OTL Extras logfile created on: 18/06/2012 18:58:35 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\ Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 87.04% Memory free 3.33 Gb Paging File | 3.23 Gb Available in Paging File | 96.95% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20.02 Gb Total Space | 14.60 Gb Free Space | 72.92% Space Free | Partition Type: NTFS Drive D: | 35.87 Gb Total Space | 4.45 Gb Free Space | 12.40% Space Free | Partition Type: NTFS Computer Name: KURSAD-AF7F8EC8 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "Power Management Driver" = ThinkPad Power Management Driver [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 19/05/2012 15:48:18 | Computer Name = KURSAD-AF7F8EC8 | Source = ESENT | ID = 482 Description = wuauclt (1040) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Error - 19/05/2012 15:48:18 | Computer Name = KURSAD-AF7F8EC8 | Source = ESENT | ID = 482 Description = wuauclt (1040) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Error - 19/05/2012 15:48:19 | Computer Name = KURSAD-AF7F8EC8 | Source = ESENT | ID = 482 Description = wuauclt (1040) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Error - 19/05/2012 15:48:23 | Computer Name = KURSAD-AF7F8EC8 | Source = ESENT | ID = 428 Description = wuauclt (1040) The database engine is rejecting update operations due to low free disk space on the log disk. Error - 17/06/2012 07:17:33 | Computer Name = KURSAD-AF7F8EC8 | Source = PerfNet | ID = 2004 Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error - 17/06/2012 07:17:34 | Computer Name = KURSAD-AF7F8EC8 | Source = PerfNet | ID = 2002 Description = Unable to open the Redirector service. Redirector performance data will not be returned. Error code returned is in data DWORD 0. Error - 17/06/2012 07:18:10 | Computer Name = KURSAD-AF7F8EC8 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 2298, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 17/06/2012 07:18:10 | Computer Name = KURSAD-AF7F8EC8 | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section. Error - 17/06/2012 07:18:13 | Computer Name = KURSAD-AF7F8EC8 | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 2298, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 18/06/2012 10:06:19 | Computer Name = KURSAD-AF7F8EC8 | Source = Application Error | ID = 1000 Description = Faulting application tpisysid3.exe, version 0.0.0.0, faulting module tpisysid3.exe, version 0.0.0.0, fault address 0x00001fd3. [ System Events ] Error - 17/06/2012 07:14:10 | Computer Name = KURSAD-AF7F8EC8 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT Rdbss Tcpip Error - 17/06/2012 07:45:39 | Computer Name = KURSAD-AF7F8EC8 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 17/06/2012 17:52:33 | Computer Name = KURSAD-AF7F8EC8 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 17/06/2012 17:52:47 | Computer Name = KURSAD-AF7F8EC8 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 17/06/2012 17:53:46 | Computer Name = KURSAD-AF7F8EC8 | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 17/06/2012 17:53:46 | Computer Name = KURSAD-AF7F8EC8 | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 17/06/2012 17:53:46 | Computer Name = KURSAD-AF7F8EC8 | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 17/06/2012 17:53:46 | Computer Name = KURSAD-AF7F8EC8 | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 17/06/2012 17:53:46 | Computer Name = KURSAD-AF7F8EC8 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT Rdbss Tcpip Error - 17/06/2012 17:56:10 | Computer Name = KURSAD-AF7F8EC8 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report >