rebooting and blue screening

[fscali]

Please assist:
XP PC keeps auto-rebooting in normal mode. MS Security Essentials could not finish a full scan.
Rebooted in safe mode and MS Sec Essentials found some trojans that I removed. Scan now shows clean but still auto-rebooting in normal mode and just got a blue screen in safe mode.
Thank you.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 16:19:02 on 2012-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1676 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
uWindow Title = Windows Internet Explorer provided by Fred
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161313078296
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://192.168.0.32/activex/AMC.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.fujifilm.net/upload/FujifilmUploadClient.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
TCP: Interfaces\{1D552F1E-7985-4C8B-9234-A52B004D3A93} : DhcpNameServer = 205.152.144.23 205.152.132.23
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\og8o1s63.default\
FF - plugin: c:\progra~1\gradkell\dbsign~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2006-11-4 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2006-11-4 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2006-11-4 430670]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
S1 MpKsl5be464aa;MpKsl5be464aa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl5be464aa.sys [2012-6-30 29904]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2006-11-4 64093]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
S2 acautoupdate;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-6-3 51240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-10 133104]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2009-2-11 45696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-10 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2012-1-6 33792]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2010-4-24 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2010-4-24 13312]
S3 Normandy;Normandy SR2; [x]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-1-1 21648]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-11-7 57856]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-11-7 57856]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [2006-11-9 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [2006-11-9 76800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
.
=============== Created Last 30 ================
.
2012-06-30 19:29:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl5be464aa.sys
2012-06-30 19:24:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl18135ea5.sys
2012-06-30 19:18:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl695cd666.sys
2012-06-30 19:10:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl87d05b93.sys
2012-06-30 19:04:21 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl45835a53.sys
2012-06-30 18:58:52 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslf635e0bf.sys
2012-06-30 18:53:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl3817c498.sys
2012-06-30 18:47:58 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslf778628b.sys
2012-06-30 18:42:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslbd1619d3.sys
2012-06-30 18:36:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl4f5ac84f.sys
2012-06-30 12:39:42 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslfb03fe64.sys
2012-06-30 02:21:48 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl508db6b0.sys
2012-06-30 02:21:42 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-30 02:00:49 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslfc3b2d2f.sys
2012-06-30 01:53:56 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslce3c7c89.sys
2012-06-30 01:17:55 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl661b5313.sys
2012-06-30 00:28:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl09e9f3d8.sys
2012-06-30 00:23:05 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl96e9e01e.sys
2012-06-30 00:17:39 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl4dd1c5ce.sys
2012-06-30 00:12:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsldaf308c9.sys
2012-06-30 00:06:30 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl7f03d061.sys
2012-06-30 00:01:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl92ca4db0.sys
2012-06-29 23:55:39 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsle2a11b31.sys
2012-06-29 23:50:12 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsl05af7a5d.sys
2012-06-29 23:44:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslfe91dda4.sys
2012-06-29 23:39:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKslaa8da782.sys
2012-06-29 23:19:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\MpKsld9291a1b.sys
2012-06-29 23:18:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2159242b-921e-46ae-b98d-bfef8cf1fcae}\mpengine.dll
2012-06-21 14:13:20 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search
2012-06-21 12:33:47 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-21 12:32:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-21 12:32:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-13 22:20:55 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 09:17:36 73728 ----a-w- c:\windows\LiveAudio.ocx
2012-06-07 09:17:36 405504 ----a-w- c:\windows\GeoCodec.dll
2012-06-07 09:17:36 176128 ----a-w- c:\windows\GeoCodecLib.dll
2012-06-07 09:17:35 745984 ----a-w- c:\windows\ir50_32.dll
2012-06-07 09:17:35 413760 ----a-w- c:\windows\mpg4c32.dll
2012-06-07 09:17:35 255488 ----a-w- c:\windows\m3jpeg32.dll
2012-06-07 09:17:35 225280 ----a-w- c:\windows\LiveX.ocx
2012-06-07 09:17:35 208896 ----a-w- c:\windows\LiveClient.dll
.
==================== Find3M ====================
.
2012-06-29 23:29:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 23:29:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-07 00:27:44 2487 ----a-w- C:\idsuite_run.bat
2011-10-14 19:02:31 161720 ----a-w- c:\program files\2pres.dll
.
============= FINISH: 16:20:10.48 ===============

[torreattack]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hi fscali and welcome to Safer-Networking

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer


Please observe these rules while we work:

• Perform all actions in the order given.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Stick with it till you're given the all clear.
• Remember, absence of symptoms does not mean the infection is all gone.
• Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
• Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

• If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
• If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

By the way, while waiting, please answer these question.

1. Is this a business, corporate, institutional computer or used in such an environment?
   Please read: Personal computer
   
2. How do you obtain Microsoft Office Enterprise 2007?
3. What is the last thing you do before the blue screen happen? Install or remove a software, hardware or driver?

Thank you for your patience.
torreattack

[fscali]

torreattack:
Thank you for taking the time to assist me.
Quick answers to your questions:
1. Personal PC
2. Group license through my job.
3. No hardware, software, or drivers were installed/uninstalled by any deliberate action on my part. The blue screen is rare. The reboot (when running in normal mode) is frequent. I am operating in safe mode now with no apparent issues.

1. Is this a business, corporate, institutional computer or used in such an environment?
   Please read: Personal computer
   
2. How do you obtain Microsoft Office Enterprise 2007?
3. What is the last thing you do before the blue screen happen? Install or remove a software, hardware or driver?

[torreattack]

hi fscali:

Let's dig deeper.

You have Spybot-S&D installed, TeaTimer needs to be disabled so that its protection does not interfere with fixes. Please disabled it.
note:You can find the instruction here.

1. RogueKiller

1. Please download RogueKiller by Tigzy and save it to your desktop.
2. Allow the download if prompted by your security software and please close all your programs.
3. Double click on RogueKiller.exe to run it.
4. If it does not run, please try a few times.
5. Wait for PreScan to finish, then click on Scan.
6. Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
7. Please copy and paste the contents of that log in your next reply.

2. aswMBR.exe
Please download aswMBR and save it to your Desktop.

1. Double click aswMBR.exe to run it.
2. Click Yes to the prompt to download Avast! virus definitions.
   (Please be patient whilst the virus definitions download)
3. With the AVscan set to Quick Scan, click the Scan button.
   (Please be patient whilst your computer is scanned.)
4. After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
5. Click OK > Exit.
6. Note: Do not attempt to fix anything at this stage!
7. Two files will be created, aswMBR.txt & a file named MBR.dat.
8. MBR.dat is a backup of the MBR(master boot record), do not delete it..
9. I strongly suggest you keep a copy of this backup stored on an external device.
10. Copy & Paste the contents of aswMBR.txt into your next reply.

3. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.

1. Double click on OTL.exe to run it.
2. Under Output, ensure that Minimal Output is selected.
3. Click the Scan All Users checkbox.
   Leave the remaining selections to the default settings.
4. Click on Run Scan at the top left hand corner.
5. When done, two Notepad files will open.
   
   • OTL.txt <-- Will be opened, maximized
   • Extras.txt <-- Will be minimized on task bar.
6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

4. When did this "auto-rebooting in normal mode" start to happen?


5. Checklist
Please post:

• RKreport[1].txt
• aswMBR.txt
• OTL.txt and Extra.txt
• An update on your problems

note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

[fscali]

I have a quick question before I start:
I have been operating in safe mode with the real time protection of both Tea Timer and MSSE disabled. Do you want me to execute your directions running in normal or safe mode? Either way I will disable Tea Timer.

[torreattack]

Try to run them it normal mode.

If fail, then again in safe mode.

In both mode, please disable the teatimer.

thanks,
torreattack

[fscali]

Suffered thru a couple of BSODs but completed all scans in normal mode.

1) RK:
RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: fred [Admin rights]
Mode: Scan -- Date: 07/05/2012 19:03:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 optmd.com
127.0.0.1 doubleclick.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ARRAY +++++
--- User ---
[MBR] ccda41b3ebd9b46d65a2c65edb9077f9
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 109638 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 224669025 | Size: 38122 Mo
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302744925 | Size: 4753 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



2) aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-05 19:24:40
-----------------------------
19:24:40.087 OS Version: Windows 5.1.2600 Service Pack 3
19:24:40.087 Number of processors: 2 586 0xF06
19:24:40.087 ComputerName: E520 UserName: fred
19:24:46.774 Initialize success
19:24:59.834 AVAST engine defs: 12070501
19:25:03.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:25:03.677 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
19:25:03.677 Disk 0 MBR read successfully
19:25:03.693 Disk 0 MBR scan
19:25:03.708 Disk 0 unknown MBR code
19:25:03.724 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:25:03.740 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109638 MB offset 112455
19:25:03.755 Disk 0 Partition - 00 0F Extended LBA 38122 MB offset 224669025
19:25:03.787 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302744925
19:25:03.927 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38122 MB offset 224669088
19:25:03.943 Disk 0 scanning sectors +312480315
19:25:04.037 Disk 0 scanning C:\WINDOWS\system32\drivers
19:25:30.329 Service scanning
19:25:52.670 Service MpKsleb500f47 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF488E69-C7BB-4E35-BB7F-CEC44A693821}\MpKsleb500f47.sys **LOCKED** 32
19:26:11.167 Modules scanning
19:26:17.494 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:26:18.134 Disk 0 trace - called modules:
19:26:18.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:26:18.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a828ab8]
19:26:18.166 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a827030]
19:26:18.681 AVAST engine scan C:\WINDOWS
19:26:29.398 AVAST engine scan C:\WINDOWS\system32
19:31:28.196 AVAST engine scan C:\WINDOWS\system32\drivers
19:32:02.503 AVAST engine scan C:\Documents and Settings\fred
19:34:40.073 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\MBR.dat"
19:34:40.073 The log file has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-05 19:24:40
-----------------------------
19:24:40.087 OS Version: Windows 5.1.2600 Service Pack 3
19:24:40.087 Number of processors: 2 586 0xF06
19:24:40.087 ComputerName: E520 UserName: fred
19:24:46.774 Initialize success
19:24:59.834 AVAST engine defs: 12070501
19:25:03.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:25:03.677 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 3
19:25:03.677 Disk 0 MBR read successfully
19:25:03.693 Disk 0 MBR scan
19:25:03.708 Disk 0 unknown MBR code
19:25:03.724 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:25:03.740 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109638 MB offset 112455
19:25:03.755 Disk 0 Partition - 00 0F Extended LBA 38122 MB offset 224669025
19:25:03.787 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302744925
19:25:03.927 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38122 MB offset 224669088
19:25:03.943 Disk 0 scanning sectors +312480315
19:25:04.037 Disk 0 scanning C:\WINDOWS\system32\drivers
19:25:30.329 Service scanning
19:25:52.670 Service MpKsleb500f47 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF488E69-C7BB-4E35-BB7F-CEC44A693821}\MpKsleb500f47.sys **LOCKED** 32
19:26:11.167 Modules scanning
19:26:17.494 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:26:18.134 Disk 0 trace - called modules:
19:26:18.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:26:18.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a828ab8]
19:26:18.166 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a827030]
19:26:18.681 AVAST engine scan C:\WINDOWS
19:26:29.398 AVAST engine scan C:\WINDOWS\system32
19:31:28.196 AVAST engine scan C:\WINDOWS\system32\drivers
19:32:02.503 AVAST engine scan C:\Documents and Settings\fred
19:34:40.073 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\MBR.dat"
19:34:40.073 The log file has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.txt"
19:50:48.505 AVAST engine scan C:\Documents and Settings\All Users
19:54:52.648 Scan finished successfully
19:55:39.954 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\MBR.dat"
19:55:40.001 The log file has been saved successfully to "C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.txt"


3) OTL:
OTL logfile created on: 7/5/2012 7:56:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\fred\Desktop\troubleshoot
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.61% Memory free
3.84 Gb Paging File | 3.00 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 38.59 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 37.15 Gb Free Space | 99.78% Space Free | Partition Type: NTFS

Computer Name: E520 | User Name: fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\fred\Desktop\troubleshoot\aswMBR.exe (AVAST Software)
PRC - C:\Documents and Settings\fred\Desktop\troubleshoot\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\LcProxy.ax ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (acautoupdate) -- C:\Program Files\ActivIdentity\ActivClient\acautoup.exe (ActivIdentity)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VPROEVENTMONITOR) -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Normandy) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\fred\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (MpKsleb500f47) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF488E69-C7BB-4E35-BB7F-CEC44A693821}\MpKsleb500f47.sys (Microsoft Corporation)
DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)
DRV - (SCR3XX2K) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (SCR3xx USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (OlyCamComm) -- C:\WINDOWS\system32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (LGII2CDevice) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (LGDDCDevice) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (SNXPPALX) -- C:\WINDOWS\system32\drivers\snxppalx.sys ()
DRV - (SNXPCARD) -- C:\WINDOWS\system32\drivers\snxpcard.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonypvf2) -- C:\WINDOWS\System32\drivers\sonypvf2.sys (Sony Corporation)
DRV - (sonypvt2) -- C:\WINDOWS\System32\drivers\sonypvt2.sys (Sony Corporation)
DRV - (sonypvd2) -- C:\WINDOWS\system32\drivers\sonypvd2.sys (Sony Corporation)
DRV - (sonypvl2) -- C:\WINDOWS\System32\drivers\sonypvl2.sys (Sony Corporation)
DRV - (SCR131C) -- C:\WINDOWS\system32\drivers\SCR131C.sys (SCM Microsystems Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (cirrus) -- C:\WINDOWS\system32\drivers\cirrus.sys (Microsoft Corporation)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061016
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?tab=mw&hl=en&source=iglk
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes,DefaultScope = {65344CC3-9C2F-4FFC-ADC4-21D561672820}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm142S1us&ptnrS=CDxdm142S1us&si=101497_819p&ptb=302F0649-9AB6-42B6-8237-E4BA1376DCD0&ind=2011101415&n=77def8e7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{51430913-DF4E-485C-8157-9F3EDFBA213E}: "URL" = http://cnet.search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{65344CC3-9C2F-4FFC-ADC4-21D561672820}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{C6DFEE2A-27B1-4EEC-9A4E-1B38E5B6609D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\SearchScopes\{EE24694B-2AD6-4978-B4C2-EAE98D3F765B}: "URL" = http://www.shopzilla.com/buy/superfind.xpml?search_box=1&sfsk=0&cat_id=1&keyword={searchTerms}
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1664530028-17251024-895595264-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.6.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.70
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\fred\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\fred\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 17:36:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/01 17:36:07 | 000,000,000 | ---D | M]

[2009/10/30 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fred\Application Data\Mozilla\Extensions
[2012/07/01 17:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions
[2010/09/07 05:15:51 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/07 05:15:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/09 05:53:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/01 17:36:46 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2012/02/26 09:51:06 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2012/07/01 17:37:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\foxyproxy@eric.h.jung
[2012/02/26 09:51:05 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\extensions\tineye@ideeinc.com
[2009/10/30 20:15:32 | 000,008,349 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\searchplugins\oneriot.xml
[2012/06/30 08:54:49 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\searchplugins\surf-canyon.xml
[2012/07/01 17:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 17:36:52 | 000,340,198 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/07/01 17:36:46 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/07/01 17:36:47 | 000,208,985 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2012/07/01 17:36:49 | 000,032,381 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\QUICKDRAG@MOZILLA.KTECHCOMPUTING.COM.XPI
[2012/07/01 17:36:48 | 000,072,222 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FRED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LU62K214.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2012/07/01 17:36:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 07:45:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/01 17:36:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/01 17:36:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\fred\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Cloud Reader = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/06/30 07:59:35 | 000,442,166 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 optmd.com
O1 - Hosts: 127.0.0.1 doubleclick.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15217 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1664530028-17251024-895595264-1006..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O8 - Extra context menu item: &Search - http://tbedits.couponalert.com/one-t...0&n=2011101415 File not found
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: aa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ancestry.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: army.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: citimortgage.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dau.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: disa.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: dsw.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: keysenergy.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: mymonthlycycles.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: navyfcu.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: noaa.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: osd.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: paypal.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: southcom.mil ([owa.jiatfs] https in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: ugov.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Domains: usmc.mil ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range78 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-1664530028-17251024-895595264-1006\..Trusted Ranges: Range79 ([http] in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Module...plets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_4.cab (FixController Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1341157801052 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://192.168.0.32/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab (Maid Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/C...CamControl.ocx (CamImage Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.fujifilm.net/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/dev...e/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D552F1E-7985-4C8B-9234-A52B004D3A93}: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

***BREAK***

[fscali]

***CONTINUED***

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No CLSID value found.
O24 - Desktop WallPaper: C:\Documents and Settings\fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 19:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred\Desktop\troubleshoot
[2012/07/01 18:28:10 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2012/07/01 18:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HWMonitor
[2012/07/01 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/07/01 17:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/01 17:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/01 12:17:45 | 000,000,000 | ---D | C] -- C:\807a7ddf9bce4563aa
[2012/07/01 12:10:34 | 000,000,000 | ---D | C] -- C:\38d79553ca62da422c
[2012/07/01 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred\Start Menu\Programs\NirSoft BlueScreenView
[2012/07/01 11:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/07/01 11:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2012/07/01 11:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2012/06/29 22:21:42 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/06/13 18:20:55 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/12 21:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred\My Documents\TN House
[2012/06/07 05:17:36 | 000,405,504 | ---- | C] (Geovision) -- C:\WINDOWS\GeoCodec.dll
[2012/06/07 05:17:36 | 000,073,728 | ---- | C] (GeoVision Inc,.) -- C:\WINDOWS\LiveAudio.ocx
[2012/06/07 05:17:35 | 000,745,984 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\ir50_32.dll
[2012/06/07 05:17:35 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\mpg4c32.dll
[2012/06/07 05:17:35 | 000,255,488 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\m3jpeg32.dll
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 19:48:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/07/05 19:33:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/05 19:32:07 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
[2012/07/05 19:32:06 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/05 19:28:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/05 19:23:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/05 19:23:46 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 19:23:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/05 19:23:26 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 19:16:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 18:53:56 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
[2012/07/01 17:42:35 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/01 15:06:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/01 13:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/07/01 12:22:52 | 000,528,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/01 12:22:52 | 000,097,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/01 12:17:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/01 10:47:24 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/06/30 15:28:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
[2012/06/30 07:59:35 | 000,442,166 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/29 22:16:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\fred\Local Settings\Application Data\housecall.guid.cache
[2012/06/29 19:29:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/29 19:29:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/21 10:33:04 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\fred\Desktop\HiJackThis.lnk
[2012/06/21 09:31:52 | 000,442,166 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120630-075934.backup
[2012/06/20 18:45:29 | 000,442,166 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120621-093152.backup
[2012/06/18 21:00:00 | 000,000,766 | ---- | M] () -- C:\WINDOWS\tasks\scali incremental.job
[2012/06/18 19:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/18 18:45:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/06/14 03:16:28 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[50 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 18:51:38 | 2137,038,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/01 17:42:35 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/01 17:36:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/29 22:16:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\housecall.guid.cache
[2012/06/07 05:17:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\GeoCodecLib.dll
[2012/06/07 05:17:35 | 000,225,280 | ---- | C] () -- C:\WINDOWS\LiveX.ocx
[2012/06/07 05:17:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\LiveClient.dll
[2012/06/07 05:17:35 | 000,052,787 | ---- | C] () -- C:\WINDOWS\Stable.xml
[2012/03/05 08:38:35 | 000,161,720 | ---- | C] () -- C:\Program Files\2pres.dll
[2012/02/14 17:46:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/14 18:24:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/12/22 17:55:14 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 18:03:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/31 18:03:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/15 12:35:49 | 000,000,088 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/03/04 18:42:25 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\fred\Application Data\Comma Separated Values (Windows).ADR
[2008/02/12 21:04:48 | 000,000,666 | RHS- | C] () -- C:\Documents and Settings\fred\ntuser.pol
[2006/11/05 09:53:47 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\fred\Application Data\dvd.bmk
[2006/11/04 17:48:34 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/19 20:54:56 | 000,491,792 | ---- | C] () -- C:\Documents and Settings\fred\TRANSFORMS=1033.mst
[2006/10/19 20:54:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\fred\Local Settings\Application Data\fusioncache.dat

< End of report >

3a) Extras:
OTL Extras logfile created on: 7/5/2012 7:56:20 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\fred\Desktop\troubleshoot
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.61% Memory free
3.84 Gb Paging File | 3.00 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 38.59 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 37.15 Gb Free Space | 99.78% Space Free | Partition Type: NTFS

Computer Name: E520 | User Name: fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe" = C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe:*:Enabled:CGVPNCliService.exe
"C:\Program Files\S.A.D\CyberGhost VPN\openvpn.exe" = C:\Program Files\S.A.D\CyberGhost VPN\openvpn.exe:*:Enabled:openvpn.exe
"C:\Program Files\S.A.D\CyberGhost VPN\openssl.exe" = C:\Program Files\S.A.D\CyberGhost VPN\openssl.exe:*:Enabled:openssl.exe
"C:\Program Files\S.A.D\CyberGhost VPN\tapinstall.exe" = C:\Program Files\S.A.D\CyberGhost VPN\tapinstall.exe:*:Enabled:tapinstall.exe
"C:\Program Files\S.A.D\CyberGhost VPN\CyberGhost.exe" = C:\Program Files\S.A.D\CyberGhost VPN\CyberGhost.exe:*:Enabled:CyberGhost.exe
"C:\Program Files\ActivCard\ActivCard Gold\acDiagnoWzd.exe" = C:\Program Files\ActivCard\ActivCard Gold\acDiagnoWzd.exe:*:Enabled:ActivCard Gold Advanced Diagnostics
"C:\Program Files\S.A.D\CyberGhost VPN\CGStarter.exe" = C:\Program Files\S.A.D\CyberGhost VPN\CGStarter.exe:*:Enabled:CyberGhost VPN
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\fred\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\fred\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\fred\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{056BE67B-54B6-40C0-ADBF-08917FF1D4F6}" = HGTV Home & Landscape Platinum Suite 2.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16495E26-DFEC-4BCA-8E70-060C539838EE}" = MapSource - BlueChart Americas v7.5 Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254A2683-4128-47B1-85DF-7690E6119EC6}" = Garmin BlueChart Americas v9
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4221094E-82B8-43C4-94F4-A6760FC1842A}" = H&R Block Premium + Efile + State 2011
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C8139-FD1B-4EA0-AFE9-7D40050F8FF0}" = PowerMax Remote Programmer 3.0.38.9 (General)
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
"{7D25A304-C82D-41C3-85A8-3BEF84E04887}" = Garmin WebUpdater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974530D2-AE96-4C99-B549-99CADA653CE5}" = Garmin MapSource
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6272BAC-1A51-4418-933D-E6FC6C7DC42D}" = Netflix Movie Viewer
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1" = Index.dat Suite
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C89588E4-A151-489E-A393-066E503FC549}" = Dell DataSafe
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D46A8690-5E32-4BA8-BE0D-808E1EA76496}" = HGTV Home & Interior Painter
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DC5A3749-4535-4EAD-842A-DDE976CC6B38}" = PS7900
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AXIS Media Control" = AXIS Media Control
"CCleaner" = CCleaner
"ClassicFTP" = Classic FTP
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"Florida Topo" = Florida Topo Map
"Free Video Converter_is1" = Free Video Converter V 1.2
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{056BE67B-54B6-40C0-ADBF-08917FF1D4F6}" = HGTV Home & Landscape Platinum Suite 2.0
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"IrfanView" = IrfanView (remove only)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"MapSource" = MapSource
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"Photodex Presenter" = Photodex Presenter
"Pointools View 1.8 Pro" = Pointools View 1.8 Pro
"Precision Tile_is1" = Precision Tile 3.0.4
"Reading Blaster Ages 4-6" = Reading Blaster Ages 4-6
"SoftkeyLandArchDeinstKey" = Softkey Landscape Architect 1.00
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"UPCShell" = LeapFrog Connect
"VCW VicMan's Photo Editor_is1" = VCW VicMan's Photo Editor 8.0
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1664530028-17251024-895595264-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2012 7:14:33 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:24:15 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:24:18 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:27:44 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:32:10 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:34:41 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:37:22 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:41:53 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 7:55:42 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

Error - 7/5/2012 8:01:56 PM | Computer Name = E520 | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error
description: Class not registered .

[ OSession Events ]
Error - 6/14/2009 4:42:06 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:42:15 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:42:21 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2009 8:40:30 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2009 8:40:46 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2009 8:40:51 PM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:21:26 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:21:39 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:21:49 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2009 10:22:00 AM | Computer Name = E520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2012 11:16:43 PM | Computer Name = E520 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.804.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 7/4/2012 11:50:50 PM | Computer Name = E520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2012 6:48:34 PM | Computer Name = E520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2012 6:49:42 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm Lbd MpFilter

Error - 7/5/2012 6:50:26 PM | Computer Name = E520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2012 6:53:30 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 7/5/2012 7:09:20 PM | Computer Name = E520 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 0004cdb6, parameter2 0000001c, parameter3
00000000, parameter4 804fa292.

Error - 7/5/2012 7:10:11 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 7/5/2012 7:24:31 PM | Computer Name = E520 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3
00000000, parameter4 804fa292.

Error - 7/5/2012 7:25:16 PM | Computer Name = E520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >


4) first noticed issue back on June 20 or 21 but left town from June 21 - 30.

5) checklist complete. no new symptoms to report. no reboots today, just BSODs.

[fscali]

torreattack:
please read the next 2 posts in reverse order as I had to unexpectedly break my post in 2 due to character count limitations.
thank you,
fred

[torreattack]

hi fscali:

Sorry for being late.

I suspected the blue screen was caused by Microsoft Security Essentials.

I hope you don't mind we try to "toy" with it.

1. Download one of the antivirus from the link below, but don't install it yet.

• Antivir PersonalEdition Classic- Superior detection, the "free" version has no email scan.
• avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
• Note: remember to Uncheck any extra software downloads you may be offered (optional)

2. Uninstall Microsoft Security Essentials.

3. Install the new Antivirus that you just downloaded. Try to use it for a while, see whether you Blue Screen problem solved.

4. I saw you add a lot of Military Website into your trust zone, is this computer have anything to do with Government/Military Network?

5. Please upload Minidump file

• Open your browser and go to this website: http://www.sendspace.com/
• Click on the picture that written Click to browse
• now, go to C:\Windows\Minidump.
• click on the lastest Minidump file accroding to the date.
  note: example name of minidump file: Mini072808-07.dmp
• Click open and then click upload.
• At the Download Link section, click Copy Link.
  Paste the link to me.

Thanks,
torreattack