Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Foster Parent


  • Please log in to reply
7 replies to this topic

#1 MattJD

MattJD

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 07 October 2009 - 09:49 PM

While working on my computer, I normally have open three (3) programs. These three programs are Microsoft Outlook 2007, Microsoft Excel 2000, and my ERP software (Ross). My system will slow to a crawl. I will shut down all programs, which takes quite some time, and begin the restart process. As the system is going through the shutdown, an "End Now" window pops up with the words "Foster Parent" in the title box. Once the system restarts, all is normal again. At this time, this has happened once a month for the last three (3) months.

---------------------------------------------------------------------------------------------------

DDS (Ver_09-09-29.01) - NTFSx86
Run by dolan at 10:57:37.75 on Wed 10/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.126 [GMT -4:00]

AV: AVG Internet Security Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\DWRCS.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Kaseya\Agent\KasAVSrv.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\DWRCST.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Temp\Temporary Directory 1 for dds.zip\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Gateway Ink Monitor] "c:\program files\gateway utilities\GWInkMonitor.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroCheck] c:\winnt\system32\NeroCheck.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxli~1.lnk - c:\program files\efax messenger plus 3.3\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger plus 3.3\J2GTray.exe
LSP: kaseyasp.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2009-4-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2009-4-30 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\winnt\system32\drivers\avgmfx86.sys [2008-10-29 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-4-30 108552]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\winnt\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R3 DwMirror;DwMirror;c:\winnt\system32\drivers\DamewareMini.sys [2007-2-7 3712]

=============== Created Last 30 ================

2009-10-07 10:57 <DIR> --d----- c:\temp\RarSFX0
2009-10-07 10:57 <DIR> --d-h--- c:\temp\Temporary Directory 1 for dds.zip
2009-10-05 13:11 <DIR> --d----- c:\temp\VBE
2009-10-05 09:04 <DIR> --d----- C:\lloyd
2009-09-23 16:15 714,528 a------- c:\temp\jre-6u15-windows-i586-iftw.exe
2009-09-23 09:18 <DIR> --d----- c:\temp\msohtml1
2009-09-14 10:34 <DIR> --d----- c:\temp\msoclip1
2009-09-14 08:39 <DIR> --d----- c:\temp\outlook logging
2009-09-10 10:22 <DIR> --d----- c:\temp\hsperfdata_dolan

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\winnt\system32\drivers\mbam.sys
2009-08-05 05:11 204,800 a------- c:\winnt\system32\mswebdvd.dll
2009-07-31 00:52 11,952 a------- c:\winnt\system32\avgrsstx.dll
2009-07-17 14:55 58,880 a------- c:\winnt\system32\atl.dll
2009-07-13 02:18 233,472 a------- c:\winnt\system32\wmpdxm.dll
2008-09-30 08:39 66,312 a------- c:\docume~1\dolan~1.mct\applic~1\GDIPFONTCACHEV1.DAT
2005-03-01 13:12 20,484 a------- c:\docume~1\dolan~1.mct\applic~1\wklnhst.dat

============= FINISH: 11:00:25.30 ===============


------------------------------------------------------------------------------------------------
-I just want to advise the ark.txt file was NOT run at the time the other reports were run.
I ran it later in the evening remotely from my home.

This is my wife's PC at her office.
If we need to provide further info please be aware I will need some time to get that to you. I'm not implying days but I may have to respond with the information later in the evening if my wife is unable to update the information herself during the day.

I think that is all the additional info I have. For now.

Attached Files


Edited by MattJD, 08 October 2009 - 02:06 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:30 PM

Posted 24 October 2009 - 08:57 AM

Hello MattJD

Welcome to BleepingComputer :(
==========================
Are you still in need of assistance?

If so please do the following:
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 MattJD

MattJD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 02 November 2009 - 08:39 PM

Thank you for your help.
Here are the two txt files you requested.

OTL logfile created on: 10/27/2009 1:59:23 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\dolan.MCTDAIRIES\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 288.43 Mb Available Physical Memory | 58.30% Memory free
1.13 Gb Paging File | 0.86 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): c:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 90.95 Gb Free Space | 81.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive P: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive S: | 74.52 Gb Total Space | 66.65 Gb Free Space | 89.43% Space Free | Partition Type: NTFS
Drive V: | 12.00 Gb Total Space | 1.52 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive W: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive Z: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS

Computer Name: A1003420
Current User Name: dolan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\3M\PSNLite\PSNGive.exe (3M)
PRC - C:\Program Files\3M\PSNLite\PsnLite.exe (3M)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (AHEAD Software)
PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\Gateway Utilities\GWInkMonitor.exe (Gateway)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
PRC - C:\Program Files\Kaseya\Agent\KasAVSrv.exe ()
PRC - C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
PRC - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINNT\System32\DWRCS.EXE (DameWare Development LLC)
PRC - C:\WINNT\System32\DWRCST.exe (DameWare Development)
PRC - C:\WINNT\System32\hkcmd.exe (Intel Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DWMRCS [Auto | Running]) -- C:\WINNT\System32\DWRCS.EXE (DameWare Development LLC)
SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (AHEAD Software)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KaseyaAgent [Auto | Running]) -- C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
SRV - (KaseyaAVService [Auto | Running]) -- C:\Program Files\Kaseya\Agent\KasAVSrv.exe ()
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINNT\System32\hpzipm12.dll (Hewlett-Packard)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinVNC4 [Auto | Running]) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

========== Driver Services (SafeList) ==========

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINNT\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINNT\System32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINNT\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (ASCTRM [Auto | Running]) -- C:\WINNT\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\WINNT\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINNT\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BANTExt [System | Running]) -- C:\WINNT\System32\Drivers\BANTExt.sys ()
DRV - (DwMirror [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\DamewareMini.sys (DameWare Development, LLC)
DRV - (dwvkbd [System | Running]) -- C:\WINNT\System32\DRIVERS\dwvkbd.sys (DameWare)
DRV - (E100B [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINNT\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINNT\System32\drivers\incdfs.sys ()
DRV - (InCDPass [System | Running]) -- C:\WINNT\System32\DRIVERS\InCDPass.sys (Ahead Software)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (KAPFA [On_Demand | Running]) -- C:\WINNT\System32\drivers\KAPFA.SYS (Kaseya)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINNT\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINNT\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Gateway Utilities\inkpeek.dll (Tartan Software)
MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINNT\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway Utilities\GWInkMonitor.exe (Gateway)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: mctfs2 ([]http in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://kaseya.lloydgroup.com/inc/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: iLO 2 Remote Console Applet https://172.16.2.8/dvc.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 4.2.2.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mctdairies.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINNT\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/16 14:55:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/16 14:51:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2005/05/02 20:00:46 | 00,000,000 | ---- | M] () - V:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/27 13:57:25 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\OTL.exe
[2009/10/27 00:39:52 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/10/05 09:04:05 | 00,000,000 | ---D | C] -- C:\lloyd

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\*.tmp files]
[16 C:\WINNT\*.tmp files]
[2009/10/27 13:57:36 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\OTL.exe
[2009/10/27 11:02:17 | 00,001,180 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/10/27 11:01:33 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/10/27 11:01:31 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/10/27 10:58:28 | 04,813,956 | -H-- | M] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Local Settings\Application Data\IconCache.db
[2009/10/27 07:14:27 | 44,262,168 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2009/10/27 07:14:27 | 00,056,251 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2009/10/26 11:40:47 | 01,871,387 | ---- | M] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\102609.pdf
[2009/10/26 10:19:47 | 00,079,872 | ---- | M] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\Open Payables 102609.xls
[2009/10/24 22:46:52 | 00,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2009/10/21 11:43:55 | 00,000,000 | ---- | M] () -- C:\WINNT\System32\Fax via eFax 3.3 Port
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe
[2009/09/30 19:14:36 | 00,492,629 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg
[2009/09/29 13:39:24 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\Ross.lnk

========== Files - No Company Name ==========
[2009/10/26 11:40:44 | 01,871,387 | ---- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\102609.pdf
[2009/10/26 10:08:08 | 00,079,872 | ---- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Desktop\Open Payables 102609.xls
[2009/05/29 10:33:43 | 00,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll
[2009/03/24 12:39:06 | 00,000,660 | ---- | C] () -- C:\WINNT\System32\DWRCCMDError.ini
[2008/09/11 11:51:55 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/24 09:57:21 | 00,000,159 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2006/09/18 14:37:50 | 00,000,530 | ---- | C] () -- C:\WINNT\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 00,667,280 | ---- | C] () -- C:\WINNT\System32\tx12.dll
[2006/06/21 09:15:05 | 00,000,257 | ---- | C] () -- C:\WINNT\DRILDOWN.INI
[2006/06/21 09:07:51 | 00,133,120 | ---- | C] () -- C:\WINNT\System32\lsvbwrap.dll
[2006/06/21 09:07:49 | 00,130,048 | ---- | C] () -- C:\WINNT\System32\FRxELM32.dll
[2006/06/19 12:35:10 | 00,001,028 | ---- | C] () -- C:\WINNT\FRX.INI
[2006/06/19 12:32:06 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Local Settings\Application Data\fusioncache.dat
[2006/06/16 19:26:53 | 00,066,312 | ---- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/16 19:26:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\desktop.ini
[2006/06/16 19:26:41 | 00,020,484 | ---- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\wklnhst.dat
[2006/06/16 16:34:56 | 04,813,956 | -H-- | C] () -- C:\Documents and Settings\dolan.MCTDAIRIES\Local Settings\Application Data\IconCache.db
[2006/02/09 14:46:30 | 00,106,496 | ---- | C] () -- C:\WINNT\System32\VSHP1020.DLL
[2005/11/18 10:52:00 | 00,051,392 | ---- | C] () -- C:\WINNT\System32\drivers\atnt40k.sys
[2005/08/17 16:08:13 | 00,102,400 | ---- | C] () -- C:\WINNT\System32\PMLJNI.dll
[2005/08/17 16:08:13 | 00,074,752 | ---- | C] () -- C:\WINNT\System32\jst.dll
[2005/08/17 16:05:41 | 00,000,141 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2005/08/17 16:05:40 | 00,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2005/08/17 16:01:15 | 00,000,101 | ---- | C] () -- C:\WINNT\System32\hptrace.ini
[2005/08/17 16:00:36 | 00,018,860 | ---- | C] () -- C:\WINNT\hpclj4650.ini
[2005/04/20 11:29:10 | 00,071,749 | ---- | C] () -- C:\WINNT\hcextoutput.dll
[2005/04/20 11:29:10 | 00,000,823 | ---- | C] () -- C:\WINNT\tsc.ini
[2005/04/20 11:27:53 | 00,000,170 | ---- | C] () -- C:\WINNT\GetServer.ini
[2005/03/01 15:58:26 | 00,000,024 | ---- | C] () -- C:\WINNT\wininit.ini
[2005/03/01 15:58:21 | 00,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/09/08 23:43:01 | 00,000,020 | ---- | C] () -- C:\WINNT\Hposcv07.INI
[2004/09/02 16:11:04 | 00,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
[2004/08/03 20:56:46 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/03/09 14:40:29 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2004/03/09 13:47:13 | 00,000,581 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004/03/09 13:44:34 | 00,000,605 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2004/03/09 13:44:34 | 00,000,052 | ---- | C] () -- C:\WINNT\intuprof.ini
[2004/03/09 13:43:42 | 00,087,872 | ---- | C] () -- C:\WINNT\System32\drivers\incdfs.sys
[2004/03/09 12:41:48 | 00,000,657 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/05/16 14:56:01 | 00,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/05/16 13:19:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2002/02/27 10:41:28 | 00,024,576 | ---- | C] () -- C:\WINNT\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 00,139,264 | ---- | C] () -- C:\WINNT\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\nsldapssl32v50.dll
[2001/07/31 06:17:12 | 00,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINNT\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINNT\AuHCcup1.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1997/06/11 21:23:00 | 00,047,104 | ---- | C] () -- C:\WINNT\System32\lotrn12.dll
[1980/01/01 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[1980/01/01 02:00:00 | 00,000,613 | ---- | C] () -- C:\WINNT\win.ini
[1980/01/01 02:00:00 | 00,000,231 | ---- | C] () -- C:\WINNT\system.ini

========== LOP Check ==========

[2009/10/05 09:07:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/11 10:52:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/08/22 12:53:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008/09/15 08:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2004/09/02 16:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Global
[2004/03/09 12:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2003/05/16 14:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/11/02 10:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/18 23:28:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data
[2004/09/02 16:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\3M
[2009/03/02 13:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\Ahead
[2005/06/14 08:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\Aim
[2008/06/20 14:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\ICAClient
[2004/09/03 09:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\ICQLite
[2004/09/02 17:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\j2 Global
[2009/08/11 09:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\pdfforge
[2009/05/29 11:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\Search Settings
[2008/12/09 10:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\U3
[2009/05/22 09:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dolan.MCTDAIRIES\Application Data\webex
[2002/08/29 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/10/27 11:01:33 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========


< End of report >





OTL Extras logfile created on: 10/27/2009 1:59:25 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\dolan.MCTDAIRIES\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 288.43 Mb Available Physical Memory | 58.30% Memory free
1.13 Gb Paging File | 0.86 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): c:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 90.95 Gb Free Space | 81.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive P: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive S: | 74.52 Gb Total Space | 66.65 Gb Free Space | 89.43% Space Free | Partition Type: NTFS
Drive V: | 12.00 Gb Total Space | 1.52 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive W: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS
Drive Z: | 397.79 Gb Total Space | 146.64 Gb Free Space | 36.86% Space Free | Partition Type: NTFS

Computer Name: A1003420
Current User Name: dolan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINNT\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Symantec\pcAnywhere\winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Enabled:pcAnywhere Main Program -- File not found
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service -- File not found
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- File not found
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks Basic\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Basic\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service -- File not found
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet v series
"{575C8DB5-4D2E-4DE1-9402-5FD2074F3F1B}" = HP Color LaserJet 4650
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports XI
"{846191DB-6E37-45D0-B638-FF4F7B818726}" = FRx 6.7 Client (\\Mctfs2\FRxReporter\)
"{8ECB8220-F424-4BEB-9596-97033C533702}" = QuickBooks Premier Edition 2008
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A5FCC3DE-56BD-48b2-8054-4BBE70BE186B}" = eFax Messenger Plus 3.3
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{ABA03482-CBA3-4427-AEF2-FC6F0108C8B4}" = FRx 6.7 Supplemental Files
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{C96FC96D-33A9-44EA-A5D0-12E2CE7CEE86}" = FRx 6.7-Train C:\FRxTRAIN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2B7C41F-C63D-4935-B323-B60673724D63}" = Do More 7.0
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{EE09EF7A-9E8C-4DCC-A615-CFFA8393E31E}" = EE09EF7A-9E8C-4DCC-A615-CFFA8393E31E
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F19131BB-1B2F-46D8-840B-9A619DBAF5B5}" = F19131BB-1B2F-46D8-840B-9A619DBAF5B5
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"Gembase 7.2.0" = Gembase 7.2.0
"HijackThis" = HijackThis 2.0.2
"HTPE3" = HyperTerminal Private Edition v6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = Ahead InCD
"Intel® 537EP Data Fax Modem" = Intel® 537EP Data Fax Modem
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Organizer V99.0" = Lotus Organizer 5.0
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PRO50" = PRO50
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSN" = Post-it® Software Notes Lite
"PX: {20BBF229-A337-40AD-9FEB-2C98CDA53D1C}" = Gateway Rhapsody
"Q903235" = Internet Explorer Q903235
"RealPlayer 6.0" = RealPlayer Basic
"Serials 2000 7.1+_is1" = Serials 2000 7.1+
"Shockwave" = Shockwave
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2009 11:57:05 AM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/22/2009 11:57:05 AM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/22/2009 11:57:05 AM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/23/2009 12:21:05 PM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/23/2009 12:21:05 PM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/23/2009 12:21:05 PM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/23/2009 12:21:36 PM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/23/2009 12:21:36 PM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/23/2009 12:21:36 PM | Computer Name = A1003420 | Source = QuickBooks | ID = 4
Description =

Error - 10/26/2009 1:35:19 PM | Computer Name = A1003420 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module wuaueng.dll, version 7.2.6001.788, fault address 0x000d2252.

[ System Events ]
Error - 10/26/2009 11:16:00 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:03 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:06 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:08 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:11 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:15 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:18 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/26/2009 11:16:21 PM | Computer Name = A1003420 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/27/2009 8:32:26 AM | Computer Name = A1003420 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 10/27/2009 11:02:28 AM | Computer Name = A1003420 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:30 PM

Posted 02 November 2009 - 10:03 PM

Are you having any issues?
Did the message stop?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 MattJD

MattJD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 03 November 2009 - 12:14 PM

Yes the problem is still occurring.

When this happens my wife tries to reboot the system. This appears to clear it temporarily.
During the shut down an 'End Now' window labeled Foster Parent appears before closing.
My wife says the system becoming unusable happens only once a month.

The scan from our first post was done while the computer was experiencing a slow down before she had to force reboot it.
I'm not certain if the second scan you requested was performed during 'an attack' for lack of a better description.

We have not be trying other steps until we heard from you.
I did not want to run further scans with tools that might disrupt the reports you needed.

Edited by MattJD, 03 November 2009 - 12:16 PM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:30 PM

Posted 03 November 2009 - 08:48 PM

No problem.
I see no sign of malware in your logs at all.
This sounds more of a software issue to me not a malware issue.

Sounds like "Foster Parent" is conflicting with something on your system.
I suggest posting a thread in this forum > http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

You can delete anything we used.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 MattJD

MattJD
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 04 November 2009 - 09:17 AM

Could it be we just missed the activity when the logs were created?
My wife's system has no program called Foster Parent installed.
I have no knowledge of any Windows applications or services with that name either.

Thank you very much for your help trying to track this down.
I'll move over to the thread you have advised.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:30 PM

Posted 04 November 2009 - 01:14 PM

Could it be we just missed the activity when the logs were created?
My wife's system has no program called Foster Parent installed.
I have no knowledge of any Windows applications or services with that name either.

No not likely.
Foster Parent may not be the actual name of the software but only a component of another program that is hitting an error.
Either way you are not infected.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users