OTL Extras logfile created on: 7/9/2011 2:11:19 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Kevin\Desktop 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 37.92% Memory free 5.73 Gb Paging File | 4.02 Gb Available in Paging File | 70.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222.43 Gb Total Space | 105.65 Gb Free Space | 47.50% Space Free | Partition Type: NTFS Computer Name: UNC-C1F0YCECGDA | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2621877675-1559041608-2168509566-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F8776060-6929-480C-9CD0-AD4920C354EF}" = 64 Bit HP BiDi Channel Components Installer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D15CCD0-2A41-4D56-AD90-4F049CE0B064}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2 "{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web) "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX) "{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV) "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8D314CA-8049-49F3-816B-794C3E5BB161}" = SAS Enterprise Guide 4.2 "{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2 (32) "1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3 "febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2 "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18) "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Pharos" = Pharos "Temp File Cleaner" = Temp File Cleaner "YTdetect" = Yahoo! Detect [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2621877675-1559041608-2168509566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 7/9/2011 1:22:49 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Downloader in File: c:\Windows.old\Users\Kevin\AppData\Local\Temp\rdjt81oj.dll by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:24:00 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Downloader.Ertfor in File: C:\Windows.old\Users\Kevin\AppData\Local\Temp\vk38uml.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:25:12 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!W32.Harakit in File: C:\Windows.old\Users\Kevin\AppData\Local\Temp\taskmgr.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:26:15 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!W32.Harakit in File: C:\Windows.old\Users\Kevin\AppData\Local\Temp\lsass.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:26:53 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Downloader.Ertfor in File: C:\Windows.old\Users\Kevin\AppData\Local\Temp\lmk1v4q.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:27:25 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Zefarch in File: c:\Windows.old\Users\Kevin\AppData\Local\{9795F915-B286-4549-A015-5A313BC19F37}\chrome\content\overlay.xul by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:28:16 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Zefarch!gen1 in File: C:\Windows.old\Users\Kevin\AppData\Local\Temp\raywqxi.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:31:07 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!W32.SillyFDC in File: c:\Windows.old\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cxxegewa.exe by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Error - 7/9/2011 1:31:12 PM | Computer Name = UNC-C1F0YCECGDA | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen.2 in File: c:\Windows.old\Users\Kevin\AppData\Roaming\sdra64.exe by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Error - 7/9/2011 2:08:45 PM | Computer Name = UNC-C1F0YCECGDA | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . [ System Events ] Error - 6/27/2011 6:43:31 PM | Computer Name = UNC-C1F0YCECGDA | Source = DCOM | ID = 10010 Description = Error - 6/27/2011 11:35:54 PM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error - 6/29/2011 5:40:39 AM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 6/29/2011 9:12:06 AM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 6/30/2011 8:45:32 AM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 6/30/2011 1:06:33 PM | Computer Name = UNC-C1F0YCECGDA | Source = Application Popup | ID = 1060 Description = \??\C:\Windows\TEMP\mc2A727.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/30/2011 1:11:17 PM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 6/30/2011 1:12:19 PM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 7/1/2011 8:41:51 AM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error - 7/1/2011 9:48:09 AM | Computer Name = UNC-C1F0YCECGDA | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. < End of report >