OTL Extras logfile created on: 24/04/2012 15:34:18 - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\ Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.42 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 68.82% Memory free 6.83 Gb Paging File | 5.70 Gb Available in Paging File | 83.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148.75 Gb Total Space | 118.21 Gb Free Space | 79.47% Space Free | Partition Type: NTFS Computer Name: ESPLEHS004 | User Name: kkaczor | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig" = 0 "DisableSR" = 1 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{26DE991E-C9CE-412E-BDF9-F1E77AA1BFBA}" = Junos Pulse Netshim/Tunnel Manager/IPSec Manager Add-On "{29F9AB21-D4E9-4786-9DEC-46A85BABD213}" = VC8 CRT "{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4278B780-6CB5-437A-BA6A-31C7F9FAB980}" = Adobe Flash Player 11 ActiveX "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{4C3A1578-21D1-4307-88C5-6487A1F61A01}" = Vodafone Mobile Connect Lite "{70B71342-1C0E-4BD0-B4A6-BB5BA6CFEF80}" = Junos Pulse UAC/NC Components "{7A93C504-E3BA-4410-9F52-89EBB8BDD858}" = WorkSpace iQ Agent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BA10381-763C-443B-A200-21B9149B472D}" = Cisco IP Communicator "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C41A86CB-AF33-42C4-AE2B-7844707516A9}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B2F1BCEA-8352-4434-9A78-10C420B3B212}" = EAS Outlook Addin Installer "{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer "{DCA75E5B-FA05-46B6-8D11-2895F8BE5558}" = McAfee DLP Agent "{DED32793-CB1D-4B1E-8788-90E3E1D8BC61}" = Diskeeper 2011 Professional "{E1645BB0-8632-4B7F-B44F-E07A9A977E55}" = Junos Pulse Core Components "{E5860665-1C90-4142-A8E9-DA7E8C70654A}" = Connector ID "{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "Connector ID" = Connector ID "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control "Junos Pulse 2.0" = Junos Pulse 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Power Management Driver" = ThinkPad Power Management Driver "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 27/03/2012 12:56:15 | Computer Name = ESPLEHS004.primark.local | Source = VMCService | ID = 0 Description = GetLoggedOnUser Error - 28/03/2012 04:03:10 | Computer Name = ESPLEHS004.primark.local | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 28/03/2012 05:19:03 | Computer Name = ESPLEHS004.primark.local | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax. Error - 28/03/2012 12:57:42 | Computer Name = ESPLEHS004.primark.local | Source = Centrix.LocalAgent | ID = 0 Description = StartMonitoring: System.Threading.ThreadAbortException: Thread was being aborted. at Centrix.Service.Module.EventsMonitor.b__10() Error - 29/03/2012 03:38:14 | Computer Name = ESPLEHS004.primark.local | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 29/03/2012 04:59:58 | Computer Name = ESPLEHS004.primark.local | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax. Error - 29/03/2012 05:38:47 | Computer Name = ESPLEHS004.primark.local | Source = Centrix.DiscoveryAgent | ID = 0 Description = Timed out waiting for config response Error - 29/03/2012 12:30:52 | Computer Name = ESPLEHS004.primark.local | Source = Centrix.LocalAgent | ID = 0 Description = StartMonitoring: System.Threading.ThreadAbortException: Thread was being aborted. at Centrix.Service.Module.EventsMonitor.b__10() Error - 30/03/2012 04:12:31 | Computer Name = ESPLEHS004.primark.local | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 30/03/2012 05:10:03 | Computer Name = ESPLEHS004.primark.local | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax. [ System Events ] Error - 17/04/2012 11:24:49 | Computer Name = ESPLEHS004.primark.local | Source = DCOM | ID = 10016 Description = Error - 17/04/2012 11:46:42 | Computer Name = ESPLEHS004.primark.local | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 17/04/2012 11:48:53 | Computer Name = ESPLEHS004.primark.local | Source = DCOM | ID = 10016 Description = Error - 18/04/2012 03:23:59 | Computer Name = ESPLEHS004.primark.local | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain PRIMARK due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 18/04/2012 03:24:34 | Computer Name = ESPLEHS004.primark.local | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 18/04/2012 03:25:49 | Computer Name = ESPLEHS004.primark.local | Source = DCOM | ID = 10016 Description = Error - 18/04/2012 07:15:55 | Computer Name = ESPLEHS004.primark.local | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 18/04/2012 07:18:32 | Computer Name = ESPLEHS004.primark.local | Source = DCOM | ID = 10016 Description = Error - 18/04/2012 09:20:01 | Computer Name = ESPLEHS004.primark.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 18/04/2012 11:54:18 | Computer Name = ESPLEHS004.primark.local | Source = DCOM | ID = 10016 Description = < End of report >