Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Copy.exe, Host.exe, Autorun.inf


  • This topic is locked This topic is locked
12 replies to this topic

#1 bccstech

bccstech

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 24 February 2011 - 01:42 PM

One of the servers I am using has been infected with a virus that I cannot get rid of. I am running Windows Server 2003. 2 of my drives have been infected with a virus, which AVG has picked up as being host.exe, copy.exe, and autorun.inf. AVG cannot remove them, manually deleting them via explorer and cmd prompt does not work, as well as attempting to do the same in safe mode. The files keep coming back upon refresh of the system. Clamwin shows the viruses as the following:

Autorun.inf- w32.perlovga-1
Copy.exe- trojan.small-4214
Host.exe- trojan.dropper-829

Stopzilla detects many issues including, kamsoft.exe (which I could not find in the system32 folder), WMIS trojan, Backdoor.IRCbotAMJF, among others.

I have already tried the following: Malware bytes, flash disinfector (Which apparently does not run on Windows Server 2003), Perlovga remover, among others.

I could not find which process is causing the issue as there are so many svchost.exe's that are legitimate. A few guys I work with could not find anything abnormal in the Hijackthis log, although I am not that familiar with how to use it.

Google searches have yielded many results, although nothing has worked as of yet.

I have attempted to run a Gmer scan and DDS scan but have been unsuccessful. The Gmer scan causes the server to crash and the DDS scan does not run, issuing an error that it does not run on my OS. (Windows Server 2003)

Here is a link to my previous topic, which has the same info I posted here:
http://www.bleepingcomputer.com/forums/topic381289.html/page__gopid__2146090#entry2146090

Anyone have any ideas?

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 28 February 2011 - 01:36 PM

Hi bccstech, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 bccstech

bccstech
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 01 March 2011 - 10:26 AM

OTL logfile created on: 3/1/2011 10:21:09 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Downloads
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 7.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 131.56 Gb Free Space | 56.49% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive T: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive Y: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS
Drive Z: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS

Computer Name: OFFICESERVER | User Name: exec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/01 10:19:27 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011/02/23 10:21:28 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/22 17:55:10 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/02/22 17:55:04 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/03/27 08:24:12 | 000,845,696 | ---- | M] (Sysinternals) -- C:\bginfo\Bginfo.exe
PRC - [2009/02/16 06:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2009/02/09 19:17:34 | 000,315,392 | ---- | M] (OpenDNS) -- C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
PRC - [2009/01/22 10:38:38 | 000,583,168 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbService.exe
PRC - [2007/12/25 16:25:50 | 000,586,240 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2007/02/17 09:04:09 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007/02/17 09:03:56 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/17 09:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007/02/17 09:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
PRC - [2007/02/17 09:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/17 09:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/17 09:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2006/09/17 09:32:16 | 001,352,704 | ---- | M] (Kana Solution) -- C:\Program Files\DynDNS Updater\DynDNS.exe
PRC - [2006/06/18 13:56:10 | 000,712,704 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2006/05/02 15:13:40 | 000,823,296 | ---- | M] (Softalk Ltd) -- C:\Program Files\WorkgroupShare\WSService.exe
PRC - [2004/10/12 21:10:54 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe


========== Modules (SafeList) ==========

MOD - [2011/03/01 10:19:27 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2007/02/17 23:26:08 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
MOD - [2007/02/17 09:03:20 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/22 17:55:04 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/08/03 18:09:00 | 000,200,704 | ---- | M] (ADMNG) [Auto | Stopped] -- C:\Program Files\ADMNG\Advisor\Advisor.exe -- (admAdvisor)
SRV - [2009/03/27 08:24:12 | 000,845,696 | ---- | M] (Sysinternals) [Disabled | Running] -- C:\bginfo\Bginfo.exe -- (BGInfo)
SRV - [2009/02/16 06:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2009/02/09 19:17:34 | 000,315,392 | ---- | M] (OpenDNS) [Auto | Running] -- C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe -- (OpenDNS Updater.exe)
SRV - [2009/01/22 10:38:38 | 000,583,168 | ---- | M] (Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 9\cbService.exe -- (CobianBackupAmanita)
SRV - [2007/12/25 16:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2007/02/17 09:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 09:03:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 09:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 09:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 09:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 09:03:42 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/17 09:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/17 09:02:54 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2006/10/13 09:02:36 | 000,075,207 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe -- (pgsql-8.1)
SRV - [2006/09/17 09:32:16 | 001,352,704 | ---- | M] (Kana Solution) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynDNS.exe -- (DynDNS_Updater_Service)
SRV - [2006/06/18 13:56:10 | 000,712,704 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (winvnc)
SRV - [2006/05/02 15:13:40 | 000,823,296 | ---- | M] (Softalk Ltd) [Auto | Running] -- C:\Program Files\WorkgroupShare\WSService.exe -- (WorkgroupShare)
SRV - [2004/10/12 21:10:54 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2003/03/25 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2003/03/25 07:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2007/02/17 01:29:40 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/17 01:02:56 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/17 00:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2004/06/26 12:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 12:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/23 10:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/23 10:21:48 | 000,000,000 | ---D | M]

[2011/02/14 22:57:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2006/10/19 14:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ypiekg1e.default\extensions
[2011/02/14 22:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 11:44:00 | 003,907,584 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2010/01/25 11:58:00 | 000,462,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll

O1 HOSTS File: ([2003/03/25 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BGInfo.lnk = C:\bginfo\Bginfo.exe (Sysinternals)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161107182242 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = YOTOffice.local
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/17 12:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk X:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 14:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Event Viewer Logs
[2011/02/23 13:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2011/02/23 13:39:58 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/02/23 13:39:57 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/02/23 13:39:57 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/02/23 13:38:47 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/02/23 13:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/02/23 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/02/23 12:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/02/23 12:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/02/23 12:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/02/23 12:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/02/23 12:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/02/23 12:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/02/23 12:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2011/02/23 12:01:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/22 17:54:56 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/02/22 17:54:56 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/02/22 17:54:56 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/02/22 17:54:56 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/02/22 17:54:54 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/02/22 17:54:54 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/02/22 17:54:54 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/02/22 17:54:54 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/02/22 17:54:54 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/02/22 17:54:54 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/02/22 17:54:52 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/02/22 17:54:52 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/02/21 17:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Scan Folders
[2011/02/21 14:48:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/17 15:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2011/02/17 15:03:44 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2011/02/16 17:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/02/16 17:49:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/16 17:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/16 17:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/16 17:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/16 17:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/02/16 17:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/16 12:18:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/01 05:23:40 | 107,481,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/01 02:00:17 | 000,000,560 | ---- | M] () -- C:\WINDOWS\tasks\AdmireBackup.job
[2011/02/23 14:01:21 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/02/23 13:59:28 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2011/02/23 13:57:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 13:56:52 | 053,608,448 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/02/23 13:38:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/02/23 10:27:24 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2011/02/23 09:43:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/22 17:54:56 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/02/22 17:54:56 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/02/22 17:54:56 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/02/22 17:54:56 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/02/22 17:54:54 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/02/22 17:54:54 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/02/22 17:54:54 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/02/22 17:54:54 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/02/22 17:54:54 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/02/22 17:54:54 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/02/22 17:54:52 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/02/22 17:54:52 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/02/21 14:52:35 | 000,635,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/21 14:52:35 | 000,139,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/19 01:22:01 | 000,015,490 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/02/16 17:49:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/14 22:59:35 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/02/14 22:56:26 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/14 22:56:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/01 05:23:40 | 107,481,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/23 14:01:21 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/02/23 13:38:32 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/02/23 13:37:57 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/02/19 01:22:01 | 000,015,490 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/02/16 17:49:17 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/14 22:59:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/02/14 22:56:26 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/03/24 09:15:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/23 17:15:35 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/04/25 23:36:33 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2007/10/30 16:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/10/30 16:11:46 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/10/30 16:11:46 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/10/30 16:11:46 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/07/19 11:07:55 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2007/01/09 12:01:29 | 000,000,516 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/05 15:18:15 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2006/10/20 15:04:59 | 000,014,897 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\phpdesigner2007.xml
[2006/10/19 14:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/19 14:58:11 | 000,002,897 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/17 17:47:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/17 12:38:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/17 12:31:31 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/17 08:25:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/17 08:24:36 | 000,222,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/24 19:44:26 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2005/03/24 19:33:44 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/25 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/25 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/25 07:00:00 | 000,635,504 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/25 07:00:00 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/25 07:00:00 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/25 07:00:00 | 000,139,962 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/25 07:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2003/03/25 07:00:00 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/25 07:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2003/03/25 07:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2003/03/25 07:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2003/03/25 07:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2003/03/25 07:00:00 | 000,005,644 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/03/25 07:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2003/03/25 07:00:00 | 000,004,459 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/25 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/25 07:00:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/02/23 13:38:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/10/17 12:34:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/02/23 10:27:24 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2006/10/17 12:34:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/01 12:05:11 | 000,000,691 | ---- | M] () -- C:\dude.conf
[2006/10/17 12:34:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/07/19 10:37:38 | 000,719,274 | ---- | M] () -- C:\MSDELog.log
[2006/10/17 12:34:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/02/17 09:03:48 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\msizap.exe
[2006/10/17 13:30:27 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/06 11:08:42 | 000,297,072 | RHS- | M] () -- C:\ntldr
[2011/02/23 13:56:53 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-07-06 17:16:23

< End of report >

OTL Extras logfile created on: 3/1/2011 10:21:10 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Downloads
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 7.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 131.56 Gb Free Space | 56.49% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive T: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive Y: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS
Drive Z: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS

Computer Name: OFFICESERVER | User Name: exec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{34D95765-2D5A-470F-A39F-BC9DEAAAF04F}" = PostgreSQL 8.1
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{73CB01A1-A9D0-41CA-B490-348880975F48}" = STOPzilla
"{7C4A45BF-3D65-48BC-868D-77E473354A07}" = HTMLDOC
"{7EFDA3AC-8A61-43C0-B023-33866829C816}" = MySQL Control Center
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{F48E92FB-956F-4069-8802-B40BA47B77FD}" = Advisor
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"7-Zip" = 7-Zip 4.42
"AVG" = AVG 2011
"CobBackup9" = Cobian Backup 9
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dude" = The Dude
"DynDNS Updater_is1" = DynDNS Updater 3.1
"FileZilla" = FileZilla (remove only)
"FileZilla Server" = FileZilla Server (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenDNS Updater" = OpenDNS Updater 1.3.0.187
"PHP Designer 2007 - Professional_is1" = PHP Designer 2007 - Professional - version 5.0.6
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WorkgroupShare" = WorkgroupShare

========== Last 10 Event Log Errors ==========

[ Advisor Agent Log Events ]
Error - 2/23/2011 1:53:51 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = System.Data.SqlClient.SqlException: An error has occurred while establishing
a connection to the server. When connecting to SQL Server 2005, this failure may
be caused by the fact that under the default settings SQL Server does not allow
remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating
Server/Instance Specified) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[]
datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command,
CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable[]
dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior
behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) at
Advisor.admAdvisorGlobalStorage.AdmDataSource.PullDataTable(String strTableName,
String strSql)

Error - 2/23/2011 1:53:53 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usp_UspNameUsrId

Error - 2/23/2011 1:54:25 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description =

Error - 2/23/2011 1:54:28 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usr_UsrCode Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:994119680. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

Error - 2/23/2011 1:54:28 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Invalid login or bad password Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:993820672. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

Error - 2/23/2011 2:58:56 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = System.Data.SqlClient.SqlException: An error has occurred while establishing
a connection to the server. When connecting to SQL Server 2005, this failure may
be caused by the fact that under the default settings SQL Server does not allow
remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating
Server/Instance Specified) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[]
datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command,
CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable[]
dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior
behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) at
Advisor.admAdvisorGlobalStorage.AdmDataSource.PullDataTable(String strTableName,
String strSql)

Error - 2/23/2011 2:58:57 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usp_UspNameUsrId

Error - 2/23/2011 3:00:03 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description =

Error - 2/23/2011 3:00:08 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usr_UsrCode Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:820224000. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

Error - 2/23/2011 3:00:08 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Invalid login or bad password Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:820207616. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

[ Application Events ]
Error - 7/15/2010 12:00:10 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201007150000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 7/20/2010 12:00:07 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201007200000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 8/5/2010 12:00:17 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201008050000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 8/17/2010 12:00:19 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201008170000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 8/25/2010 12:00:07 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201008250000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 10/1/2010 12:00:05 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201010010000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 10/9/2010 12:00:04 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201010090000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 10/12/2010 12:00:14 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201010120000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 11/4/2010 12:00:06 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201011040000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 11/24/2010 1:00:18 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201011240000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

[ Directory Service Events ]
Error - 2/23/2011 11:32:14 AM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 11:37:01 AM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 11:51:41 AM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1126
Description = Active Directory was unable to establish a connection with the global
catalog. Additional Data Error value: 8430 The directory service encountered an internal
failure. Internal ID: 3200c89 User Action: Make sure a global catalog is available
in the forest, and is reachable from this domain controller. You may use the nltest
utility to diagnose this problem.

Error - 2/23/2011 12:34:03 PM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 30004f4

Error - 2/23/2011 12:34:03 PM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 3000502

Error - 2/23/2011 12:34:03 PM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 12:35:43 PM | Computer Name = OFFICESERVER | Source = NTDS LDAP | ID = 1238
Description = Internal error: Active Directory was unable to initialize network
connections for incoming LDAP requests. Additional Data Error value: 0

Error - 2/23/2011 12:35:43 PM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): -1073741823 Error value (hex): c0000001 Internal ID: 300051e

Error - 2/23/2011 12:43:09 PM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 2:47:14 PM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

[ DNS Server Events ]
Error - 7/18/2007 12:54:26 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone YOTOffice.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 3/31/2008 2:00:24 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 3/31/2008 2:06:30 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is
configured to obtain and use information from the directory for this zone and is
unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 3/31/2008 2:12:30 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is
configured to obtain and use information from the directory for this zone and is
unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.YOTOffice.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone YOTOffice.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 1/5/2009 12:02:12 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "00000070: LdapErr: DSID-0C041443, comment: A jet error
was encountered, data fffffc0a, vece". The event data contains the error.

Error - 6/30/2009 12:27:38 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 6702
Description = DNS server has updated its own host (A) records. In order to ensure
that its DS-integrated peer DNS servers are able to replicate with this server,
an attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error code. If
this DNS server does not have any DS-integrated peers, then this error should be
ignored. If this DNS server's Active Directory replication partners do not have
the correct IP address(es) for this server, they will be unable to replicate with
it. To ensure proper replication: 1) Find this server's Active Directory replication
partners that run the DNS server. 2) Open DnsManager and connect in turn to each
of the replication partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
of this server. 5) If there are no A records for this server, add at least one A
record corresponding to an address on this server, that the replication partner can
contact.
(In other words, if there multiple IP addresses for this DNS server, add at least
one that is on the same network as the Active Directory DNS server you are updating.)

6)
Note, that is not necessary to update EVERY replication partner. It is only necessary
that the records are fixed up on enough replication partners so that every server
that replicates with this server will receive (through replication) the new data.

[ File Replication Service Events ]
Error - 3/24/2009 1:35:09 PM | Computer Name = OFFICESERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 3/24/2009 1:35:09 PM | Computer Name = OFFICESERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

[ System Events ]
Error - 2/28/2011 8:55:31 PM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Microsoft XPS Document Writer required for printer !!MIRIAM-PC!Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.

Error - 3/1/2011 11:16:15 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Dell Laser Printer 1720dn required for printer Dell Laser Printer
1720dn is unknown. Contact the administrator to install the driver before you log
in again.

Error - 3/1/2011 11:16:15 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver eFax 4.4 required for printer eFax 4.4 is unknown. Contact
the administrator to install the driver before you log in again.

Error - 3/1/2011 11:16:16 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Bullzip PDF Printer required for printer Bullzip PDF Printer
is unknown. Contact the administrator to install the driver before you log in again.

Error - 3/1/2011 11:16:16 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Brother HL-2070N series required for printer Brother HL-2070N
series (Copy 1) is unknown. Contact the administrator to install the driver before
you log in again.

Error - 3/1/2011 11:16:17 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Brother HL-2070N series required for printer Brother HL-2070N
series is unknown. Contact the administrator to install the driver before you log
in again.

Error - 3/1/2011 11:16:18 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Lexmark X6100 Series required for printer Lexmark X6100 Series
is unknown. Contact the administrator to install the driver before you log in again.

Error - 3/1/2011 11:16:18 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Microsoft XPS Document Writer required for printer Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.

Error - 3/1/2011 11:16:28 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Amyuni Document Converter 300 required for printer QuickBooks
PDF Converter is unknown. Contact the administrator to install the driver before
you log in again.

Error - 3/1/2011 11:16:29 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver PDFCreator required for printer PDFCreator is unknown. Contact
the administrator to install the driver before you log in again.


< End of report >

#4 bccstech

bccstech
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 01 March 2011 - 10:29 AM

OTL Extras logfile created on: 3/1/2011 10:21:10 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Downloads
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 7.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 131.56 Gb Free Space | 56.49% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive T: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 218.15 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive Y: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS
Drive Z: | 37.26 Gb Total Space | 7.72 Gb Free Space | 20.72% Space Free | Partition Type: NTFS

Computer Name: OFFICESERVER | User Name: exec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{34D95765-2D5A-470F-A39F-BC9DEAAAF04F}" = PostgreSQL 8.1
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{73CB01A1-A9D0-41CA-B490-348880975F48}" = STOPzilla
"{7C4A45BF-3D65-48BC-868D-77E473354A07}" = HTMLDOC
"{7EFDA3AC-8A61-43C0-B023-33866829C816}" = MySQL Control Center
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{F48E92FB-956F-4069-8802-B40BA47B77FD}" = Advisor
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"7-Zip" = 7-Zip 4.42
"AVG" = AVG 2011
"CobBackup9" = Cobian Backup 9
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dude" = The Dude
"DynDNS Updater_is1" = DynDNS Updater 3.1
"FileZilla" = FileZilla (remove only)
"FileZilla Server" = FileZilla Server (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenDNS Updater" = OpenDNS Updater 1.3.0.187
"PHP Designer 2007 - Professional_is1" = PHP Designer 2007 - Professional - version 5.0.6
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WorkgroupShare" = WorkgroupShare

========== Last 10 Event Log Errors ==========

[ Advisor Agent Log Events ]
Error - 2/23/2011 1:53:51 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = System.Data.SqlClient.SqlException: An error has occurred while establishing
a connection to the server. When connecting to SQL Server 2005, this failure may
be caused by the fact that under the default settings SQL Server does not allow
remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating
Server/Instance Specified) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[]
datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command,
CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable[]
dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior
behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) at
Advisor.admAdvisorGlobalStorage.AdmDataSource.PullDataTable(String strTableName,
String strSql)

Error - 2/23/2011 1:53:53 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usp_UspNameUsrId

Error - 2/23/2011 1:54:25 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description =

Error - 2/23/2011 1:54:28 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usr_UsrCode Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:994119680. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

Error - 2/23/2011 1:54:28 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Invalid login or bad password Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:993820672. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

Error - 2/23/2011 2:58:56 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = System.Data.SqlClient.SqlException: An error has occurred while establishing
a connection to the server. When connecting to SQL Server 2005, this failure may
be caused by the fact that under the default settings SQL Server does not allow
remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating
Server/Instance Specified) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open()

at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[]
datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command,
CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable[]
dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior
behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) at
Advisor.admAdvisorGlobalStorage.AdmDataSource.PullDataTable(String strTableName,
String strSql)

Error - 2/23/2011 2:58:57 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usp_UspNameUsrId

Error - 2/23/2011 3:00:03 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description =

Error - 2/23/2011 3:00:08 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Sql Statement missing: Usr_UsrCode Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:820224000. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

Error - 2/23/2011 3:00:08 PM | Computer Name = OFFICESERVER | Source = AdvisorAgent | ID = 0
Description = Invalid login or bad password Advisor Version:1.10. Running On:OFFICESERVER.
OS:Microsoft
Windows Server 2003 Standard Edition. Available Physical Memory:820207616. Network
Available:True. Server:OFFICESERVER\SQLEXPRESS. Ping OFFICESERVER:True.

[ Application Events ]
Error - 7/15/2010 12:00:10 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201007150000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 7/20/2010 12:00:07 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201007200000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 8/5/2010 12:00:17 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201008050000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 8/17/2010 12:00:19 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201008170000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 8/25/2010 12:00:07 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201008250000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 10/1/2010 12:00:05 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201010010000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 10/9/2010 12:00:04 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201010090000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 10/12/2010 12:00:14 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201010120000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 11/4/2010 12:00:06 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201011040000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

Error - 11/24/2010 1:00:18 AM | Computer Name = OFFICESERVER | Source = MSSQLSERVER | ID = 17055
Description = 3041 : BACKUP failed to complete the command BACKUP LOG [Yot] TO DISK
= N'F:\SQLBackups\Yot\Yot_tlog_201011240000.TRN' WITH INIT , NOUNLOAD , NOSKIP
, STATS = 10, NOFORMAT

[ Directory Service Events ]
Error - 2/23/2011 11:32:14 AM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 11:37:01 AM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 11:51:41 AM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1126
Description = Active Directory was unable to establish a connection with the global
catalog. Additional Data Error value: 8430 The directory service encountered an internal
failure. Internal ID: 3200c89 User Action: Make sure a global catalog is available
in the forest, and is reachable from this domain controller. You may use the nltest
utility to diagnose this problem.

Error - 2/23/2011 12:34:03 PM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 30004f4

Error - 2/23/2011 12:34:03 PM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 3000502

Error - 2/23/2011 12:34:03 PM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 12:35:43 PM | Computer Name = OFFICESERVER | Source = NTDS LDAP | ID = 1238
Description = Internal error: Active Directory was unable to initialize network
connections for incoming LDAP requests. Additional Data Error value: 0

Error - 2/23/2011 12:35:43 PM | Computer Name = OFFICESERVER | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): -1073741823 Error value (hex): c0000001 Internal ID: 300051e

Error - 2/23/2011 12:43:09 PM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 2/23/2011 2:47:14 PM | Computer Name = OFFICESERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

[ DNS Server Events ]
Error - 7/18/2007 12:54:26 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone YOTOffice.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 3/31/2008 2:00:24 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 3/31/2008 2:06:30 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is
configured to obtain and use information from the directory for this zone and is
unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 3/31/2008 2:12:30 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is
configured to obtain and use information from the directory for this zone and is
unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.YOTOffice.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/11/2008 11:11:21 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone YOTOffice.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 1/5/2009 12:02:12 AM | Computer Name = OFFICESERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "00000070: LdapErr: DSID-0C041443, comment: A jet error
was encountered, data fffffc0a, vece". The event data contains the error.

Error - 6/30/2009 12:27:38 PM | Computer Name = OFFICESERVER | Source = DNS | ID = 6702
Description = DNS server has updated its own host (A) records. In order to ensure
that its DS-integrated peer DNS servers are able to replicate with this server,
an attempt was made to update them with the new records through dynamic update.
An error was encountered during this update, the record data is the error code. If
this DNS server does not have any DS-integrated peers, then this error should be
ignored. If this DNS server's Active Directory replication partners do not have
the correct IP address(es) for this server, they will be unable to replicate with
it. To ensure proper replication: 1) Find this server's Active Directory replication
partners that run the DNS server. 2) Open DnsManager and connect in turn to each
of the replication partners. 3) On each server, check the host (A record) registration
for THIS server. 4) Delete any A records that do NOT correspond to IP addresses
of this server. 5) If there are no A records for this server, add at least one A
record corresponding to an address on this server, that the replication partner can
contact.
(In other words, if there multiple IP addresses for this DNS server, add at least
one that is on the same network as the Active Directory DNS server you are updating.)

6)
Note, that is not necessary to update EVERY replication partner. It is only necessary
that the records are fixed up on enough replication partners so that every server
that replicates with this server will receive (through replication) the new data.

[ File Replication Service Events ]
Error - 3/24/2009 1:35:09 PM | Computer Name = OFFICESERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 3/24/2009 1:35:09 PM | Computer Name = OFFICESERVER | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

[ System Events ]
Error - 2/28/2011 8:55:31 PM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Microsoft XPS Document Writer required for printer !!MIRIAM-PC!Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.

Error - 3/1/2011 11:16:15 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Dell Laser Printer 1720dn required for printer Dell Laser Printer
1720dn is unknown. Contact the administrator to install the driver before you log
in again.

Error - 3/1/2011 11:16:15 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver eFax 4.4 required for printer eFax 4.4 is unknown. Contact
the administrator to install the driver before you log in again.

Error - 3/1/2011 11:16:16 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Bullzip PDF Printer required for printer Bullzip PDF Printer
is unknown. Contact the administrator to install the driver before you log in again.

Error - 3/1/2011 11:16:16 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Brother HL-2070N series required for printer Brother HL-2070N
series (Copy 1) is unknown. Contact the administrator to install the driver before
you log in again.

Error - 3/1/2011 11:16:17 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Brother HL-2070N series required for printer Brother HL-2070N
series is unknown. Contact the administrator to install the driver before you log
in again.

Error - 3/1/2011 11:16:18 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Lexmark X6100 Series required for printer Lexmark X6100 Series
is unknown. Contact the administrator to install the driver before you log in again.

Error - 3/1/2011 11:16:18 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Microsoft XPS Document Writer required for printer Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.

Error - 3/1/2011 11:16:28 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver Amyuni Document Converter 300 required for printer QuickBooks
PDF Converter is unknown. Contact the administrator to install the driver before
you log in again.

Error - 3/1/2011 11:16:29 AM | Computer Name = OFFICESERVER | Source = TermServDevices | ID = 1111
Description = Driver PDFCreator required for printer PDFCreator is unknown. Contact
the administrator to install the driver before you log in again.


< End of report >

#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 01 March 2011 - 11:40 AM

Hi again bccstech!!.. :)

Logs look clean to me - no traces of a flash drive/autorun infection... Are any malware files still detected??.. If yes - tell me where (what is detected and in what file)...

- I suggest you uninstall STOPzilla - it's not a rogue program, but many consider it questionable (eg. see here: STOPzilla), your choice... Anyway, your AVG already provides protection against spyware...

- I could find no information about this Service and file:
SRV - [2009/08/03 18:09:00 | 000,200,704 | ---- | M] (ADMNG) [Auto | Stopped] -- C:\Program Files\ADMNG\Advisor\Advisor.exe -- (admAdvisor)

Does it look familiar to you??..

- You can delete that leftover: C:\32788R22FWJFW (folder created when you tried to run ComboFix)

- I could find no information about these files:
[2011/03/01 02:00:17 | 000,000,560 | ---- | M] () -- C:\WINDOWS\tasks\AdmireBackup.job
[2011/02/23 13:38:37 | 000,001,024 | ---- | M] () -- C:\.rnd

Do they look familiar??..

- I recommend you update all outdated program on this system (old versions usually have security vulnerabilities)... This include:

Adobe Reader 9.3
You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 9.3 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

Mozilla Firefox (3.0.19)
--> Help --> Check for updates - let it update to the newest version - 3.6.13

- I'm not sure if this system is updated regularly... Please install all security updates from Windows Update, so that it's protected against old exploits... Also, I suggest you install this update: Windows Update - it should prevent malware being executed once the flash drive is plugged in...

- 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 7.00% Memory free - maybe time to upgrade to 2GB of RAM??..

Let me know how it goes and if there are any remaining issues...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 bccstech

bccstech
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 01 March 2011 - 12:42 PM

Thanks for your help. Unfortunately, the 3 files, copy.exe, host.exe, and autorun.inf are alive and well. AVG picks them up as viruses. Does this mean that the virus may be coming from one of the workstations running off of the server?

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 01 March 2011 - 01:17 PM

Hi again bccstech!!.. :)

If infection was active on that server, the files would certainly show up in the OTL scan/logfile...
That's a pretty old infection, and well known... See for example here: Submission details

Where (full pathes to the files) and when (a full system scan or resident protection) AVG detects these files??.. Yes, I guess it may detect them when you (or a process) access a networked drive - then, system wants to perform an Autorun action, and AVG blocks that... But that's only a guess - you would have to check the AVG report log and note the location(s) these files are detected in...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 bccstech

bccstech
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 01 March 2011 - 02:37 PM

Do you want me to post an avg log?

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 01 March 2011 - 05:18 PM

If that's possible, yes... As I said, I do not see malware traces in the OTL logfile, I need more information to be able to help...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 08 March 2011 - 11:48 AM

Still with us bccstech??..
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 bccstech

bccstech
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 25 March 2011 - 01:47 PM

Sorry about going MIA. I am completely frustrated by this issue and have decided to replace the server. It was old and a peice of junk anyway. The issue is going to be whether the virus will spread to the new server when we move data onto it from the old server or if the virus is originating from one of the workstations that access the server. Any suggestions on what to do?

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 25 March 2011 - 02:31 PM

Hi again bccstech!!.. :)

If the data is just moved, virus or malware won't load unless it's maunally run/executed... However, it's always a good idea to scan the data with an antivirus program...
If you want to secure the new server against autorun/flash drive infections, I'd recommend disabling Autorun for any source but CD/DVD - that can simply be done by installing all critical and optional updates from MS - not long time ago Microsoft released this update via automatic updates: Microsoft Security Advisory (967940)

This update is intended to stop AutoPlay functionality from working on USB drives, external hard drives, or network shares. This update is available for supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.


Would it work for you?
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:05 AM

Posted 07 April 2011 - 11:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users