Please assist:
XP PC keeps auto-rebooting in normal mode. MS Security Essentials could not finish a full scan.
Rebooted in safe mode and MS Sec Essentials found some trojans that I removed. Scan now shows clean but still auto-rebooting in normal mode and just got a blue screen in safe mode.
Thank you.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 16:19:02 on 2012-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1676 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
uWindow Title = Windows Internet Explorer provided by Fred
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161313078296
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://192.168.0.32/activex/AMC.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.fujifilm.net/upload/FujifilmUploadClient.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
TCP: Interfaces\{1D552F1E-7985-4C8B-9234-A52B004D3A93} : DhcpNameServer = 205.152.144.23 205.152.132.23
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\og8o1s63.default\
FF - plugin: c:\progra~1\gradkell\dbsign~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2006-11-4 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2006-11-4 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2006-11-4 430670]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
S1 MpKsl5be464aa;MpKsl5be464aa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl5be464aa.sys [2012-6-30 29904]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2006-11-4 64093]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
S2 acautoupdate;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-6-3 51240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-10 133104]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2009-2-11 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-10 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2012-1-6 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2010-4-24 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2010-4-24 13312]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-1-1 21648]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-11-7 57856]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-11-7 57856]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [2006-11-9 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [2006-11-9 76800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
.
=============== Created Last 30 ================
.
2012-06-30 19:29:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl5be464aa.sys
2012-06-30 19:24:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl18135ea5.sys
2012-06-30 19:18:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl695cd666.sys
2012-06-30 19:10:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl87d05b93.sys
2012-06-30 19:04:21 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl45835a53.sys
2012-06-30 18:58:52 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslf635e0bf.sys
2012-06-30 18:53:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl3817c498.sys
2012-06-30 18:47:58 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslf778628b.sys
2012-06-30 18:42:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslbd1619d3.sys
2012-06-30 18:36:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl4f5ac84f.sys
2012-06-30 12:39:42 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslfb03fe64.sys
2012-06-30 02:21:48 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl508db6b0.sys
2012-06-30 02:21:42 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-30 02:00:49 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslfc3b2d2f.sys
2012-06-30 01:53:56 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslce3c7c89.sys
2012-06-30 01:17:55 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl661b5313.sys
2012-06-30 00:28:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl09e9f3d8.sys
2012-06-30 00:23:05 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl96e9e01e.sys
2012-06-30 00:17:39 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl4dd1c5ce.sys
2012-06-30 00:12:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsldaf308c9.sys
2012-06-30 00:06:30 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl7f03d061.sys
2012-06-30 00:01:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl92ca4db0.sys
2012-06-29 23:55:39 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsle2a11b31.sys
2012-06-29 23:50:12 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl05af7a5d.sys
2012-06-29 23:44:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslfe91dda4.sys
2012-06-29 23:39:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslaa8da782.sys
2012-06-29 23:19:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsld9291a1b.sys
2012-06-29 23:18:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\mpengine.dll
2012-06-21 14:13:20 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search
2012-06-21 12:33:47 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-21 12:32:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-21 12:32:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-13 22:20:55 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 09:17:36 73728 ----a-w- c:\windows\LiveAudio.ocx
2012-06-07 09:17:36 405504 ----a-w- c:\windows\GeoCodec.dll
2012-06-07 09:17:36 176128 ----a-w- c:\windows\GeoCodecLib.dll
2012-06-07 09:17:35 745984 ----a-w- c:\windows\ir50_32.dll
2012-06-07 09:17:35 413760 ----a-w- c:\windows\mpg4c32.dll
2012-06-07 09:17:35 255488 ----a-w- c:\windows\m3jpeg32.dll
2012-06-07 09:17:35 225280 ----a-w- c:\windows\LiveX.ocx
2012-06-07 09:17:35 208896 ----a-w- c:\windows\LiveClient.dll
.
==================== Find3M ====================
.
2012-06-29 23:29:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 23:29:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-07 00:27:44 2487 ----a-w- C:\idsuite_run.bat
2011-10-14 19:02:31 161720 ----a-w- c:\program files\2pres.dll
.
============= FINISH: 16:20:10.48 ===============

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi fscali and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)


Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

By the way, while waiting, please answer these question.
Is this a business, corporate, institutional computer or used in such an environment?
Please read: Personal computer (http://forums.spybot.info/showpost.php?p=25712&postcount=5)

How do you obtain Microsoft Office Enterprise 2007?
What is the last thing you do before the blue screen happen? Install or remove a software, hardware or driver?



Thank you for your patience.
torreattack

torreattack:
Thank you for taking the time to assist me.
Quick answers to your questions:
1. Personal PC
2. Group license through my job.
3. No hardware, software, or drivers were installed/uninstalled by any deliberate action on my part. The blue screen is rare. The reboot (when running in normal mode) is frequent. I am operating in safe mode now with no apparent issues.


Is this a business, corporate, institutional computer or used in such an environment?
Please read: Personal computer (http://forums.spybot.info/showpost.php?p=25712&postcount=5)

How do you obtain Microsoft Office Enterprise 2007?
What is the last thing you do before the blue screen happen? Install or remove a software, hardware or driver?

hi fscali:

Let's dig deeper.

You have Spybot-S&D installed, TeaTimer needs to be disabled so that its protection does not interfere with fixes. Please disabled it.
note:You can find the instruction here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).

1. RogueKiller
Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it.
If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.


2. aswMBR.exe
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your Desktop.
Double click aswMBR.exe to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.


3. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


4. When did this "auto-rebooting in normal mode" start to happen?


5. Checklist
Please post:
RKreport[1].txt
aswMBR.txt
OTL.txt and Extra.txt
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

I have a quick question before I start:
I have been operating in safe mode with the real time protection of both Tea Timer and MSSE disabled. Do you want me to execute your directions running in normal or safe mode? Either way I will disable Tea Timer.

Try to run them it normal mode.

If fail, then again in safe mode.

In both mode, please disable the teatimer.

thanks,
torreattack

Suffered thru a couple of BSODs but completed all scans in normal mode.

1) RK:
RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: fred [Admin rights]
Mode: Scan -- Date: 07/05/2012 19:03:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 optmd.com
127.0.0.1 doubleclick.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ARRAY +++++
--- User ---
[MBR] ccda41b3ebd9b46d65a2c65edb9077f9
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 109638 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 224669025 | Size: 38122 Mo
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302744925 | Size: 4753 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



2) aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-05 19:24:40
-----------------------------
19:24:40.087 OS Version: Windows 5.1.2600 Service Pack 3
19:24:40.087 Number of processors: 2 586 0xF06
19:24:40.087 ComputerName: E520 UserName: fred
19:24:46.774 Initialize success
19:24:59.834 AVAST engine defs: 12070501
19:25:03.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:25:03.677 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
19:25:03.677 Disk 0 MBR read successfully
19:25:03.693 Disk 0 MBR scan
19:25:03.708 Disk 0 unknown MBR code
19:25:03.724 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:25:03.740 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109638 MB offset 112455
19:25:03.755 Disk 0 Partition - 00 0F Extended LBA 38122 MB offset 224669025
19:25:03.787 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302744925
19:25:03.927 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38122 MB offset 224669088
19:25:03.943 Disk 0 scanning sectors +312480315
19:25:04.037 Disk 0 scanning C:\WINDOWS\system32\drivers
19:25:30.329 Service scanning
19:25:52.670 Service MpKsleb500f47 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF488E69-C7BB-4E35-BB7F-CEC44A693821}\MpKsleb500f47.sys **LOCKED** 32
19:26:11.167 Modules scanning
19:26:17.494 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:26:18.134 Disk 0 trace - called modules:
19:26:18.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:26:18.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a828ab8]
19:26:18.166 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a827030]
19:26:18.681 AVAST engine scan C:\WINDOWS
19:26:29.398 AVAST engine scan C:\WINDOWS\system32
19:31:28.196 AVAST engine scan C:\WINDOWS\system32\drivers
19:32:02.503 AVAST engine scan C:\Documents and Settings\fred
19:34:40.073 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\MBR.dat"
19:34:40.073 The log file has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-05 19:24:40
-----------------------------
19:24:40.087 OS Version: Windows 5.1.2600 Service Pack 3
19:24:40.087 Number of processors: 2 586 0xF06
19:24:40.087 ComputerName: E520 UserName: fred
19:24:46.774 Initialize success
19:24:59.834 AVAST engine defs: 12070501
19:25:03.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:25:03.677 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
19:25:03.677 Disk 0 MBR read successfully
19:25:03.693 Disk 0 MBR scan
19:25:03.708 Disk 0 unknown MBR code
19:25:03.724 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:25:03.740 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109638 MB offset 112455
19:25:03.755 Disk 0 Partition - 00 0F Extended LBA 38122 MB offset 224669025
19:25:03.787 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302744925
19:25:03.927 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38122 MB offset 224669088
19:25:03.943 Disk 0 scanning sectors +312480315
19:25:04.037 Disk 0 scanning C:\WINDOWS\system32\drivers
19:25:30.329 Service scanning
19:25:52.670 Service MpKsleb500f47 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF488E69-C7BB-4E35-BB7F-CEC44A693821}\MpKsleb500f47.sys **LOCKED** 32
19:26:11.167 Modules scanning
19:26:17.494 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:26:18.134 Disk 0 trace - called modules:
19:26:18.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:26:18.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a828ab8]
19:26:18.166 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a827030]
19:26:18.681 AVAST engine scan C:\WINDOWS
19:26:29.398 AVAST engine scan C:\WINDOWS\system32
19:31:28.196 AVAST engine scan C:\WINDOWS\system32\drivers
19:32:02.503 AVAST engine scan C:\Documents and Settings\fred
19:34:40.073 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\MBR.dat"
19:34:40.073 The log file has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.txt"
19:50:48.505 AVAST engine scan C:\Documents and Settings\All Users
19:54:52.648 Scan finished successfully
19:55:39.954 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\MBR.dat"
19:55:40.001 The log file has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.txt"


3) OTL:
OTL logfile created on: 7/5/2012 7:56:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\fred\Desktop\troubleshoot
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.61% Memory free
3.84 Gb Paging File | 3.00 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 38.59 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 37.15 Gb Free Space | 99.78% Space Free | Partition Type: NTFS

Computer Name: E520 | User Name: fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.exe (AVAST Software)
PRC - C:\Documents and Settings\fred\Desktop\troubleshoot\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\LcProxy.ax ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (acautoupdate) -- C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (ActivIdentity)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VPROEVENTMONITOR) -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\fred\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (MpKsleb500f47) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF488E69-C7BB-4E35-BB7F-CEC44A693821}\MpKsleb500f47.sys (Microsoft Corporation)
DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)
DRV - (SCR3XX2K) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SCR3xx USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (OlyCamComm) -- C:\WINDOWS\system32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (LGII2CDevice) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (LGDDCDevice) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (SNXPPALX) -- C:\WINDOWS\system32\drivers\snxppalx.sys ()
DRV - (SNXPCARD) -- C:\WINDOWS\system32\drivers\snxpcard.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonypvf2) -- C:\WINDOWS\System32\drivers\sonypvf2.sys (Sony Corporation)
DRV - (sonypvt2) -- C:\WINDOWS\System32\drivers\sonypvt2.sys (Sony Corporation)
DRV - (sonypvd2) -- C:\WINDOWS\system32\drivers\sonypvd2.sys (Sony Corporation)
DRV - (sonypvl2) -- C:\WINDOWS\System32\drivers\sonypvl2.sys (Sony Corporation)
DRV - (SCR131C) -- C:\WINDOWS\system32\drivers\SCR131C.sys (SCM Microsystems Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (cirrus) -- C:\WINDOWS\system32\drivers\cirrus.sys (Microsoft Corporation)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?tab=mw&hl=en&source=iglk
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes,DefaultScope = {65344CC3-9C2F-4FFC-ADC4-21D561672820}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{51430913-DF4E-485C-8157-9F3EDFBA213E}: "URL" = http://cnet.search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{65344CC3-9C2F-4FFC-ADC4-21D561672820}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{C6DFEE2A-27B1-4EEC-9A4E-1B38E5B6609D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{EE24694B-2AD6-4978-B4C2-EAE98D3F765B}: "URL" = http://www.shopzilla.com/buy/superfind.xpml?search_box=1&sfsk=0&cat_id=1&keyword={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.6.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.70
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\fred\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\fred\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 17:36:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/01 17:36:07 | 000,000,000 | ---D | M]

[2009/10/30 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fred\Application Data\Mozilla\Extensions
[2012/07/01 17:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions
[2010/09/07 05:15:51 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/07 05:15:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/09 05:53:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/01 17:36:46 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2012/02/26 09:51:06 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2012/07/01 17:37:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\foxyproxy@eric.h.jung
[2012/02/26 09:51:05 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\tineye@ideeinc.com
[2009/10/30 20:15:32 | 000,008,349 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\searchplugins\oneriot.xml
[2012/06/30 08:54:49 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\searchplugins\surf-canyon.xml
[2012/07/01 17:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 17:36:52 | 000,340,198 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/07/01 17:36:46 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/07/01 17:36:47 | 000,208,985 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2012/07/01 17:36:49 | 000,032,381 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\QUICKDRAG@MOZILLA.KTECHCOMPUTING.COM.XPI
[2012/07/01 17:36:48 | 000,072,222 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2012/07/01 17:36:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 07:45:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/01 17:36:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/01 17:36:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Cloud Reader = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/06/30 07:59:35 | 000,442,166 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 optmd.com
O1 - Hosts: 127.0.0.1 doubleclick.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15217 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1664530028-17251024-895595264-1006..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O8 - Extra context menu item: &Search - http://tbedits.couponalert.com/one-toolbaredits/menusearch.jhtml?s=100000487&p=CDxdm142S1us&si=101497_819p&a=302F0649-9AB6-42B6-8237-E4BA1376DCD0&n=2011101415 File not found
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: aa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ancestry.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: army.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: citimortgage.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dau.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: disa.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dsw.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: keysenergy.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: mymonthlycycles.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: navyfcu.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: noaa.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: osd.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: paypal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([owa.jiatfs] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ugov.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: usmc.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range78 ( in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range79 ([http] in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab (FixController Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341157801052 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://192.168.0.32/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab (Maid Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.fujifilm.net/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D552F1E-7985-4C8B-9234-A52B004D3A93}: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

***BREAK***

***CONTINUED***

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No CLSID value found.
O24 - Desktop WallPaper: C:\Documents and Settings\fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 19:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred\Desktop\troubleshoot
[2012/07/01 18:28:10 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2012/07/01 18:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HWMonitor
[2012/07/01 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/07/01 17:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/01 17:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/01 12:17:45 | 000,000,000 | ---D | C] -- C:\807a7ddf9bce4563aa
[2012/07/01 12:10:34 | 000,000,000 | ---D | C] -- C:\38d79553ca62da422c
[2012/07/01 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred\Start Menu\Programs\NirSoft BlueScreenView
[2012/07/01 11:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/07/01 11:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2012/07/01 11:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2012/06/29 22:21:42 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/06/13 18:20:55 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/12 21:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred\My Documents\TN House
[2012/06/07 05:17:36 | 000,405,504 | ---- | C] (Geovision) -- C:\WINDOWS\GeoCodec.dll
[2012/06/07 05:17:36 | 000,073,728 | ---- | C] (GeoVision Inc,.) -- C:\WINDOWS\LiveAudio.ocx
[2012/06/07 05:17:35 | 000,745,984 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\ir50_32.dll
[2012/06/07 05:17:35 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mpg4c32.dll
[2012/06/07 05:17:35 | 000,255,488 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\m3jpeg32.dll
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 19:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/07/05 19:33:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/05 19:32:07 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
[2012/07/05 19:32:06 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/05 19:28:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/05 19:23:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/05 19:23:46 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 19:23:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/05 19:23:26 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 19:16:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 18:53:56 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
[2012/07/01 17:42:35 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/01 15:06:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/01 13:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/07/01 12:22:52 | 000,528,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/01 12:22:52 | 000,097,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/01 12:17:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/01 10:47:24 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/06/30 15:28:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
[2012/06/30 07:59:35 | 000,442,166 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/29 22:16:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\fred\Local Settings\Application Data\housecall.guid.cache
[2012/06/29 19:29:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/29 19:29:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/21 10:33:04 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\fred\Desktop\HiJackThis.lnk
[2012/06/21 09:31:52 | 000,442,166 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120630-075934.backup
[2012/06/20 18:45:29 | 000,442,166 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120621-093152.backup
[2012/06/18 21:00:00 | 000,000,766 | ---- | M] () -- C:\WINDOWS\tasks\scali incremental.job
[2012/06/18 19:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/18 18:45:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/06/14 03:16:28 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 18:51:38 | 2137,038,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/01 17:42:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/01 17:36:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/29 22:16:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\housecall.guid.cache
[2012/06/07 05:17:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\GeoCodecLib.dll
[2012/06/07 05:17:35 | 000,225,280 | ---- | C] () -- C:\WINDOWS\LiveX.ocx
[2012/06/07 05:17:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\LiveClient.dll
[2012/06/07 05:17:35 | 000,052,787 | ---- | C] () -- C:\WINDOWS\Stable.xml
[2012/03/05 08:38:35 | 000,161,720 | ---- | C] () -- C:\Program Files\2pres.dll
[2012/02/14 17:46:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/14 18:24:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/12/22 17:55:14 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 18:03:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/31 18:03:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/15 12:35:49 | 000,000,088 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/03/04 18:42:25 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\fred\Application Data\Comma Separated Values (Windows).ADR
[2008/02/12 21:04:48 | 000,000,666 | RHS- | C] () -- C:\Documents and Settings\fred\ntuser.pol
[2006/11/05 09:53:47 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\fred\Application Data\dvd.bmk
[2006/11/04 17:48:34 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/19 20:54:56 | 000,491,792 | ---- | C] () -- C:\Documents and Settings\fred\TRANSFORMS=1033.mst
[2006/10/19 20:54:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\fusioncache.dat

< End of report >

3a) Extras:
OTL Extras logfile created on: 7/5/2012 7:56:20 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\fred\Desktop\troubleshoot
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.61% Memory free
3.84 Gb Paging File | 3.00 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 38.59 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 37.15 Gb Free Space | 99.78% Space Free | Partition Type: NTFS

Computer Name: E520 | User Name: fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe" = C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe:*:Enabled:CGVPNCliService.exe
"C:\Program Files\S.A.D\CyberGhost VPN\openvpn.exe" = C:\Program Files\S.A.D\CyberGhost VPN\openvpn.exe:*:Enabled:openvpn.exe
"C:\Program Files\S.A.D\CyberGhost VPN\openssl.exe" = C:\Program Files\S.A.D\CyberGhost VPN\openssl.exe:*:Enabled:openssl.exe
"C:\Program Files\S.A.D\CyberGhost VPN\tapinstall.exe" = C:\Program Files\S.A.D\CyberGhost VPN\tapinstall.exe:*:Enabled:tapinstall.exe
"C:\Program Files\S.A.D\CyberGhost VPN\CyberGhost.exe" = C:\Program Files\S.A.D\CyberGhost VPN\CyberGhost.exe:*:Enabled:CyberGhost.exe
"C:\Program Files\ActivCard\ActivCard Gold\acDiagnoWzd.exe" = C:\Program Files\ActivCard\ActivCard Gold\acDiagnoWzd.exe:*:Enabled:ActivCard Gold Advanced Diagnostics
"C:\Program Files\S.A.D\CyberGhost VPN\CGStarter.exe" = C:\Program Files\S.A.D\CyberGhost VPN\CGStarter.exe:*:Enabled:CyberGhost VPN
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\fred\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\fred\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{056BE67B-54B6-40C0-ADBF-08917FF1D4F6}" = HGTV Home & Landscape Platinum Suite 2.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16495E26-DFEC-4BCA-8E70-060C539838EE}" = MapSource - BlueChart Americas v7.5 Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254A2683-4128-47B1-85DF-7690E6119EC6}" = Garmin BlueChart Americas v9
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4221094E-82B8-43C4-94F4-A6760FC1842A}" = H&R Block Premium + Efile + State 2011
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C8139-FD1B-4EA0-AFE9-7D40050F8FF0}" = PowerMax Remote Programmer 3.0.38.9 (General)
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
"{7D25A304-C82D-41C3-85A8-3BEF84E04887}" = Garmin WebUpdater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974530D2-AE96-4C99-B549-99CADA653CE5}" = Garmin MapSource
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6272BAC-1A51-4418-933D-E6FC6C7DC42D}" = Netflix Movie Viewer
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1" = Index.dat Suite
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C89588E4-A151-489E-A393-066E503FC549}" = Dell DataSafe
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D46A8690-5E32-4BA8-BE0D-808E1EA76496}" = HGTV Home & Interior Painter
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DC5A3749-4535-4EAD-842A-DDE976CC6B38}" = PS7900
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AXIS Media Control" = AXIS Media Control
"CCleaner" = CCleaner
"ClassicFTP" = Classic FTP
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"Florida Topo" = Florida Topo Map
"Free Video Converter_is1" = Free Video Converter V 1.2
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{056BE67B-54B6-40C0-ADBF-08917FF1D4F6}" = HGTV Home & Landscape Platinum Suite 2.0
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"IrfanView" = IrfanView (remove only)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"MapSource" = MapSource
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"Photodex Presenter" = Photodex Presenter
"Pointools View 1.8 Pro" = Pointools View 1.8 Pro
"Precision Tile_is1" = Precision Tile 3.0.4
"Reading Blaster Ages 4-6" = Reading Blaster Ages 4-6
"SoftkeyLandArchDeinstKey" = Softkey Landscape Architect 1.00
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"UPCShell" = LeapFrog Connect
"VCW VicMan's Photo Editor_is1" = VCW VicMan's Photo Editor 8.0
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2012 7:14:33 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:24:15 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:24:18 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:27:44 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:32:10 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:34:41 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:37:22 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:41:53 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:55:42 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 8:01:56 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

[ OSession Events ]
Error - 6/14/2009 4:42:06 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:42:15 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:42:21 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2009 8:40:30 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2009 8:40:46 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2009 8:40:51 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:21:26 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:21:39 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:21:49 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:22:00 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2012 11:16:43 PM | Computer Name = E520 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.804.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 7/4/2012 11:50:50 PM | Computer Name = E520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2012 6:48:34 PM | Computer Name = E520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2012 6:49:42 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm Lbd MpFilter

Error - 7/5/2012 6:50:26 PM | Computer Name = E520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2012 6:53:30 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 7/5/2012 7:09:20 PM | Computer Name = E520 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 0004cdb6, parameter2 0000001c, parameter3
00000000, parameter4 804fa292.

Error - 7/5/2012 7:10:11 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 7/5/2012 7:24:31 PM | Computer Name = E520 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3
00000000, parameter4 804fa292.

Error - 7/5/2012 7:25:16 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >


4) first noticed issue back on June 20 or 21 but left town from June 21 - 30.

5) checklist complete. no new symptoms to report. no reboots today, just BSODs.

torreattack:
please read the next 2 posts in reverse order as I had to unexpectedly break my post in 2 due to character count limitations.
thank you,
fred

hi fscali:

Sorry for being late.

I suspected the blue screen was caused by Microsoft Security Essentials.

I hope you don't mind we try to "toy" with it.

1. Download one of the antivirus from the link below, but don't install it yet.
Antivir PersonalEdition Classic (http://www.free-av.com/)- Superior detection, the "free" version has no email scan.
avast! Free Antivirus (http://www.avast.com/free-antivirus-download) - Excellent detection, the freeware version includes email scanning.
Note: remember to Uncheck any extra software downloads you may be offered (optional)

2. Uninstall Microsoft Security Essentials.

3. Install the new Antivirus that you just downloaded. Try to use it for a while, see whether you Blue Screen problem solved.

4. I saw you add a lot of Military Website into your trust zone, is this computer have anything to do with Government/Military Network?

5. Please upload Minidump file
Open your browser and go to this website: http://www.sendspace.com/
Click on the picture that written Click to browse
now, go to C:\Windows\Minidump.
click on the lastest Minidump file accroding to the date.
note: example name of minidump file: Mini072808-07.dmp
Click open and then click upload.
At the Download Link section, click Copy Link.
Paste the link to me.



Thanks,
torreattack

Still having issues. Responses embedded in quote:




1. Download one of the antivirus from the link below, but don't install it yet.

Done: avast!

2. Uninstall Microsoft Security Essentials.

Done

3. Install the new Antivirus that you just downloaded. Try to use it for a while, see whether you Blue Screen problem solved.

Done. BSOD again within the hour

4. I saw you add a lot of Military Website into your trust zone, is this computer have anything to do with Government/Military Network?

Personal PC at home

5. Please upload Minidump file
Paste the link to me.

http://www.sendspace.com/file/frnot8


Thank you,
Fred

Hi fscali:

Outdated drivers are can and do cause conflicts, memory corruption and BSOD's. Update the driver through the link provided or uninstall the software it is associated with.

Try to update this software: Conexant D850 56K V.9x DFVc Modem
==>http://www.conexant.com/support/
==>http://www.conexant.com/support/md_winxpinfo.html

If after updating the software also fail to solve, try to uninstall it.
==> Conexant D850 56K V.9x DFVc Modem

Please observe for a while, then let me know about it.
If the system still crash, give me the latest minidump file as well.

torreattack

Conextant doesn't supply drivers for retail consumer devices so I went to Dell to check for hardware driver updates. Told me I was up to date so I disabled the modem in the device manager. Computer is still rebooting itself but without the BSOD so I don't have any minidumps to send. I notice it reboots anytime I start to fiddle with Dell's PC Checkup utility. This is getting frustrating.

hi fscali:

Please use erunt to create another backup before continue.




I notice it reboots anytime I start to fiddle with Dell's PC Checkup utility.
1. Do you mean if you did not run the Dell's PC Checkup utility, the computer does not reboot or gettting BSOD?
Have you try to re-install the Dell Support program?
According to your log, this file is missing: C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys, this might be the reason when fail to load the Dell program.



2. Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove:

Conexant D850 56K V.9x DFVc Modem (let's temporary remove it)
Adobe Reader 8.3.1
Spelling Dictionaries Support For Adobe Reader 8

Take extra care in answering questions posed by any Uninstaller.



3. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the code box title "Quote"

:OTL
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VPROEVENTMONITOR) -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes,DefaultScope = {65344CC3-9C2F-4FFC-ADC4-21D561672820}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{51430913-DF4E-485C-8157-9F3EDFBA213E}: "URL" = http://cnet.search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{EE24694B-2AD6-4978-B4C2-EAE98D3F765B}: "URL" = http://www.shopzilla.com/buy/superfind.xpml?search_box=1&sfsk=0&cat_id=1&keyword={searchTerms}
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O8 - Extra context menu item: &Search - http://tbedits.couponalert.com/one-t...0&n=2011101415 File not found
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: aa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ancestry.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: army.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: citimortgage.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dau.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: disa.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dsw.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: keysenergy.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: mymonthlycycles.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: navyfcu.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: noaa.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: osd.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: paypal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([owa.jiatfs] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ugov.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: usmc.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range78 ( in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range79 ([http] in Trusted sites)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
[2009/10/30 20:15:32 | 000,008,349 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\searchplugins\oneriot.xml
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No CLSID value found.
O34 - HKLM BootExecute: (lsdelete)

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\winav.exe" =-

:Files
C:\WINDOWS\system32\winav.exe
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.




4. re-scan with OTL
Please make sure OTL is on your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of ONLY OTL.txt in your next reply.




5. Checklist
Please post:
Answer about Dell Support Program and Reboot problem.
OTL fix log
OTL.txt only
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

torreattack,
embedded responses below.
thank you,
Fred


hi fscali:

Please use erunt to create another backup before continue.

Done


1. Do you mean if you did not run the Dell's PC Checkup utility, the computer does not reboot or gettting BSOD?
Have you try to re-install the Dell Support program?
According to your log, this file is missing: C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys, this might be the reason when fail to load the Dell program.

PC Checkup is not the only way to force an unwanted reboot. It also happens when I try to select the "Space" screen saver. I would assume there may be many triggers for the reboots. All of the previous reboots happened at random times before I ever looked at the PC Checkup. Many times it would occur when I was not even sitting at the computer.

2. Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove:

Conexant D850 56K V.9x DFVc Modem (let's temporary remove it)
Adobe Reader 8.3.1
Spelling Dictionaries Support For Adobe Reader 8

Take extra care in answering questions posed by any Uninstaller.

I removed all three but the modem reinstalls itself everytime a reboot happens. Also, there were no questions asked by any Uninstaller.

3. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the code box title "Quote"

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

I can not get past this step. OTL causes the machine to hang. I disabled all anti-malware/anti-virus software prior to running OTL but it just hangs at "Killing processes". I let it run/sit for over a half an hour just to make sure. The only way to get out of it was to physically turn the machine off by the On/Off button.

Hi fscali:

Let's try with another tool.

Step 1: ComboFix
Please download http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixicon1.gifComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)... Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2 (http://www.forospyware.com/sUBs/ComboFix.exe)

If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers".
Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!

The first thing you need to do is print out How-To-Use-ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix). Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
Press Yes to the Disclaimer prompt.
ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
If not already installed... Press Yes to the "Install Recovery Console" prompt.
Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer (http://img.photobucket.com/albums/v666/sUBs/New_Disclaimer_090525.gif).
** Enable your Antivirus and Firewall, before connecting to the Internet again! **


I still thinking the outdated Modem driver conflict with your Windows. However, the BSOD or reboot also may cause by Hardware Problem. Since I am not train for that issue, I only can give my "best shoot".
If after we clean the computer and the problem still occur, I had to forward you to other expect who can deal with hardware problem.

Sorry.
torreattack

combofix log below
thank you

ComboFix 12-07-11.02 - fred 07/11/2012 7:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1297 [GMT -4:00]
Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\documents and settings\fred\Recent\Thumbs.db
c:\documents and settings\fred\WINDOWS
c:\program files\Internet Explorer\SET295.tmp
c:\program files\Internet Explorer\SET29A.tmp
c:\program files\Internet Explorer\SET352.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\windows\LastGood
2012-07-10 23:09 . 2012-07-10 23:09 -------- d-----w- C:\_OTL
2012-07-08 20:48 . 2012-07-08 20:48 -------- d-----w- c:\documents and settings\fred\Application Data\Malwarebytes
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 20:47 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-01 16:17 . 2012-07-01 16:19 -------- d-----w- C:\807a7ddf9bce4563aa
2012-07-01 16:10 . 2012-07-01 16:10 -------- d-----w- C:\38d79553ca62da422c
2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-13 22:20 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 23:29 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-29 23:29 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/8/2012 4:47 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/8/2012 4:47 PM 22344]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:29]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2012-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-11 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-06-19 c:\windows\Tasks\scali incremental.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
.
2012-07-11 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aa.com
Trusted Zone: ancestry.com\www
Trusted Zone: army.mil
Trusted Zone: citimortgage.com\www
Trusted Zone: dau.mil
Trusted Zone: disa.mil
Trusted Zone: dsw.com\www
Trusted Zone: google.com\mail
Trusted Zone: keysenergy.com\www
Trusted Zone: mymonthlycycles.com\www
Trusted Zone: navyfcu.org
Trusted Zone: noaa.gov
Trusted Zone: osd.mil
Trusted Zone: paypal.com\www
Trusted Zone: southcom.mil
Trusted Zone: southcom.mil\owa.jiatfs
Trusted Zone: ugov.gov
Trusted Zone: usmc.mil
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-SWHelper - c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 07:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
Completion time: 2012-07-11 07:45:21
ComboFix-quarantined-files.txt 2012-07-11 11:45
.
Pre-Run: 43,080,146,944 bytes free
Post-Run: 44,293,406,720 bytes free
.
- - End Of File - - AA6DF3A105052B774CFB84E00C895140

Hi fscali:

I saw you are installing and running some tools like AVast and Malwarebytes Antimalware without my knowledge. Please stop doing it, because it may complicated the situation.

1. Multiple Antivirus Programs
You are running more than 1 Antivirus program!
Microsoft Security Essentials
avast! Antivirus
Running - more than one - antivirus program is not recommended because:
They can conflict with each other.
Report the other antivirus software as malicious.
Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
Can cause your computer to run slowly, become unstable and crash. I strongly suggest you uninstall one of them. Which one, is your decision.
However, personally, I would recommend you to uninstall Microsoft Security Essentials.




2. ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

ClearJavaCache::

KillAll::

DDS::
mURLSearchHooks: H - No File
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
2011-10-14 19:02:31 161720 ----a-w- c:\program files\2pres.dll

Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **




3. Download HijackThis
Download HiJackThis from here (http://downloads.malwareremoval.com/HJTInstall.exe)
NOTE: Please uninstall the older version of HiJackThis first.
Save HJTInstall.exe to your desktop
Double click on the HJTInstall.exe icon on your desktop
By default it will install to C:\Program Files\Trend Micro\HijackThis
Click on Install
It will create a HiJackThis icon on the desktop
Once installed, it will launch HiJackThis
Click I Agree and click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log
Come back here to this thread and paste the log in your next reply
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



4. Please give me an update of your problem.

Thanks,
torreattack

Sorry for the delay. Things got a little busy. Many Thanks. Responses below:


Hi fscali:

1. Multiple Antivirus Programs

avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.



2. ComboFix - CFScript

LOG:

ComboFix 12-07-13.03 - fred 07/14/2012 6:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1490 [GMT -4:00]
Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fred\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 10:03 . 2012-07-14 10:03 -------- d-----w- c:\program files\Trend Micro
2012-07-12 22:22 . 2012-07-12 22:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
2012-07-08 20:48 . 2012-07-08 20:48 -------- d-----w- c:\documents and settings\fred\Application Data\Malwarebytes
2012-07-08 20:47 . 2012-07-08 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:28 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 23:28 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_11.39.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-14 10:18 . 2012-07-14 10:18 16384 c:\windows\temp\Perflib_Perfdata_500.dat
+ 2012-07-13 05:21 . 2012-07-13 05:21 22016 c:\windows\Installer\172bc29.msi
+ 2012-07-11 23:28 . 2012-07-11 23:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-06 18:40 . 2012-07-11 23:28 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-06 18:40 . 2012-06-29 23:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-11 23:28 . 2012-07-11 23:28 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/12/2012 6:22 PM 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 2:51 PM 21744]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:28]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2012-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-14 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-06-19 c:\windows\Tasks\scali incremental.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
.
2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aa.com
Trusted Zone: ancestry.com\www
Trusted Zone: army.mil
Trusted Zone: citimortgage.com\www
Trusted Zone: dau.mil
Trusted Zone: disa.mil
Trusted Zone: dsw.com\www
Trusted Zone: google.com\mail
Trusted Zone: keysenergy.com\www
Trusted Zone: mymonthlycycles.com\www
Trusted Zone: navyfcu.org
Trusted Zone: noaa.gov
Trusted Zone: osd.mil
Trusted Zone: paypal.com\www
Trusted Zone: southcom.mil
Trusted Zone: southcom.mil\owa.jiatfs
Trusted Zone: ugov.gov
Trusted Zone: usmc.mil
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 06:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-14 06:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 10:25
ComboFix2.txt 2012-07-11 11:45
.
Pre-Run: 43,900,420,096 bytes free
Post-Run: 43,827,171,328 bytes free
.
- - End Of File - - 0527534473632328EE0EA1C627ADFDDE


3. Download HijackThis

LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:37 AM, on 7/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.aa.com
O15 - Trusted Zone: http://www.ancestry.com
O15 - Trusted Zone: *.army.mil
O15 - Trusted Zone: *.dau.mil
O15 - Trusted Zone: *.disa.mil
O15 - Trusted Zone: http://www.dsw.com
O15 - Trusted Zone: http://www.keysenergy.com
O15 - Trusted Zone: http://www.mymonthlycycles.com
O15 - Trusted Zone: *.navyfcu.org
O15 - Trusted Zone: *.noaa.gov
O15 - Trusted Zone: *.osd.mil
O15 - Trusted Zone: *.southcom.mil
O15 - Trusted Zone: *.ugov.gov
O15 - Trusted Zone: *.usmc.mil
O15 - Trusted IP range: 192.168.0.254
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} -
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} (SyncXfer Class) - http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341157801052
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.0.32/activex/AMC.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.fujifilm.net/upload/FujifilmUploadClient.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: ActivClient Auto-Update Service (acautoupdate) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 15533 bytes

Hi fscali:


avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.

Do you mean you already uninstall MSE and MBAM but the logs still showing them?

Please give me an update of your problem.

thanks,
torreattack

yes I uninstalled MSSE and installed avast when you first told me to. MSSE does not show up in my "Add/Remove Programs" screen nor can I find any forders or services running.

the machine still dies and reboots upon the same actions mentioned before (activating the "Space" screensaver, scrolling on the PC Check Utility Screen...)

Hi fscali:

Let's remove the leftover.

1. ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

KillAll::

Driver::
Lbd
MBAMSwissArmy
"Lavasoft Kernexplorer"
"Lavasoft Ad-Aware Service"

File::
c:\windows\system32\drivers\mbamswissarmy.sys
c:\windows\system32\DRIVERS\Lbd.sys

Folder::
"c:\documents and settings\fred\Application Data\Malwarebytes"
"c:\documents and settings\All Users\Application Data\Malwarebytes"
"c:\program files\Lavasoft"


Save it to your desktop as CFScript.txt
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif

This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **



In my opinion, better don't add any website in Trusted zone except your ISP.

2. Fix HiJackThis Entries
Open HiJackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present):

O15 - Trusted Zone: *.aa.com
O15 - Trusted Zone: http://www.ancestry.com
O15 - Trusted Zone: *.army.mil
O15 - Trusted Zone: *.dau.mil
O15 - Trusted Zone: *.disa.mil
O15 - Trusted Zone: http://www.dsw.com
O15 - Trusted Zone: http://www.keysenergy.com
O15 - Trusted Zone: http://www.mymonthlycycles.com
O15 - Trusted Zone: *.navyfcu.org
O15 - Trusted Zone: *.noaa.gov
O15 - Trusted Zone: *.osd.mil
O15 - Trusted Zone: *.southcom.mil
O15 - Trusted Zone: *.ugov.gov
O15 - Trusted Zone: *.usmc.mil
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) -

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.


3. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
First please Disable any Antivirus you have active, as shown in This topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/home/products/online-scanner)
Then click on Run ESET Online Scanner

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following: Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.



4. Since your computer is still giving BSOD, can you kindly upload another new minidump file?

thanks,
torreattack

Log below. Looks like we got rid of the additional MBAM files but not the MSSE.
Will run ESET next.

ComboFix 12-07-14.01 - fred 07/15/2012 12:25:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1405 [GMT -4:00]
Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fred\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\system32\drivers\mbamswissarmy.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Malwarebytes
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-08.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-10.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-11.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-12.txt
c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\documents and settings\fred\Application Data\Malwarebytes
c:\documents and settings\fred\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-07-08 (16-51-55).txt
c:\windows\system32\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_LBD
-------\Legacy_MBAMSWISSARMY
-------\Service_Lavasoft Ad-Aware Service
-------\Service_Lavasoft Kernexplorer
-------\Service_Lbd
-------\Service_MBAMSwissArmy
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-14 10:03 . 2012-07-14 10:03 -------- d-----w- c:\program files\Trend Micro
2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:28 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 23:28 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_11.39.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-15 16:43 . 2012-07-15 16:43 16384 c:\windows\temp\Perflib_Perfdata_530.dat
+ 2012-07-13 05:21 . 2012-07-13 05:21 22016 c:\windows\Installer\172bc29.msi
+ 2012-07-11 23:28 . 2012-07-11 23:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-11 22:28 . 2012-07-11 22:28 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-06 18:40 . 2012-07-11 23:28 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-06 18:40 . 2012-06-29 23:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-11 23:28 . 2012-07-11 23:28 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 2:51 PM 21744]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:28]
.
2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
.
2012-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
- c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
.
2012-07-15 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
.
2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
.
2012-06-19 c:\windows\Tasks\scali incremental.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
.
2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
.
2012-07-15 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aa.com
Trusted Zone: ancestry.com\www
Trusted Zone: army.mil
Trusted Zone: citimortgage.com\www
Trusted Zone: dau.mil
Trusted Zone: disa.mil
Trusted Zone: dsw.com\www
Trusted Zone: google.com\mail
Trusted Zone: keysenergy.com\www
Trusted Zone: mymonthlycycles.com\www
Trusted Zone: navyfcu.org
Trusted Zone: noaa.gov
Trusted Zone: osd.mil
Trusted Zone: paypal.com\www
Trusted Zone: southcom.mil
Trusted Zone: southcom.mil\owa.jiatfs
Trusted Zone: ugov.gov
Trusted Zone: usmc.mil
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 12:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\program files\ActivIdentity\ActivClient\aipingui.dll
c:\program files\ActivIdentity\ActivClient\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(5040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-15 12:52:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 16:51
ComboFix2.txt 2012-07-14 10:25
ComboFix3.txt 2012-07-11 11:45
.
Pre-Run: 43,810,926,592 bytes free
Post-Run: 43,780,136,960 bytes free
.
- - End Of File - - 9840933087256F4E2AD8B77AEE8439AA

Here's my ESET log. Nothing found. Combofix log is in the next post.
I am not getting BSODs anymore. When it crashes it just reboots immediately.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9a594ec0afa3b94f80442e8747082d1d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-15 09:12:28
# local_time=2012-07-15 05:12:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=136413
# found=0
# cleaned=0
# scan_time=5186

torreattack,
a little more info on the crash/reboot: I'm not getting the BSOD, it just does an immediate power off reboot. it is different than a soft reboot because the power indicator light goes completely out for about a half second as the machine completely powers off.
two other posts below.
thanks,
Fred

Hi fscali:


avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.
Sorry for the misunderstanding. I though you mean you had uninstall MSE and MBAM. You may reinstall MBAM back if you want to.



I am not getting BSODs anymore. When it crashes it just reboots immediately.
Glad to hear the BSOD problem solved. As for the reboot problem, I don't think it is caused by malware. Your logs look ok to me.


I will try my luck to deal with the reboot problem with the following method, if still fail to solve, I had no choice but sent you to other expert. Sorry.

1. Do you have a Genuine XP CD-ROM and if so does it it include a Service Pack and if so which one?


2. System File Check:
You must login as administrator to perform this.

Close all open applications/windows etc.

Click on Start >> Run...
Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
Click on OK
System File Checker will now scan all protected files to verify their versions.



3. Farbar Service Scanner (FSS)
Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/) ... by Farbar and save it to your Desktop.
Double click FSS.exe to run it on the computer with the issue.
Make sure the following options are checked:

Internet Services (checked by default)
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Press the "Scan" button.
When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
Please copy and paste the contents of the FSS.txt log to your reply.
Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.



4. VEW - Vino's Event Viewer
Please download VEW.exe (http://images.malwareremoval.com/vino/VEW.exe)... by Vino Rosso. Save it to your desktop.
Double click on VEW.exe to start the program. If you recieve an "Open File" security warning, press Run.
In the "Select log to query" section check:
Application
System
In the "Select type to list" section check:
Error
Information
Warning
In the "Number or dates of events" section check :
Number of events... then enter 20 in the entry box.

Press the Run button.
When the process completes, it only takes a few seconds...
Notepad will open with a report file named: VEW.txt... located on %SystemDrive%\VEW.txt ... usually C:\VEW.txt.
Please copy and paste the contents of the VEW.txt file, in your next reply.

thanks,
torreattack

torreattack
no need to appologize. I appreciate the time you are taking to assist!

1. I have the Dell reinstallation disc for XP but...
2. When I run the SFC it askes specifically for the SP3 disc and I guess the one I have is not the right one so I can not complete the SFC.

3. and 4. the FSS and VEW logs are below:

Farbar Service Scanner Version: 08-07-2012
Ran by fred (administrator) on 16-07-2012 at 20:21:42
Running from "C:\Documents and Settings\fred\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Demand. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****







Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/07/2012 8:24:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 8:23:20 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:23:04 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:21:16 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:17:51 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:17:16 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:16:02 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:13:03 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 8:09:22 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 734037209.

Log: 'Application' Date/Time: 16/07/2012 8:09:18 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/07/2012 8:08:20 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/07/2012 8:07:19 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/07/2012 7:49:35 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 16/07/2012 6:09:52 AM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 9:23:27 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:38:51 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:18:58 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:12:38 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:11:08 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 8:07:29 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


Log: 'Application' Date/Time: 15/07/2012 5:22:25 PM
Type: error Category: 3
Event: 3083 Source: Windows Search Service
The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 8:13:08 PM
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:56 PM
Type: information Category: 3
Event: 3044 Source: Windows Search Service
The gatherer index resumed.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 16/07/2012 8:12:53 PM
Type: information Category: 0
Event: 0 Source: iPod Service
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:25 PM
Type: information Category: 1
Event: 1003 Source: Windows Search Service
The Windows Search Service started.


Log: 'Application' Date/Time: 16/07/2012 8:12:17 PM
Type: information Category: 3
Event: 302 Source: ESENT
Windows (3252) Windows: The database engine has successfully completed recovery steps.

Log: 'Application' Date/Time: 16/07/2012 8:12:16 PM
Type: information Category: 3
Event: 301 Source: ESENT
Windows (3252) Windows: The database engine has begun replaying logfile C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log.

Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
Type: information Category: 3
Event: 300 Source: ESENT
Windows (3252) Windows: The database engine is initiating recovery steps.

Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
Type: information Category: 1
Event: 102 Source: ESENT
Windows (3252) Windows: The database engine started a new instance (0).

Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
Type: information Category: 1
Event: 100 Source: ESENT
SearchIndexer (3252) The database engine 5.01.2600.5512 started.

Log: 'Application' Date/Time: 16/07/2012 8:12:14 PM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: information Category: 0
Event: 0 Source: MSCamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: information Category: 0
Event: 0 Source: MSCamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: information Category: 0
Event: 0 Source: MSCamSvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 100 Source: Bonjour Service
Service started


Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
Type: information Category: 0
Event: 100 Source: Bonjour Service
Service initialized

Log: 'Application' Date/Time: 16/07/2012 8:12:07 PM
Type: information Category: 0
Event: 100 Source: Bonjour Service
Service initializing

Log: 'Application' Date/Time: 16/07/2012 7:50:14 PM
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 16/07/2012 7:49:15 PM
Type: information Category: 0
Event: 0 Source: gupdatem
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 8:10:17 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 5:21:37 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 12:43:24 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 15/07/2012 12:41:54 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user E520\fred registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 15/07/2012 12:39:32 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 14/07/2012 6:49:47 AM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 14/07/2012 6:18:47 AM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 14/07/2012 6:17:21 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user E520\fred registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 14/07/2012 6:15:33 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 12/07/2012 7:38:04 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 12/07/2012 6:24:54 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 12/07/2012 6:21:38 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 12/07/2012 5:46:58 AM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/07/2012 6:21:37 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/07/2012 5:42:54 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 10/07/2012 8:01:35 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 10/07/2012 8:01:35 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 10/07/2012 8:01:22 PM
Type: warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

Log: 'Application' Date/Time: 10/07/2012 7:18:31 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:04:33 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:26 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:19 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:12 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:04:05 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:58 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:51 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:44 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:38 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:30 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:23 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:16 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:09 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:03:02 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:55 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:48 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:41 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:34 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:27 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 16/07/2012 8:02:20 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:20:50 PM
Type: information Category: 0
Event: 64018 Source: Windows File Protection
Windows File Protection file scan was cancelled by user interaction, user name is fred.

Log: 'System' Date/Time: 16/07/2012 8:20:49 PM
Type: information Category: 0
Event: 64021 Source: Windows File Protection
The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

Log: 'System' Date/Time: 16/07/2012 8:20:45 PM
Type: information Category: 0
Event: 64021 Source: Windows File Protection
The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

Log: 'System' Date/Time: 16/07/2012 8:20:30 PM
Type: information Category: 0
Event: 64021 Source: Windows File Protection
The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

Log: 'System' Date/Time: 16/07/2012 8:19:23 PM
Type: information Category: 0
Event: 26 Source: Application Popup
Application popup: Windows File Protection : Possible reasons for this problem:
• You have inserted the wrong CD. (i.e., a different Windows product CD than the version installed)
• The CD-ROM drive in your system is not functioning.

Log: 'System' Date/Time: 16/07/2012 8:19:19 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:19:13 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:19:13 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:19:08 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:19:02 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:19:02 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:16:38 PM
Type: information Category: 0
Event: 64016 Source: Windows File Protection
Windows File Protection file scan was started.

Log: 'System' Date/Time: 16/07/2012 8:14:49 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:14:43 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:14:43 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:14:15 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:14:09 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 16/07/2012 8:14:09 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 16/07/2012 8:13:48 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 16/07/2012 8:13:41 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:04:40 PM
Type: warning Category: 0
Event: 51 Source: Cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 16/07/2012 9:49:48 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 16/07/2012 6:09:34 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 15/07/2012 9:24:41 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\COLLEEN-HP on the network \Device\NetBT_Tcpip_{1D552F1E-7985-4C8B-9234-A52B004D3A93}. The data is the error code.

Log: 'System' Date/Time: 15/07/2012 8:33:24 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 15/07/2012 8:01:05 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 14/07/2012 9:45:00 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 13/07/2012 10:29:26 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 12/07/2012 8:48:25 PM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 12/07/2012 7:37:49 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001676CC95FC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 12/07/2012 6:42:44 AM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 11/07/2012 8:29:24 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 11/07/2012 6:14:48 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 10/07/2012 9:35:42 PM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 10/07/2012 8:28:59 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 10/07/2012 7:21:28 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 10/07/2012 6:45:15 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 08/07/2012 8:07:18 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\COLLEEN-HP on the network \Device\NetBT_Tcpip_{1D552F1E-7985-4C8B-9234-A52B004D3A93}. The data is the error code.

Log: 'System' Date/Time: 08/07/2012 7:59:21 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 08/07/2012 7:05:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Hi fscali:

It is hard to tell what cause the reboot, I only can give you the Trial and Error game.

Based on your log, these are some software /application that created some warning or error in your computer.

Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Windows Live OneCare safety scanner
Windows Search 4.0

Let's remove them and observe whether the situation improve. If not, you may reinstall them.


1. Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove:
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Windows Live OneCare safety scanner
Windows Search 4.0

Take extra care in answering questions posed by any Uninstaller.


2. Reinstall Adobe Reader
You should Download and Install the newest version of Adobe Reader for reading pdf files.
Older versions may have vulnerabilities that malware can use to infect your system.
Go Here (http://get.adobe.com/uk/reader/) to download and install Adobe Reader.
Note: remember to Uncheck any extra software downloads you may be offered (optional)


3. Can you try to check whether the computer is still rebooting when it is disconnect from you local area network or offline?

thanks,
torreattack

No luck yet:
1. Removed all but Google Update Helper because it was not listed in the Add/Remove Programs window.
2. Installed Adobe Reader X
3. Reboot happens w/ network cable disconnected.

Hi fscali :


it is different than a soft reboot because the power indicator light goes completely out for about a half second as the machine completely powers off.
:oops: Sound like a hardware problem, I suggest you start with Memory Test.


Not a Malware Issue
Your problem does not appear to be "malware" related. The Malware Removal forum deals with removing malware.
Since I am not train to deal with hardware problem and had run out of idea, I am sorry but I had no choice, I have to forward you to other expert. Sorry for wasting a lot of your valuable time. :sad:

I suggest you try a PC troubleshooting forum. Links for some are provided below.
These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
Registration is free, it only takes a few minutes.
Malwaremoval forum (http://www.malwareremoval.com/forum/viewforum.php?f=197)
The Elder Geek on Windows (http://www.theeldergeek.com/forum/)
BleepingComputer.com (http://www.bleepingcomputer.com/forums/)
WhattheTech...formerly TomCoyote (http://forums.whatthetech.com/forums.html)

If you have any questions or require additional malware help, please let me know.

=========================================================================================

Let's do some housekeeping before you leave.

Time for some housekeeping

Click on Start >> Run...
Now type in ComboFix /Uninstall into the box and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next

Clean up with OTL
Double click OTL.exe to run it.
This tool will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.


Re-enable Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.



Now we needed to deal with security vulnerabilities

Your Mozilla Firefox is outdated
In the Firefox browser click Help > Check for updates to install the latest version.



Here are some free programs I recommend that could help you improve your computer's security.

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.

WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE (http://www.winpatrol.com/)


MVPS Hosts
MVPS Hosts File From Here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE (http://www.mvps.org/winhelp2002/hosts.htm)


Update your programs regularly
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960)

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing!


thanks,
torreattack

OK, thank you for your time.