish
the trust relationship.
< End of report >
Thanks!