Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Screen Physical memory dumping appearing, slow system

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » September 24th, 2009, 12:44 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:26 AM, on 9/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1213927109\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Common Files\aol\1213927109\ee\anotify.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=081109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Multiply Toolbar - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\PROGRA~1\multiply\multiply.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1213927109\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files\multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://imedicaeducation.webex.com/clie ... eatgpc.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 14402 bytes
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm
Advertisement
Register to Remove

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby MWR 3 day Mod » September 29th, 2009, 1:13 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby hottroc » October 1st, 2009, 5:56 pm

-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » October 1st, 2009, 6:10 pm

Thank you very much, I appreciate it.
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby hottroc » October 4th, 2009, 10:37 am

Sorry for the long delay. Please follow these instructions....


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » October 4th, 2009, 5:52 pm

OTL logfile created on: 10/4/2009 2:30:49 PM - Run 1
OTL by OldTimer - Version 3.0.18.3 Folder = C:\Documents and Settings\Sabrina\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 214.77 Mb Available Physical Memory | 21.20% Memory free
2.38 Gb Paging File | 1.36 Gb Available in Paging File | 57.30% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 119.34 Gb Free Space | 80.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRDMBLLC
Current User Name: Sabrina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe (CA, Inc.)
PRC - C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
PRC - C:\WINDOWS\System32\Pmxmiced.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\AOL\1213927109\ee\AOLSoftware.exe (AOL LLC)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\S4F\Filter7.exe (S4F, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
PRC - C:\Program Files\UVC\UVC.exe (Universal Village Corp)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
PRC - C:\Program Files\Dell Network Assistant\ezi_hnm2.exe (SingleClick Systems)
PRC - C:\Program Files\AOL 9.0\waol.exe (AOL, LLC.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
PRC - C:\Program Files\multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe ()
PRC - C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\AOL 9.0\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1213927109\ee\anotify.exe (AOL LLC)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Sabrina\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiSpywareService [Auto | Running]) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (Computer Associates International, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hnmsvc [Auto | Running]) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (UmxAgent [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxCfg [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (UmxFwHlp [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (UmxPol [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (VETMSGNT [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (CA, Inc.)

========== Driver Services (SafeList) ==========

DRV - (acfva [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ACFVA32.sys (Conexant Systems Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BrSerIf [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dgcfltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (KmxAgent [System | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxagent.sys (CA)
DRV - (KmxCF [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\KmxCF.sys (CA)
DRV - (KmxCfg [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxcfg.sys (CA)
DRV - (KmxFile [System | Running]) -- C:\WINDOWS\System32\DRIVERS\KmxFile.sys (CA)
DRV - (KmxFw [System | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxfw.sys (CA)
DRV - (KmxSbx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\KmxSbx.sys (CA)
DRV - (KmxStart [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\ACFSDK32.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32 [System | Running]) -- C:\WINDOWS\System32\drivers\oreans32.sys ()
DRV - (Packet [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\packet.sys (SingleClick Systems)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (pmxmouse [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (VET-FILT [System | Running]) -- C:\WINDOWS\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
DRV - (VET-REC [System | Running]) -- C:\WINDOWS\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (VETEFILE [System | Running]) -- C:\WINDOWS\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
DRV - (VETMONNT [System | Running]) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=081109
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\S-1-5-21-1353083518-896759782-4230620695-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\S-1-5-21-1353083518-896759782-4230620695-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Comcast Search"
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=081109"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: bibletoolbar@bibletoolbar.net:3.5.0
FF - prefs.js..extensions.enabledItems: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.0
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:2.1.4
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/01 08:16:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 12:12:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 12:12:09 | 00,000,000 | ---D | M]

[2008/11/19 15:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Extensions
[2008/11/19 15:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/04 12:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions
[2009/08/29 11:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/09/01 14:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
[2009/02/20 18:42:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 11:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/08/29 11:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/29 10:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\bibletoolbar@bibletoolbar.net
[2009/08/29 11:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\lazarus@interclue.com
[2009/03/25 07:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\multtoolbar@multiply.com
[2009/09/07 10:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\mozilla\Firefox\Profiles\b990ar9z.default\extensions\smarterwiki@wikiatic.com
[2009/10/04 12:36:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 06:47:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/01 08:16:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/04 12:26:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\browserhighlighter@ebay.com
[2009/09/10 06:47:27 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 06:47:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2008/12/01 08:16:07 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/10 06:47:30 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/10 12:12:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/10 12:12:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/10 12:12:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/10 12:12:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/10 12:12:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/10 12:12:09 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/10 12:12:09 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/28 22:03:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/28 22:03:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml
[2009/08/28 22:03:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/28 22:03:04 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/28 22:03:04 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/28 22:03:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/28 22:03:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Multiply Toolbar) - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\Program Files\multiply\multiply.dll ( )
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Multiply Toolbar) - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\Program Files\multiply\multiply.dll ( )
O3 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\..\Toolbar\WebBrowser: (Multiply Toolbar) - {A057A204-BACC-4D26-C4DC-6BA49CE16884} - C:\Program Files\multiply\multiply.dll ( )
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1213927109\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [S4F] C:\Program Files\S4F\Filter7.exe (S4F, Inc.)
O4 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006..\Run: [UVC] C:\Program Files\UVC\UVC.exe (Universal Village Corp)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Sabrina\Start Menu\Programs\Startup\Multiply AutoUploader.lnk = C:\Program Files\multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe ()
O4 - Startup: C:\Documents and Settings\Sabrina\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\wins4f.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\System32\wins4f.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1353083518-896759782-4230620695-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://imedicaeducation.webex.com/clie ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWnp.Dll (CA)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/25 07:36:04 | 01,109,661 | ---- | M] () - C:\AutoUploader.air -- [ NTFS ]
O33 - MountPoints2\{0d6f433a-d542-11dd-9649-00038a000015}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{0d6f433a-d542-11dd-9649-00038a000015}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{0d6f433a-d542-11dd-9649-00038a000015}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{0d6f433a-d542-11dd-9649-00038a000015}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{0d6f433a-d542-11dd-9649-00038a000015}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/10 12:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/03 08:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\Application Data\UVC
[2009/09/10 12:22:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/10 12:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/10 12:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/22 11:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\S4F
[2009/09/22 14:09:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/02 11:43:19 | 00,000,000 | ---D | C] -- C:\Program Files\UVC
[2009/10/02 11:42:51 | 14,286,576 | ---- | C] (Universal Village Corp ) -- C:\UVC_Setup.exe
[2009/10/01 12:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\My Documents\Meyer,Nathan
[2009/09/23 11:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\My Documents\frazierdates
[2009/09/22 11:53:09 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sporder.dll
[2009/09/20 16:38:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\Desktop\s & d
[2009/09/16 16:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\My Documents\Downloads
[2009/09/10 12:10:15 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/10 12:07:12 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/09/09 17:13:22 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/04 14:06:16 | 00,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/04 11:06:04 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/03 10:03:18 | 00,000,657 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/03 10:02:39 | 00,000,974 | ---- | M] () -- C:\Documents and Settings\Sabrina\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
[2009/10/03 10:01:24 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2009/10/03 10:00:34 | 00,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/03 09:54:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/03 09:54:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 09:54:40 | 10,623,87712 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/02 17:10:36 | 00,281,582 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/10/02 17:10:36 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/10/02 16:49:23 | 00,002,411 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\EasyPrint.lnk
[2009/10/02 11:44:33 | 00,000,443 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UVC.lnk
[2009/10/02 11:43:14 | 14,286,576 | ---- | M] (Universal Village Corp ) -- C:\UVC_Setup.exe
[2009/10/01 18:10:20 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Website Flow Chart.docx
[2009/10/01 17:13:05 | 00,010,623 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Website Design Letter.docx
[2009/10/01 13:15:11 | 00,370,688 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\BillingSheet9_18_09.doc
[2009/10/01 13:14:28 | 00,160,768 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Meeks,Christopher.doc
[2009/10/01 13:00:34 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Frazier Family Dates to Remember 2009.xls
[2009/10/01 12:43:53 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Billingsheet9_30_09.doc
[2009/10/01 12:33:06 | 00,040,978 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Meyer,Nathan.zip
[2009/10/01 12:03:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/30 16:25:56 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Hill,DylanCCinfo.doc
[2009/09/29 10:20:47 | 03,578,310 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Medicaid Billing Book.pdf
[2009/09/29 09:31:36 | 00,000,105 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\MHNet Eclaims.URL
[2009/09/25 16:44:45 | 00,009,438 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\3752450_090925_198314686.pdf
[2009/09/24 23:03:49 | 00,114,277 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\tiffany dss fax.pdf
[2009/09/24 18:31:43 | 00,021,655 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\FrazierContactInfo.pdf
[2009/09/24 18:05:03 | 00,013,526 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\FrazierAnniversaries.zip
[2009/09/24 17:18:08 | 00,114,277 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\letter tiffany.pdf
[2009/09/24 16:01:38 | 00,016,593 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\9-25CashFlow2.pdf
[2009/09/24 15:37:06 | 00,016,615 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\9-25CashFlow.pdf
[2009/09/24 14:41:20 | 00,718,073 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\ecoup_S525.pdf
[2009/09/24 11:16:28 | 10,624,16384 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/09/23 18:00:45 | 00,016,635 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\9-18CashFlow.pdf
[2009/09/23 11:27:54 | 00,010,062 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\frazierdates.zip
[2009/09/22 22:05:59 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\ss_Ministry_-_BreakfastCalendar_beginning_September_2009.doc
[2009/09/22 14:09:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\HijackThis.lnk
[2009/09/22 11:54:04 | 00,000,029 | ---- | M] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/09/20 07:49:31 | 00,074,909 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Books - Charlene Atkins.xlsx
[2009/09/17 12:34:26 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Financials - Charlene Atkins.xls
[2009/09/17 08:49:46 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\TriWestApprovalLettermay09.doc
[2009/09/12 23:15:35 | 00,011,419 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Farming.xlsx
[2009/09/12 22:06:10 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Financials - Tiffany Martin.xls
[2009/09/12 15:42:32 | 00,015,121 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Notes about Medicaid.docx
[2009/09/10 14:36:11 | 00,019,971 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\CrystalReports-StatusReportPortrait.pdf
[2009/09/10 14:13:59 | 00,035,871 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Books - Tiffany Martin.xlsx
[2009/09/10 12:26:21 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/09/10 12:23:12 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/10 12:11:51 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/10 03:01:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/09 15:33:33 | 00,053,223 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\5013197539_090909_194544391.pdf
[2009/09/09 12:34:38 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Sabrina\My Documents\~$tes about Medicaid.docx
[2009/09/09 08:34:32 | 00,191,488 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\DylanHill.doc
[2009/09/09 08:34:00 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\BillingSheet9_4_09.doc
[2009/09/09 08:32:49 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\BrennanHarms.doc
[2009/09/09 08:32:06 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\Tiller,Amber.doc
[2009/09/09 08:31:33 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\ProgressNotes.doc
[2009/09/08 14:34:40 | 00,407,441 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\section 13.pdf
[2009/09/08 14:03:03 | 00,171,520 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\2009-2010Schedule-Revised(2).doc
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

========== Files - No Company Name ==========
[2009/10/02 11:44:33 | 00,000,443 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UVC.lnk
[2009/10/01 17:13:05 | 00,010,623 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Website Design Letter.docx
[2009/10/01 16:53:54 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Website Flow Chart.docx
[2009/10/01 13:15:08 | 00,370,688 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\BillingSheet9_18_09.doc
[2009/10/01 13:14:27 | 00,160,768 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Meeks,Christopher.doc
[2009/10/01 12:43:52 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Billingsheet9_30_09.doc
[2009/10/01 12:33:05 | 00,040,978 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Meyer,Nathan.zip
[2009/09/30 16:25:55 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Hill,DylanCCinfo.doc
[2009/09/29 10:20:47 | 03,578,310 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Medicaid Billing Book.pdf
[2009/09/29 09:31:36 | 00,000,105 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\MHNet Eclaims.URL
[2009/09/25 16:44:45 | 00,009,438 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\3752450_090925_198314686.pdf
[2009/09/24 23:03:48 | 00,114,277 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\tiffany dss fax.pdf
[2009/09/24 18:31:42 | 00,021,655 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\FrazierContactInfo.pdf
[2009/09/24 17:18:07 | 00,114,277 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\letter tiffany.pdf
[2009/09/24 16:01:38 | 00,016,593 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\9-25CashFlow2.pdf
[2009/09/24 15:37:06 | 00,016,615 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\9-25CashFlow.pdf
[2009/09/24 14:41:20 | 00,718,073 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\ecoup_S525.pdf
[2009/09/23 18:00:45 | 00,016,635 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\9-18CashFlow.pdf
[2009/09/23 11:27:54 | 00,010,062 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\frazierdates.zip
[2009/09/22 22:05:58 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\ss_Ministry_-_BreakfastCalendar_beginning_September_2009.doc
[2009/09/22 14:09:43 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\HijackThis.lnk
[2009/09/22 11:54:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/09/22 11:53:49 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\wins4f.dll
[2009/09/22 11:53:48 | 00,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2009/09/17 08:49:44 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\TriWestApprovalLettermay09.doc
[2009/09/10 14:36:10 | 00,019,971 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\CrystalReports-StatusReportPortrait.pdf
[2009/09/10 12:23:12 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/10 12:11:51 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 15:33:32 | 00,053,223 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\5013197539_090909_194544391.pdf
[2009/09/09 12:34:38 | 00,015,121 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Notes about Medicaid.docx
[2009/09/09 12:34:38 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Sabrina\My Documents\~$tes about Medicaid.docx
[2009/09/09 08:34:31 | 00,191,488 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\DylanHill.doc
[2009/09/09 08:33:59 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\BillingSheet9_4_09.doc
[2009/09/09 08:32:48 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\BrennanHarms.doc
[2009/09/09 08:32:05 | 00,043,520 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\Tiller,Amber.doc
[2009/09/09 08:29:56 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\ProgressNotes.doc
[2009/09/08 14:34:39 | 00,407,441 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\section 13.pdf
[2009/09/08 14:02:55 | 00,171,520 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\2009-2010Schedule-Revised(2).doc
[2008/09/07 14:18:09 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/06/19 19:32:18 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Sabrina\Local Settings\Application Data\fusioncache.dat
[2008/06/05 06:50:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/27 22:24:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/04/25 09:47:18 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/04/25 09:47:18 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/04/23 16:21:36 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/04/14 20:04:10 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Sabrina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/12 20:47:52 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/12 15:47:37 | 05,863,368 | -H-- | C] () -- C:\Documents and Settings\Sabrina\Local Settings\Application Data\IconCache.db
[2008/04/12 15:47:37 | 00,081,104 | ---- | C] () -- C:\Documents and Settings\Sabrina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/04/12 15:47:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Sabrina\Application Data\desktop.ini
[2008/04/09 22:13:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/09 22:10:58 | 00,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/04/09 22:07:58 | 00,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/04/09 21:51:06 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/04/09 21:49:39 | 00,001,032 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/10/11 18:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 12:51:28 | 00,000,657 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » October 4th, 2009, 5:53 pm

OTL Extras logfile created on: 10/4/2009 2:30:49 PM - Run 1
OTL by OldTimer - Version 3.0.18.3 Folder = C:\Documents and Settings\Sabrina\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 214.77 Mb Available Physical Memory | 21.20% Memory free
2.38 Gb Paging File | 1.36 Gb Available in Paging File | 57.30% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 119.34 Gb Free Space | 80.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRDMBLLC
Current User Name: Sabrina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

[HKEY_USERS\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\Common Files\aol\1212556957\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1212556957\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.0 VR\waol.exe" = C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Common Files\aol\1213927109\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1213927109\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A0EF44E-1DDD-12F3-2321-75972B1CF0D8}" = Multiply AutoUploader
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DF8832B-DEB6-4768-B73D-F5335B7DEE60}" = UVC
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.8.0
"{8ECB8220-F417-4BEB-9596-97033C533702}" = QuickBooks Invoice Manager
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C413FCAA-B841-4C05-9D24-F29D2B4F134A}" = Content Cleaner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA8D0E23-BE28-4011-85D9-850DB7B0737A}" = Medicare Remit EasyPrint
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AudibleManager" = AudibleManager
"CNXT_MODEM_USB_ACF" = USB Modem
"com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1" = Multiply AutoUploader
"comcasttb" = Comcast Toolbar 3.0
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CrossLoop_is1" = CrossLoop 2.31
"eTrust Suite Personal" = CA Internet Security Suite
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HedgeBuilders Internet Filtering" = HedgeBuilders Internet Filtering
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"multiply" = Multiply Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office Therapy V7.5.82" = Office Therapy V7.5.82
"Password Safe" = Password Safe
"PC-ACE Pro32 Claims Processing System" = PC-ACE Pro32 Claims Processing System
"PROPLUS" = Microsoft Office Professional Plus 2007
"SearchAssist" = SearchAssist
"TubeSock" = TubeSock 1.0.8.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1353083518-896759782-4230620695-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2009 5:17:08 PM | Computer Name = FRDMBLLC | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.0.70, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2009 12:51:11 AM | Computer Name = FRDMBLLC | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

Error - 9/24/2009 4:28:56 PM | Computer Name = FRDMBLLC | Source = Application Error | ID = 1000
Description = Faulting application aolsoftware.exe, version 15.6.1.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/27/2009 5:42:43 PM | Computer Name = FRDMBLLC | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2009 11:08:57 PM | Computer Name = FRDMBLLC | Source = Application Hang | ID = 1002
Description = Hanging application caav.exe, version 8.4.0.29, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2009 11:09:17 PM | Computer Name = FRDMBLLC | Source = Application Hang | ID = 1001
Description = Fault bucket 1390883649.

Error - 9/30/2009 8:11:10 AM | Computer Name = FRDMBLLC | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

Error - 9/30/2009 5:29:26 PM | Computer Name = FRDMBLLC | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2009 9:47:52 AM | Computer Name = FRDMBLLC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/1/2009 9:47:52 AM | Computer Name = FRDMBLLC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 10/4/2009 1:26:26 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 1:41:14 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 1:56:01 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 2:10:48 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 2:25:35 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 2:40:23 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 2:55:11 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 3:09:58 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 3:24:46 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.

Error - 10/4/2009 3:39:34 PM | Computer Name = FRDMBLLC | Source = NetBT | ID = 4321
Description = The name "DAVID :0" could not be registered on the Interface
with IP address 192.168.2.2. The machine with the IP address 192.168.2.4 did not
allow the name to be claimed by this machine.


< End of report >
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » October 6th, 2009, 12:23 am

During a routine virus scan this evening, my program uncovered Win32/Malwarewar in some files, here is the log with the most recent scan at the bottom:



Started scanning at 9/29/2009 9:47:13 PM. Engine Ver: 31.6.0. Sig Ver:6767. Sig Date: 9/28/2009. ArcLib Ver: 8.1.4.0.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\MyDB.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\toolbar.lst - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\sabrinanardi - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\sabrinanar00 - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.

Files Scanned: 49848
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0


Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Scanning aborted at 9/29/2009 9:57:12 PM.

Started scanning at 9/30/2009 9:47:11 PM. Engine Ver: 31.6.0. Sig Ver:6769. Sig Date: 9/29/2009. ArcLib Ver: 8.1.4.0.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\MyDB.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\toolbar.lst - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\sabrinanardi - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\sabrinanar00 - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Sabrina\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\art.idx - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\spool.lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\b990ar9z.default\cookies.sqlite-journal - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\b990ar9z.default\parent.lock - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\b990ar9z.default\places.sqlite-journal - Could not open the file.

Files Scanned: 69422
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0


Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Scanning aborted at 9/30/2009 9:59:04 PM.

Started scanning at 10/1/2009 4:29:32 PM. Engine Ver: 31.6.0. Sig Ver:6771. Sig Date: 9/30/2009. ArcLib Ver: 8.1.4.0.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\MyDB.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\toolbar.lst - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\sabrinanardi - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\sabrinanar00 - Could not open the file.

Files Scanned: 5755
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0


Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Scanning aborted at 10/1/2009 4:30:36 PM.

Started scanning at 10/3/2009 9:47:02 PM. Engine Ver: 31.6.0. Sig Ver:6774. Sig Date: 10/2/2009. ArcLib Ver: 8.1.4.0.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\MyDB.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\toolbar.lst - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\sabrinanardi - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\sabrinanar00 - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Sabrina\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\art.idx - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\spool.lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst - Could not open the file.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Sabrina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\Local Settings\Temp\fla314.tmp - Could not open the file.
C:\Program Files\comcasttb\uninstall.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Program Files\comcasttb\ComcastSpywareScan\Uninstall.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\WINDOWS\system32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\system32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\system32\config\DEFAULT - Could not open the file.
C:\WINDOWS\system32\config\default.LOG - Could not open the file.
C:\WINDOWS\system32\config\SAM - Could not open the file.
C:\WINDOWS\system32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\system32\config\SECURITY - Could not open the file.
C:\WINDOWS\system32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\system32\config\SOFTWARE - Could not open the file.
C:\WINDOWS\system32\config\software.LOG - Could not open the file.
C:\WINDOWS\system32\config\SYSTEM - Could not open the file.
C:\WINDOWS\system32\config\system.LOG - Could not open the file.

Files Scanned: 378119
Files Infected: 6
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Win32/MalwareWar

Files not Cleaned\Deleted\Quarantined (Limit 100): 6

C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Program Files\comcasttb\uninstall.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Program Files\comcasttb\ComcastSpywareScan\Uninstall.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
Finished scanning at 10/3/2009 10:53:49 PM.

Started scanning at 10/4/2009 9:47:05 PM. Engine Ver: 31.6.0. Sig Ver:6774. Sig Date: 10/2/2009. ArcLib Ver: 8.1.4.0.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\MyDB.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\toolbar.lst - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\sabrinanardi - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\sabrinanar00 - Could not open the file.

Files Scanned: 2230
Files Infected: 0
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0


Files not Cleaned\Deleted\Quarantined (Limit 100): 0

Scanning aborted at 10/4/2009 9:48:13 PM.

Started scanning at 10/5/2009 9:47:11 PM. Engine Ver: 31.6.0. Sig Ver:6777. Sig Date: 10/4/2009. ArcLib Ver: 8.1.4.0.
C:\hiberfil.sys - Could not open the file.
C:\pagefile.sys - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\MyDB.idx - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sabrinanardi\toolbar.lst - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\sabrinanardi - Could not open the file.
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\sabrinanar00 - Could not open the file.
C:\Documents and Settings\LocalService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\LocalService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\NTUSER.DAT - Could not open the file.
C:\Documents and Settings\Sabrina\ntuser.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\art.idx - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\spool.lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\b990ar9z.default\cookies.sqlite-journal - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\b990ar9z.default\parent.lock - Could not open the file.
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\b990ar9z.default\places.sqlite-journal - Could not open the file.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Documents and Settings\Sabrina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - Could not open the file.
C:\Documents and Settings\Sabrina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - Could not open the file.
C:\Documents and Settings\Sabrina\Local Settings\Temp\etilqs_S1AdQeu94ZlRscJOXYp5 - Could not open the file.
C:\Program Files\comcasttb\uninstall.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\Program Files\comcasttb\ComcastSpywareScan\Uninstall.exe <$PLUGINSDIR\installoptions.dll> - Win32/MalwareWar unknown type. Infected.
C:\WINDOWS\system32\CatRoot2\edb.log - Could not open the file.
C:\WINDOWS\system32\CatRoot2\tmp.edb - Could not open the file.
C:\WINDOWS\system32\config\DEFAULT - Could not open the file.
C:\WINDOWS\system32\config\default.LOG - Could not open the file.
C:\WINDOWS\system32\config\SAM - Could not open the file.
C:\WINDOWS\system32\config\SAM.LOG - Could not open the file.
C:\WINDOWS\system32\config\SECURITY - Could not open the file.
C:\WINDOWS\system32\config\SECURITY.LOG - Could not open the file.
C:\WINDOWS\system32\config\SOFTWARE - Could not open the file.
C:\WINDOWS\system32\config\software.LOG - Could not open the file.
C:\WINDOWS\system32\config\SYSTEM - Could not open the file.
C:\WINDOWS\system32\config\system.LOG - Could not open the file.

Files Scanned: 381822
Files Infected: 6
Files Cleaned \ Deleted: 0
Files Quarantined: 0
Memory Infections: 0
Memory Infections Cleaned: 0
Boot Infections: 0
Boot Infections Cleaned: 0

Top infections found during scan (Limited to 10).
Win32/MalwareWar

Files not Cleaned\Deleted\Quarantined (Limit 100): 6

C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Documents and Settings\Sabrina\Desktop\ComcastTB_3.0.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Program Files\comcasttb\uninstall.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
C:\Program Files\comcasttb\ComcastSpywareScan\Uninstall.exe <$PLUGINSDIR\installoptions.dll> (Win32/MalwareWar)
Finished scanning at 10/5/2009 11:12:57 PM.
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby hottroc » October 7th, 2009, 1:55 pm

Hi, sorry about the long delay again, those OTL logs take a long time to go through. Please follow these instructions carefully....


Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :Files
    @C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
    
    
  • Then click the Run Fix button at the top.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTL.


BLACKLIGHT
  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic together with the new OTL report from above.


I will look into the scan log you posted in your previous post.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » October 7th, 2009, 3:39 pm

Log from OTL.EXE


========== FILES ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794 deleted successfully.

OTL by OldTimer - Version 3.0.18.4 log created on 10072009_143839
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby safraz » October 7th, 2009, 4:16 pm

Log from FSBL:

10/07/09 14:42:14 [Info]: BlackLight Engine 2.2.1092 initialized
10/07/09 14:42:14 [Info]: OS: 5.1 build 2600 (Service Pack 3)
10/07/09 14:42:14 [Note]: 7019 4
10/07/09 14:42:14 [Note]: 7005 0
10/07/09 14:42:54 [Note]: 7006 0
10/07/09 14:42:54 [Note]: 7022 0
10/07/09 14:42:54 [Note]: 7011 2284
10/07/09 14:42:54 [Note]: 7035 0
10/07/09 14:42:54 [Note]: 7026 0
10/07/09 14:42:54 [Note]: 7026 0
10/07/09 14:42:54 [Note]: FSRAW library version 1.7.1024
10/07/09 14:44:18 [Note]: 4013 121681
10/07/09 14:44:18 [Note]: 4020 120681 655360
10/07/09 14:44:18 [Note]: 4018 120681 655360
10/07/09 14:44:18 [Note]: 4013 121681
10/07/09 14:44:18 [Note]: 4020 120681 655360
10/07/09 14:44:18 [Note]: 4018 120681 655360
10/07/09 14:44:31 [Note]: 4013 97365
10/07/09 14:44:31 [Note]: 4020 120681 655360
10/07/09 14:44:31 [Note]: 4018 120681 655360
10/07/09 14:44:31 [Note]: 4013 97365
10/07/09 14:44:31 [Note]: 4020 120681 655360
10/07/09 14:44:31 [Note]: 4018 120681 655360
10/07/09 14:46:59 [Note]: 4013 121901
10/07/09 14:46:59 [Note]: 4020 78621 2097152
10/07/09 14:46:59 [Note]: 4018 78621 2097152
10/07/09 14:46:59 [Note]: 4013 121901
10/07/09 14:46:59 [Note]: 4020 78621 2097152
10/07/09 14:46:59 [Note]: 4018 78621 2097152
10/07/09 14:54:49 [Note]: 7007 0
safraz
Active Member
 
Posts: 8
Joined: September 24th, 2009, 12:39 pm

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby hottroc » October 7th, 2009, 4:44 pm

Those lines found in your routine scan log from before are false positives. Your system shows no signs of Win32/MalwareWar but just to be on the safe side follow these instructions and include the log in your response.....


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Blue Screen Physical memory dumping appearing, slow system

Unread postby NonSuch » October 11th, 2009, 4:05 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 493 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware