Solved malware-log from scan- how do I proceed?

I can't believe I did that I read your instructions enough that I should have caught that. It is scanning again... still taking a bit of time though. I'll post when it done.

 

I don't think its working. Jotti's sits in status "requesting scan" and the other sits on sending file... for over an hour, is this normal? I will let it run till the morning anyway. But I would be guessing to say this is the same issue I have with not being able to do much on the web.

 

I only have internet explorer on here and didnt trust to add another with all these problems, but your the expert, should I?


when I try to download the file, its all ads. Not sure if you will get that too.


atapi.sys

http://www.uploadmb.com/dw.php?id=1285910852


2nd try

http://www.uploadmb.com/dw.php?id=1285911495

 

I did try to let it go for hours and hours... wont move

 

Hi again

The computer is acting the same. Can sign in to email but wont open any, page says error in bottom left where it says done usually, that is hotmail and yahoo mail. Also my windows mail looks like my account into is wiped out. Didnt add it back because didnt want to make any changes as you requested. The bank I can sign in but not see info, it wont go past security questions, meaning a box usually pops up to say public or private computer... that doesnt pop up so I cant get in all the way. I did change the password and questions for security reasons, that worked to change, but still cant get past that screen. Also facebook wont go into chat and that is a pop out too.


ok here is the logs:

OTL logfile created on: 10/2/2010 9:17:41 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 230.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.60 Gb Total Space | 20.18 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive D: | 10.45 Gb Total Space | 1.67 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/02 21:08:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 09:00:16 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/02/26 08:58:40 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/13 14:17:38 | 000,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe


========== Modules (SafeList) ==========

MOD - [2010/10/02 21:08:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 08:58:40 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/11/13 14:17:38 | 000,439,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 15:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/30 10:28:21 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100926.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/30 10:28:20 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/30 10:28:20 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100926.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100924.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/27 08:44:23 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/09 02:19:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/29 20:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/06/18 11:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/12/06 10:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/10/31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/01/17 02:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 04:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/11 22:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/11 22:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/17 03:22:02 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/08 03:02:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/29 14:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/07/06 02:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/05/27 12:37:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/30 01:12:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gallery.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gateway.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: kodakgallery.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: libertybaycu.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ofoto.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285771646973 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 21:08:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010/09/30 01:20:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/30 01:20:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/30 01:20:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\temp
[2010/09/30 00:48:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/30 00:48:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/30 00:48:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/30 00:48:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/30 00:47:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/30 00:47:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/27 22:24:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2010/09/27 22:24:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/27 22:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/27 22:24:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/27 22:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/27 13:44:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\puter fix
[2010/08/11 10:57:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\a-walgreens
[2010/07/29 20:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/07/28 09:24:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CrashDumps
[2010/07/26 08:41:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\con-reunion
[2010/07/05 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/05 14:39:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Laconia-oo-fb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/02 21:18:01 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat
[2010/10/02 21:08:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010/10/02 21:01:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 21:01:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 21:01:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/02 21:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/02 20:59:52 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/10/02 20:59:52 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/10/02 20:59:28 | 003,011,597 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db
[2010/09/30 19:43:00 | 000,075,264 | ---- | M] () -- C:\Users\Lisa\Desktop\SystemLook.exe
[2010/09/30 02:04:09 | 002,164,988 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1108000.005\Cat.DB
[2010/09/30 01:12:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/30 01:12:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/30 00:46:52 | 003,858,327 | R--- | M] () -- C:\Users\Lisa\Desktop\ComboFix.exe
[2010/09/29 18:30:49 | 261,397,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/27 22:24:12 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/27 13:43:59 | 000,918,466 | ---- | M] () -- C:\Users\Lisa\Desktop\WinDlg_122.zip
[2010/09/27 00:59:24 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/09/26 19:52:32 | 000,322,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/20 17:57:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1108000.005\isolate.ini
[2010/09/16 21:39:31 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/16 21:39:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/16 21:39:31 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/14 21:28:30 | 000,034,816 | ---- | M] () -- C:\Users\Lisa\Desktop\Copy of Student Calendar 2010 - 2011.xls
[2010/08/15 21:36:07 | 000,157,696 | ---- | M] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 09:34:26 | 000,002,103 | ---- | M] () -- C:\Users\Lisa\Desktop\Norton AntiVirus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/30 19:42:57 | 000,075,264 | ---- | C] () -- C:\Users\Lisa\Desktop\SystemLook.exe
[2010/09/30 00:48:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/30 00:48:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/30 00:48:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/30 00:48:46 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/30 00:48:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 00:46:47 | 003,858,327 | R--- | C] () -- C:\Users\Lisa\Desktop\ComboFix.exe
[2010/09/29 10:09:00 | 261,397,161 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/29 09:30:26 | 000,001,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2010/09/27 22:24:12 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/27 13:43:50 | 000,918,466 | ---- | C] () -- C:\Users\Lisa\Desktop\WinDlg_122.zip
[2010/09/27 00:59:24 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/09/14 21:28:26 | 000,034,816 | ---- | C] () -- C:\Users\Lisa\Desktop\Copy of Student Calendar 2010 - 2011.xls
[2010/07/28 09:34:26 | 000,002,103 | ---- | C] () -- C:\Users\Lisa\Desktop\Norton AntiVirus.lnk
[2009/09/11 14:52:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/22 13:00:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/05/22 12:53:29 | 000,000,044 | ---- | C] () -- C:\Windows\EPSCX9400Fax.ini
[2009/05/16 00:12:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/22 22:13:10 | 000,000,680 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/09/03 00:32:42 | 000,000,268 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\LMCPaper.dat
[2007/09/01 21:02:35 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2007/08/31 23:56:18 | 000,024,363 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\UserTile.png
[2007/08/15 21:29:53 | 000,003,932 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\LMLayout.dat
[2007/08/15 21:10:46 | 000,000,149 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2007/07/20 05:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2007/07/18 18:01:07 | 000,157,696 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/22 18:52:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/05/22 18:52:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/05/22 18:52:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/22 18:52:18 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll

========== LOP Check ==========

[2007/08/09 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\acccore
[2007/09/05 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Aim
[2009/09/16 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Amazon
[2009/12/21 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\E-centives
[2009/05/26 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\EPSON
[2009/05/16 16:45:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FUJIFILM
[2007/11/13 23:01:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Geek Squad 24 Hour Computer Support
[2009/03/03 21:35:01 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\JAM Software
[2007/08/31 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PeerNetworking
[2007/07/18 17:56:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SampleView
[2009/05/12 05:37:23 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Snapfish
[2007/07/31 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Southwest Airlines
[2007/07/20 05:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template
[2010/04/08 14:10:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Western Digital
[2010/04/08 14:11:10 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Western DigitalTemp
[2010/10/02 21:00:06 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 20:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/30 01:20:01 | 000,009,141 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/03/05 22:53:59 | 000,218,476 | ---- | M] () -- C:\coreuninstall.log
[2008/12/11 08:57:14 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/09/01 20:51:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/14 18:02:49 | 000,001,342 | -H-- | M] () -- C:\IPH.PH
[2007/09/01 20:51:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/10 01:04:37 | 000,000,877 | ---- | M] () -- C:\net_save.dna
[2010/10/02 21:01:16 | 1377,247,232 | -HS- | M] () -- C:\pagefile.sys
[2007/05/22 18:25:34 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2009/03/05 22:54:34 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/03/05 22:54:34 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2009/11/06 21:15:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/11/07 15:19:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/11/07 15:43:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/11/10 01:36:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/11/10 01:53:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/11/10 03:47:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/11/10 04:53:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/11/10 17:41:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/11/11 00:15:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/11/11 00:16:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/10/28 21:41:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/28 21:45:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/29 22:03:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/29 22:27:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/31 09:38:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/10/31 09:43:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/11/01 03:53:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/11/01 14:17:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/11/01 14:25:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/11/06 20:56:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/11/06 21:15:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/11/07 15:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/11/07 15:43:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/11/10 01:36:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/11/10 01:53:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/11/10 03:47:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/11/10 04:53:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/11/10 17:41:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/11/11 00:15:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/11/11 00:16:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/10/28 21:41:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/28 21:45:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/29 22:03:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/29 22:27:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/31 09:38:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/31 09:43:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/11/01 03:53:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/11/01 14:17:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/11/01 14:25:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/11/06 20:56:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/02 01:07:01 | 000,010,530 | ---- | M] () -- C:\TMPatch.log

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/10 02:37:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/01/31 17:18:01 | 000,001,642 | -H-- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/10/26 00:29:08 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >
[2009/03/01 21:34:01 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Local\IsolatedStorage\ze4fs0qt.rkr\ltgdppcn.s23\Url.baos234cgu3y3glozyjwicytydpaxc2n\Url.x3upfl5pwc2qpjifbyrh04mtwz3rn4cm\Files\bak

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/23 02:25:33 | 000,000,286 | -HS- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/30 00:46:52 | 003,858,327 | R--- | M] () -- C:\Users\Lisa\Desktop\ComboFix.exe
[2010/10/02 21:08:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010/09/30 19:43:00 | 000,075,264 | ---- | M] () -- C:\Users\Lisa\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/11/10 02:56:36 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/11/10 02:56:07 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/10/26 00:23:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/10/26 00:23:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/11/10 02:56:07 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/30 09:49:40 | 000,000,402 | -HS- | M] () -- C:\Users\Lisa\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/10/24 13:32:26 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 646 bytes -> C:\Users\Lisa\Documents\PARK RIDE CLOSINGS FOR SEPT.eml:OECustomProperty
@Alternate Data Stream - 526 bytes -> C:\Users\Lisa\Documents\aug bills.eml:OECustomProperty
< End of report >

 

OTL Extras logfile created on: 10/2/2010 9:17:41 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 230.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.60 Gb Total Space | 20.18 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive D: | 10.45 Gb Total Space | 1.67 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05380843-D9FD-4A6F-A716-DD2FFA4D5B9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0953CA58-D899-4A44-B4A0-512EF2D58BD3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D3D8A4E-9074-40E9-942B-D1F7BCF7F1A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CB9DDC01-088D-4037-A54D-205B05790DC5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11FD9DFD-1EAF-48A0-A1E3-08AF40F2B44D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1D4CD56A-2180-4814-B170-C10BAC9DD10B}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{27B25B67-002D-4311-89A9-DE1D6A282C13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29F175F9-6E6D-4100-AAA9-D1350D8E4284}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3874CFD4-7FC2-4159-A268-B0538235EB16}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3B15354E-2E12-4327-8AB5-12A37637A62D}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{47E290ED-B5F5-488A-BEC0-539022748364}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{501E9825-C1D8-431D-9EE8-79DF1FBBAF5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{74A4FB62-0DBC-4BFD-A37E-D1599CB148DE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7D7E7A4E-5E8F-48F5-9B14-DEF3D1A31EAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F2C4EC5-54FC-4EA3-AC72-CF0EBE85A0E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87864E9B-D8E6-4907-AB51-35B9B3FDBE65}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{90237BBD-6FA5-4360-9E59-5E8FE4324D95}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B29A4669-9F0D-4740-81A0-B431F48E1AB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5B0DA54-0ECB-41DB-9A58-D2ECC8CD0A07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B66EDB1C-6892-4DE9-831C-4365348E2263}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CAD71101-FB23-48C7-A7C6-5EE4265EF0D7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D42FE232-197B-423A-B191-0EC10D2875AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E21215EE-DD7C-4A07-8FA0-A6176C94AE72}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E4423473-3585-4BBC-91D6-864FFD78C76B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E85E6ADE-ED97-4F9D-93B0-D5EE616BC3C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB97DA23-EC46-4ED5-81E9-279FB850EA99}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F4F48535-91B0-4AA3-A5F3-A82CE77C07B8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{02F68E29-D4CC-482A-B5E9-2DDAA2280DFD}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |
"TCP Query User{1A60FDD1-B857-443C-8236-F35FB8DBD7DB}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |
"TCP Query User{492CA420-56FB-4506-AA8A-F4BA138BAB08}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{5816129B-DF55-45CD-B714-234166E81045}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{5829530A-C0D5-4574-BCE2-C2D6FDA12D97}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{782147F8-A733-491C-99AB-F09841E762B0}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{BE572885-A331-45DD-BA22-767BE97DADB3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{493EEF5C-4516-43DA-B56E-E4CCDB27198C}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{4E19FB32-79D2-41A3-AA51-FE0039EFD685}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{68908264-50D2-4554-A4B4-007D40873CF4}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{7449450B-62EC-44AC-9FC8-EC0F4C0CD1E4}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |
"UDP Query User{805F1035-B867-4461-B705-025D1EF6C3B4}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |
"UDP Query User{C9B58E5A-E2A4-4226-A801-4DD19F6DA218}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F2DA7402-CD75-479E-A143-4F04E7DE7B68}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{187B8EFC-810D-4D9F-AC0D-601D7C84665D}" = Geek Squad 24 Hour Computer Support
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skypeâ„¢ 3.8
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D44A38DD-6F9A-4F12-ADA9-4C79BC71ECD0}" = WD SmartWare
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AOL Instant Messenger" = AOL Instant Messenger
"AudibleDownloadManager" = Audible Download Manager
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Gateway Game Console" = Gateway Game Console
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Money2006b" = Microsoft Money 2006
"NAV" = Norton AntiVirus
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.2.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT021682" = FATE
"WT021888" = Bejeweled 2 Deluxe
"WT021892" = Blasterball 3
"WT021896" = Family Feud 2
"WT021900" = Penguins!
"WT021902" = Polar Bowler
"WT021904" = Polar Golfer
"WT022436" = Tradewinds
"Yahoo! Applications" = Verizon Yahoo! Applications
"Zwei-Stein_is1" = Zwei-Stein Video Compositor 3.01 (Beta 2).

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2010 9:01:44 PM | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 Lisa-PC.local.
Addr 192.168.1.5

Error - 10/2/2010 9:01:44 PM | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Lisa-PC.local already in use; will try Lisa-PC-2.local
instead

Error - 10/2/2010 9:01:45 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application ipoint.exe, version 6.10.157.0, time stamp 0x4562cbe6,
faulting module ipoint.exe, version 6.10.157.0, time stamp 0x4562cbe6, exception
code 0xc0000005, fault offset 0x0007b3fd, process id 0x110, application start time
0x01cb62968863854c.

Error - 10/2/2010 9:14:03 PM | Computer Name = Lisa-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/2/2010 9:21:37 PM | Computer Name = Lisa-PC | Source = VSS | ID = 36
Description =

Error - 10/2/2010 9:21:37 PM | Computer Name = Lisa-PC | Source = VSS | ID = 8193
Description =

Error - 10/2/2010 9:21:37 PM | Computer Name = Lisa-PC | Source = System Restore | ID = 8193
Description =

Error - 10/2/2010 9:38:33 PM | Computer Name = Lisa-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/2/2010 9:38:34 PM | Computer Name = Lisa-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/2/2010 9:39:08 PM | Computer Name = Lisa-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 8/29/2009 1:38:55 PM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/29/2009 1:39:29 PM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/5/2009 4:42:30 PM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/19/2009 11:03:18 PM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/7/2009 5:46:07 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/24/2009 6:41:42 PM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/6/2009 8:59:42 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/22/2009 5:27:30 PM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 3/28/2010 1:53:24 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/29/2010 10:50:18 AM | Computer Name = Lisa-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

I only have internet explorer 8.0.6001.18943co. Should I download something else? Or maybe remove and download IE again?

 

Ok downloaded Firefox and the only other thing I did was to updat the java because it came up after install. Everything works fine on Firefox... email, facebook and banks. So what now? I can keep both browsers right? Can we fix IE? I could get used to Firefox but it will take time to get used to. So cool its working

 

Reset didnt help IE. Doing scans now.

 

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\Users\Lisa\Documents\PARK RIDE CLOSINGS FOR SEPT.eml:OECustomProperty deleted successfully.
ADS C:\Users\Lisa\Documents\aug bills.eml:OECustomProperty deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lisa
->Temp folder emptied: 139679 bytes
->Temporary Internet Files folder emptied: 23725090 bytes
->Java cache emptied: 20958345 bytes
->FireFox cache emptied: 27962445 bytes
->Flash cache emptied: 99212 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lisa
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10032010_171804

Files\Folders moved on Reboot...
File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFE140.tmp not found!
File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFE162.tmp not found!
File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFE1BA.tmp not found!
File\Folder C:\Users\Lisa\AppData\Local\Temp\~DFE1C6.tmp not found!
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Lisa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Lisa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Lisa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Lisa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Lisa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Lisa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BS0DZ0E3\iframescript[1].htm moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ASYJ2QCV\95430-active-malware-log-scan-how-do-i-proceed-3[1].html moved successfully.
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 9.0.45.0
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

 

OK done with TFC step... doing ESET now

 

ESET is still scanning... been 3 hours, and its been at 99% for over a hour. The files #'s are moving so its working. It shows 2 infected files, trojan being at the end of the name

But FYI... a thing that happened was IE wouldnt run the scan, so I opened Firefox and it made me download the file to my desktop and run it from there, so I did. I just hope it ends the same way you posted with the text file so I can post it to you.

edit to add, in case something messes up:

it shows, current scan results
threats found:

probably a variant of Win32/Agent.HZHBURL trojan
probably a variant of Win32/Agent.HZHBURL trojan