Inactive Diagnostic Policy Service Error

I uninstalled Norton from the control panel and also ran the Norton Removal tool so not sure why it is still there. I will run it again. I tried to transfer Avira with my USB drive but it will not open so I assume I have to wait until my Internet connection is back on that PC and download it directly. Unless there is another way to transfer it over. I still receive the same error and am unable to start the diagnostic policy service.

 

Uh oh, when I try to run the norton removal tool or open revo uninstaller, I get the following error: Illegal operation attempted on a registry key that has been marked for deletion. I also got that message when trying to open any of my Microsoft Office programs like Word and Excel (I tried to open them to see what happened and I got the same message). Should I panic yet?

 

It is listed as the Diagnostic Policy Service, is set to automatic, but will not start. When I try to start it, it tells me it can not start on Local Computer. Same message I was getting before.

 

ok rebooted and now the files open thankies. I wont panic. installing avira now since the file opened.

 

The issue started on Wednesday out of the blue. I checked my emaill in the morning and shut down. I restarted upon arriving home and had the problem. I made no changes. I will run the above as soon as the avira scan is done. I just installed it and am doing a full scan. I have no clue why the problem started all of a sudden which is why it is frustrating. very very odd.

 

OTL logfile created on: 9/20/2010 8:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Heather\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 279.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.87 Gb Total Space | 83.82 Gb Free Space | 59.50% Space Free | Partition Type: NTFS
Drive D: | 4.19 Gb Total Space | 3.13 Gb Free Space | 74.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.99 Gb Total Space | 3.94 Gb Free Space | 98.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEATHER-PC
Current User Name: Heather
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/20 19:49:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/22 08:25:30 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/06/13 16:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/06/02 03:28:22 | 000,081,920 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/07 12:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


========== Modules (SafeList) ==========

MOD - [2010/09/20 19:49:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/21 21:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/22 08:25:30 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/07 12:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Release\TAPBIND1.SYS -- (TAPBIND)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Heather\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/06 14:43:38 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/11/06 14:43:38 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2009/09/10 15:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/03 16:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/03 04:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/28 15:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/10/11 17:17:18 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/13 22:22:16 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/05/03 19:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/23 11:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/02/22 12:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/12/07 16:05:58 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 16:04:36 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/07 16:04:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2003/07/01 03:41:00 | 000,122,112 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vnet58lx.sys -- (FVNETusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.casabellaluna.com/email/scripts/loginuser.pl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p= "
FF - prefs.js..browser.search.defaultenginename: "Yahoo "
FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p= "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com "
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/03 13:01:24 | 000,000,000 | ---D | M]

[2008/06/18 13:16:23 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions
[2009/11/01 17:39:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xegii6zv.default\extensions
[2009/11/01 17:29:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xegii6zv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/04 15:41:32 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xegii6zv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/08/25 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xegii6zv.default\extensions\chachaguidebar@chacha.com
[2008/10/09 09:58:27 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xegii6zv.default\extensions\moveplayer@movenetworks.com
[2009/08/17 20:10:45 | 000,001,196 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xegii6zv.default\searchplugins\winamp-search.xml
[2009/11/06 23:48:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/19 17:12:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 04:22:06 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: ShellHWDetection - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/20 20:01:56 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/09/20 19:27:28 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Avira
[2010/09/20 19:25:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/09/20 19:25:26 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/09/20 19:25:26 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/09/20 19:25:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/09/20 19:25:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/09/20 19:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/20 19:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/20 18:24:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/20 18:23:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/20 17:58:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/19 18:45:10 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\NTBR_CD
[2010/09/19 16:47:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/19 16:47:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/19 16:47:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/19 16:47:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/19 16:47:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/19 14:18:29 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\Heather\Desktop\Norton_Removal_Tool.exe
[2010/09/17 19:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Revo Uninstaller
[2010/09/15 17:21:51 | 000,000,000 | ---D | C] -- C:\a3df6c94942a58d01a1dc578
[2010/08/22 15:31:57 | 000,000,000 | ---D | C] -- C:\Users\Heather\.gstreamer-0.10
[2010/08/22 15:30:15 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Imprudence
[2010/08/22 15:30:14 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Imprudence
[2010/08/22 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Imprudence
[2010/08/12 03:05:05 | 000,000,000 | ---D | C] -- C:\0d1e2b57996e36a7b98bd9cb887d
[2010/08/11 23:45:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/07/20 19:38:17 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Yahoo!
[2010/07/20 19:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/14 03:01:32 | 000,000,000 | ---D | C] -- C:\eef6573d8f493ee0e92886d8b26a86

========== Files - Modified Within 90 Days ==========

[2010/09/20 20:02:47 | 003,932,160 | -HS- | M] () -- C:\Users\Heather\ntuser.dat
[2010/09/20 19:49:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/09/20 19:25:46 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/20 19:20:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 19:20:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 19:20:23 | 000,041,946 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/20 19:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/20 19:20:16 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/20 19:19:20 | 000,524,288 | -HS- | M] () -- C:\Users\Heather\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 19:19:20 | 000,065,536 | -HS- | M] () -- C:\Users\Heather\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/20 19:18:35 | 002,600,943 | -H-- | M] () -- C:\Users\Heather\AppData\Local\IconCache.db
[2010/09/20 19:10:02 | 000,002,595 | ---- | M] () -- C:\Users\Heather\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/09/20 19:09:41 | 000,002,585 | ---- | M] () -- C:\Users\Heather\Desktop\Microsoft Office Excel 2007.lnk
[2010/09/20 18:17:30 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/19 20:39:04 | 000,075,264 | ---- | M] () -- C:\Users\Heather\Desktop\SystemLook.exe
[2010/09/19 18:42:44 | 000,715,876 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/19 18:42:44 | 000,612,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/19 18:42:44 | 000,107,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/19 18:40:42 | 002,565,432 | ---- | M] () -- C:\Users\Heather\Desktop\NTBR_CD.exe
[2010/09/19 17:12:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/19 14:58:06 | 044,089,904 | ---- | M] () -- C:\Users\Heather\Desktop\avira_antivir_personal_en.exe
[2010/09/19 14:56:30 | 187,881,578 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/19 14:14:18 | 003,846,590 | R--- | M] () -- C:\Users\Heather\Desktop\ComboFix.exe
[2010/09/19 14:13:20 | 000,080,384 | ---- | M] () -- C:\Users\Heather\Desktop\MBRCheck.exe
[2010/09/19 14:12:20 | 000,293,376 | ---- | M] () -- C:\Users\Heather\Desktop\vvq42pwx.exe
[2010/09/19 14:10:28 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Heather\Desktop\Norton_Removal_Tool.exe
[2010/09/19 14:08:32 | 000,132,597 | ---- | M] () -- C:\Users\Heather\Desktop\Flash_Disinfector.exe
[2010/09/19 10:46:56 | 000,002,627 | ---- | M] () -- C:\Users\Heather\Desktop\Microsoft Office Word 2007.lnk
[2010/09/19 10:35:42 | 000,525,824 | ---- | M] () -- C:\Users\Heather\Desktop\dds.scr
[2010/09/17 20:34:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/17 20:30:05 | 000,041,946 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/17 19:22:24 | 000,000,895 | ---- | M] () -- C:\Users\Heather\Desktop\Revo Uninstaller.lnk
[2010/09/15 19:20:08 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{43201644-6AC6-4B63-8892-AFEF0C87ECE2}.job
[2010/09/15 19:19:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/15 17:16:38 | 000,001,356 | ---- | M] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2010/09/15 17:07:03 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHeather.job
[2010/09/07 19:15:38 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Imprudence.lnk
[2010/08/12 23:08:11 | 000,366,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/20 19:35:37 | 000,000,964 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/20 19:35:37 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/07/16 11:13:11 | 000,027,298 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2010/09/20 19:25:46 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/20 19:02:05 | 044,089,904 | ---- | C] () -- C:\Users\Heather\Desktop\avira_antivir_personal_en.exe
[2010/09/19 20:43:03 | 000,075,264 | ---- | C] () -- C:\Users\Heather\Desktop\SystemLook.exe
[2010/09/19 18:43:53 | 002,565,432 | ---- | C] () -- C:\Users\Heather\Desktop\NTBR_CD.exe
[2010/09/19 16:47:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/19 16:47:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/19 16:47:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/19 16:47:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/19 16:47:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/19 14:18:37 | 003,846,590 | R--- | C] () -- C:\Users\Heather\Desktop\ComboFix.exe
[2010/09/19 14:18:33 | 000,293,376 | ---- | C] () -- C:\Users\Heather\Desktop\vvq42pwx.exe
[2010/09/19 14:18:25 | 000,080,384 | ---- | C] () -- C:\Users\Heather\Desktop\MBRCheck.exe
[2010/09/19 14:18:18 | 000,132,597 | ---- | C] () -- C:\Users\Heather\Desktop\Flash_Disinfector.exe
[2010/09/19 10:42:19 | 000,525,824 | ---- | C] () -- C:\Users\Heather\Desktop\dds.scr
[2010/09/17 22:17:26 | 1005,174,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/17 20:34:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/17 19:22:24 | 000,000,895 | ---- | C] () -- C:\Users\Heather\Desktop\Revo Uninstaller.lnk
[2010/09/14 19:48:08 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHeather.job
[2010/08/22 15:29:56 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Imprudence.lnk
[2009/11/06 14:18:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IsUser11b.dll
[2009/09/10 22:49:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/06 12:26:15 | 000,041,946 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/06 12:26:15 | 000,041,946 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/08 15:45:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/04/28 15:40:26 | 000,000,022 | ---- | C] () -- C:\Users\Heather\AppData\Local\kodakpcd.ini
[2008/04/09 13:39:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/24 19:51:40 | 000,001,356 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2008/02/05 15:28:49 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/09 14:58:25 | 000,009,728 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 01:18:08 | 000,000,499 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/09/06 10:50:08 | 000,000,006 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2007/09/05 16:02:56 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\QSwitch.txt
[2007/09/05 16:02:56 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\DSwitch.txt
[2007/09/05 16:02:56 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\AtStart.txt
[2007/09/04 22:01:39 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LXBRPMON.DLL
[2007/09/04 22:01:39 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LXBRPMUI.DLL
[2007/09/04 22:00:37 | 000,000,439 | ---- | C] () -- C:\Windows\Lexstat.ini
[2007/09/04 21:37:05 | 000,027,298 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\wklnhst.dat
[2007/09/04 18:17:48 | 000,013,119 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\nvModes.001
[2007/09/04 18:14:18 | 000,013,119 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\nvModes.dat
[2007/04/20 04:07:08 | 000,001,901 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2008/09/05 16:16:34 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\4200Series
[2008/11/12 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Auslogics
[2008/11/14 17:59:13 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\EuroTalk
[2009/07/12 18:21:13 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\gtk-2.0
[2007/09/14 11:26:13 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\ICAClient
[2010/09/10 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Imprudence
[2008/06/29 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\iWin
[2008/05/27 21:14:10 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\KompoZer
[2008/04/04 00:24:49 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Magus
[2007/09/04 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\MSNInstaller
[2008/07/28 13:16:14 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\muvee Technologies
[2008/02/26 16:38:37 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\NCH Swift Sound
[2010/05/13 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SecondLife
[2009/12/24 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Skinux
[2007/10/01 11:13:31 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Snapfish
[2009/05/06 11:43:51 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SystemRequirementsLab
[2007/09/04 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Template
[2008/05/27 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Trellian
[2007/09/04 18:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\WildTangent
[2010/09/15 19:13:56 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/15 19:20:08 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43201644-6AC6-4B63-8892-AFEF0C87ECE2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/04/20 04:22:06 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008/08/07 16:08:56 | 257,542,922 | ---- | M] () -- C:\BACKUP.REG
[2009/11/06 14:45:54 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/09/05 16:15:20 | 000,037,242 | ---- | M] () -- C:\caavsetupLog.txt
[2008/04/11 12:26:27 | 000,053,126 | ---- | M] () -- C:\caisslog.txt
[2010/09/20 18:24:29 | 000,011,039 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/20 19:20:16 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
[2008/02/05 15:28:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/23 12:01:52 | 000,027,301 | ---- | M] () -- C:\logfile
[2010/09/19 11:45:32 | 000,007,051 | ---- | M] () -- C:\lxbm.log
[2008/02/05 15:28:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/20 19:20:13 | 1318,973,440 | -HS- | M] () -- C:\pagefile.sys
[2008/09/28 14:23:57 | 208,205,936 | ---- | M] () -- C:\registry 092808.reg
[2010/03/24 21:14:46 | 323,806,904 | ---- | M] () -- C:\registrybackupmarch24.reg
[2009/01/25 16:54:54 | 000,015,552 | ---- | M] () -- C:\SSInst.log
[2007/09/28 20:19:30 | 000,011,091 | ---- | M] () -- C:\SSPPPoE.log
[2007/09/05 16:13:15 | 000,000,026 | -HS- | M] () -- C:\testDebug8.log
[2009/07/28 18:01:23 | 000,000,948 | ---- | M] () -- C:\updatedatfix.log
[2008/04/08 17:00:21 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/22 18:51:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/08 13:54:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/17 20:13:24 | 000,000,732 | -HS- | M] () -- C:\Users\Heather\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/19 14:58:06 | 044,089,904 | ---- | M] () -- C:\Users\Heather\Desktop\avira_antivir_personal_en.exe
[2010/09/19 14:14:18 | 003,846,590 | R--- | M] () -- C:\Users\Heather\Desktop\ComboFix.exe
[2010/09/19 14:08:32 | 000,132,597 | ---- | M] () -- C:\Users\Heather\Desktop\Flash_Disinfector.exe
[2010/09/19 14:13:20 | 000,080,384 | ---- | M] () -- C:\Users\Heather\Desktop\MBRCheck.exe
[2010/09/19 14:10:28 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Heather\Desktop\Norton_Removal_Tool.exe
[2010/09/19 18:40:42 | 002,565,432 | ---- | M] () -- C:\Users\Heather\Desktop\NTBR_CD.exe
[2010/09/20 19:49:38 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/09/19 20:39:04 | 000,075,264 | ---- | M] () -- C:\Users\Heather\Desktop\SystemLook.exe
[2010/09/19 14:12:20 | 000,293,376 | ---- | M] () -- C:\Users\Heather\Desktop\vvq42pwx.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/06/14 13:07:01 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Heather\install_flash_player.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/10/22 19:52:56 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/10/22 19:52:26 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/10/22 19:52:25 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/10/22 19:52:25 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/10/22 19:52:25 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/10/22 19:52:26 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/12/24 16:23:38 | 000,000,402 | -HS- | M] () -- C:\Users\Heather\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/12/16 23:30:15 | 000,001,901 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/09/17 20:34:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/20 19:20:23 | 000,041,946 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:182F0EEA
< End of report >

 

OTL Extras logfile created on: 9/20/2010 8:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Heather\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 279.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.87 Gb Total Space | 83.82 Gb Free Space | 59.50% Space Free | Partition Type: NTFS
Drive D: | 4.19 Gb Total Space | 3.13 Gb Free Space | 74.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.99 Gb Total Space | 3.94 Gb Free Space | 98.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEATHER-PC
Current User Name: Heather
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
" " =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
" " =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B82C78E-F17A-4C31-925E-380506F2854D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C70D6252-D4C7-43F9-A50D-0B8137F31386}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0798E-2C85-47B7-BC23-806BD14081C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0FB4C9C0-6969-4D83-B1E9-0D874EFABA9B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{17D93EB6-E73F-4D75-838C-AD558840B92A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{27A7E0E0-3426-460D-9461-AD051D7551D1}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{284BF33D-7530-40CE-96AD-B622CE1FB05B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2BF38F86-D1B7-48EA-8E59-E5B96E268002}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{38B0BCEA-42F1-4E3A-93A1-59389424A10D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3C286128-1CF8-4F98-95D0-D79976EA5983}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43E118FE-62B8-4CD2-BD79-3B65DC65E2D2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{4C66344C-2222-46E9-8659-658DC6081A0C}" = protocol=17 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{4D5ECD61-8579-4F8A-B535-37CEE6AE3059}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4F0C39B0-4C88-4C96-AC2C-4F245039729B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{56D6BE56-AF94-49FD-A837-96D2E9729C9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6AEE5FB6-0D67-4B41-BD39-1A6EA6DFE182}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{6CC2E69A-1BEC-4198-8AA3-327A4F6C2CBC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{74B1DD54-D7C0-41F5-8532-06982CC5B8E8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{76AD415B-57B6-4990-808C-A44F2121A437}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{899EBC5B-69D5-4836-AF39-39BA511F5240}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{96D26B41-9B01-475C-9A9C-EB2F8D437737}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{981CFFA3-9427-4709-97C8-B19E11A3E100}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9850DBF2-A867-47A6-A467-A34444477A47}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9D8AF4A4-5669-4165-A5F4-77D5C3EF3C16}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{A522C3AB-2467-4115-9D41-4CC97790C5ED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B3528D6F-5C41-4592-82BA-9E34C2B75975}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{BB2D2492-3402-4AEE-BB75-8ED899D09B1E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C780778E-511E-404B-B43A-0F6CA1FC3AAD}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{C89F3CE6-B95F-417A-A739-6020DFD8EFB0}" = protocol=6 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{D1A8728F-4582-49B6-8910-4521474CEDE8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{D431DD35-F865-40BE-99CE-023C41C31D37}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe |
"{DC139D68-1E6C-4953-A3CE-884F638F36D8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{DD620669-4AC9-4753-B702-E3BD1E200DB7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{DDB8AFBC-0209-4075-9ACF-B6575FBD30C0}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E1094CCC-9147-4145-A6B1-12D5ADA16576}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E1A2BD21-0C28-4751-8F72-949F0443843B}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{FB71E5C3-535C-46AA-ABCE-E006AA58655F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{FDC55630-2B73-476C-9F28-06049BF3E82F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{146664B3-FC2A-4AA8-A13F-097EDC6E6A6D}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{1DF0BD2B-3719-4ABA-9D53-DD4FF7448B1B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2C0E3AF6-69ED-463B-9839-B7752ECE82E4}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{2E4B862C-2FE0-4B56-9F1D-14B65ACB76B9}C:\program files\secondlifereleasecandidate\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifereleasecandidate\slvoice.exe |
"TCP Query User{3DBF9037-8476-4844-B97F-1499E02EE6E8}C:\program files\greenlife emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\greenlife emerald viewer\slvoice.exe |
"TCP Query User{B0EAE57C-2186-44CC-B7A0-35804D1DD3ED}C:\program files\vongo\vongotray.exe" = protocol=6 | dir=in | app=c:\program files\vongo\vongotray.exe |
"TCP Query User{D7225F01-D33F-46B6-9D78-9197000A1D9F}C:\program files\emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\emerald viewer\slvoice.exe |
"TCP Query User{E277BADD-E16E-42C5-BE5B-C468B4E68D08}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{F5AAE840-BBFC-4E95-B01D-D35E3E2E1AFA}C:\program files\imprudence\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\imprudence\slvoice.exe |
"UDP Query User{150E4C08-E84F-4E91-8ECF-A4F2D4A02D1E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{2C82E8B8-A5BF-423B-9D4B-C624D6E61E1C}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{3D4F3227-44C1-473A-B57F-3213316B102F}C:\program files\vongo\vongotray.exe" = protocol=17 | dir=in | app=c:\program files\vongo\vongotray.exe |
"UDP Query User{3E6AFE24-3F1B-447E-8F18-A193D0C2D28E}C:\program files\secondlifereleasecandidate\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifereleasecandidate\slvoice.exe |
"UDP Query User{5EB05187-7CC1-4865-86D3-9A9CCEB79E8B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{A4246407-1B18-4BB1-B208-08B00EB3958A}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{B48DEE95-70A7-4AC2-A407-730D35270E64}C:\program files\emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\emerald viewer\slvoice.exe |
"UDP Query User{C82122DC-3471-404D-9E94-6F4280957958}C:\program files\greenlife emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\greenlife emerald viewer\slvoice.exe |
"UDP Query User{CC10BE67-03B9-4855-8985-6097030EE4CA}C:\program files\imprudence\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\imprudence\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F396FFB-CC3A-4335-BC0B-2AEF38F4492C}" = Microsoft WSE 2.0 SP3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1" = Imprudence Viewer 1.3.0 RC2
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Digital Editions" = Adobe Digital Editions
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.80
"Rhapsody" = Rhapsody
"Road Runner Install_is1" = Road Runner Install
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"SecondLife" = SecondLife (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.2
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

I tried system restore before coming to the forum and it errored. I just tried again using an older restore point and had the same problem. I receive the following:

system restore did not complete successfully. Your computers system files and settings were not changed.

Details: an unspecified error occurred during system restore

 

ran system restore in safe mode. same error.

 

Thank you for all the assistance I truly appreciate it. I will continue in the other forum.