myrti - thanks your reply, and absolutely understand you guys are swamped. I appreciate the help!
Besides the stuff listed above that I found / did before, the only thing going on now is that
1) VirTool:WinNT/Rootkit.BV is found everyday by my (now Microsoft Security Essentials) Antivirus.
2) Trojan:Win32/Hiloti.gen!D was found yesterday.
I considered trying to load a live OS on disc (BartPE, Ubuntu, etc.) to remove the rootkit files if I could find them, but didn't get BartPE working with my SATA controller to read the drive, and ran out of time. I'll defer to your advice, just know I'm really interested in learning how to deal with this stuff. It's certainly been a punch in the gut to have computer issues in my house that my wife needs help for... and I can't seem to help!

OTL.Txt: --------------------------------------------------------------
OTL logfile created on: 1/17/2010 9:21:19 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Patti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.50 Gb Free Space | 94.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 213.45 Gb Free Space | 91.66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GALADRIEL
Current User Name: Patti
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/01/17 09:20:34 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patti\Desktop\OTL.exe
PRC - [2009/12/09 18:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Patti\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 00,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/20 11:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/02 17:36:52 | 00,203,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/01 12:43:46 | 01,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/06/01 10:52:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/06/01 10:52:10 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/05/07 13:07:08 | 00,435,120 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/04/26 10:38:38 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2007/04/26 10:38:21 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
PRC - [2007/03/05 07:40:25 | 00,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
========== Modules (SafeList) ========== MOD - [2010/01/17 09:20:34 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patti\Desktop\OTL.exe
MOD - [2009/07/20 11:29:06 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
========== Win32 Services (SafeList) ========== SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/20 11:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/07/27 22:21:16 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/07/27 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/04/26 10:38:38 | 00,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/04/26 10:38:21 | 00,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ========== DRV - [2009/09/02 19:11:53 | 00,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2009/09/02 19:11:52 | 00,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2009/09/02 19:11:44 | 00,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce
DRV - [2009/09/02 19:11:43 | 00,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce
DRV - [2009/09/02 19:11:43 | 00,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/18 12:55:41 | 00,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/06/17 11:56:32 | 00,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 00,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 00,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 00,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 11:55:18 | 00,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 22:04:18 | 00,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation)
DRV - [2008/04/13 22:04:18 | 00,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation)
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 19:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/08/29 02:04:04 | 00,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\si3112r.sys -- (Si3112r)
DRV - [2007/08/29 02:04:04 | 00,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/07/27 22:30:27 | 02,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/13 20:23:29 | 00,169,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2004/07/09 04:26:38 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/01/29 00:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {184FC9BE-23FD-44CF-858C-32ACE0186C5C}:1.9.1
FF - prefs.js..extensions.enabledItems: {421D525E-C40A-4DD9-BCE8-C15D0F0CC179}:1.9.1
FF - prefs.js..extensions.enabledItems: {3A57380E-CB6C-46C2-B854-FA9DA1022ADC}:1.9.1
FF - prefs.js..extensions.enabledItems: {892C5245-153E-4157-BFBC-964D44419C64}:1.9.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.68
FF - HKLM\software\mozilla\Firefox\Extensions\\{184FC9BE-23FD-44CF-858C-32ACE0186C5C}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{184FC9BE-23FD-44CF-858C-32ACE0186C5C}\ [2010/01/03 00:35:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{421D525E-C40A-4DD9-BCE8-C15D0F0CC179}: C:\Documents and Settings\Patti\Local Settings\Application Data\{421D525E-C40A-4DD9-BCE8-C15D0F0CC179} [2010/01/03 01:22:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3A57380E-CB6C-46C2-B854-FA9DA1022ADC}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{3A57380E-CB6C-46C2-B854-FA9DA1022ADC}\ [2010/01/03 01:38:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{892C5245-153E-4157-BFBC-964D44419C64}: C:\Documents and Settings\Patti\Local Settings\Application Data\{892C5245-153E-4157-BFBC-964D44419C64} [2010/01/06 07:03:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/03 01:28:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/03 01:28:31 | 00,000,000 | ---D | M]
[2009/09/02 22:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patti\Application Data\Mozilla\Extensions
[2010/01/08 00:25:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\j0nc36vq.default\extensions
[2009/09/04 16:55:00 | 00,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Patti\Application Data\Mozilla\Firefox\Profiles\j0nc36vq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/09/02 22:05:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
O1 HOSTS File: ([2001/08/18 07:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Patti\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Patti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/02 21:04:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/23 20:45:09 | 00,000,062 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/01/17 09:20:26 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patti\Desktop\OTL.exe
[2010/01/16 17:55:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patti\My Documents\NEMTEC
[2010/01/08 00:48:40 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/01/08 00:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/01/08 00:28:29 | 00,000,000 | ---D | C] -- C:\Avenger
[2010/01/07 19:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/07 19:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/07 19:29:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/07 19:29:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/07 18:43:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/06 07:03:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patti\Local Settings\Application Data\{892C5245-153E-4157-BFBC-964D44419C64}
[2010/01/03 15:06:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Patti\Recent
[2010/01/03 02:13:33 | 00,009,216 | ---- | C] (Kephyr) -- C:\WINDOWS\System32\ffnd.exe
[2010/01/03 02:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patti\Local Settings\Application Data\FreeFixer
[2010/01/03 02:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patti\Application Data\FreeFixer
[2010/01/03 02:04:23 | 00,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/01/03 01:55:16 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/03 01:22:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patti\Local Settings\Application Data\{421D525E-C40A-4DD9-BCE8-C15D0F0CC179}
[2010/01/03 00:37:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/12/22 13:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patti\Local Settings\Application Data\Adobe
[2009/12/22 13:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/12/22 13:28:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/12/22 13:28:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/09/04 18:44:03 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2009/09/04 18:44:03 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2009/09/04 18:44:03 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2009/09/04 18:44:03 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2009/09/04 18:44:02 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2009/09/04 18:44:02 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2009/09/04 18:44:02 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2009/09/04 18:44:02 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2009/09/04 18:44:02 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2009/09/04 18:44:00 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2009/09/04 18:43:59 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2009/09/04 18:43:59 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/01/17 09:22:59 | 00,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\slgcuzx.sys
[2010/01/17 09:20:34 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patti\Desktop\OTL.exe
[2010/01/17 09:17:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1202660629-1801674531-1003UA.job
[2010/01/17 07:07:23 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/17 07:06:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 07:06:47 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 07:06:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 23:52:21 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Patti\NTUSER.DAT
[2010/01/16 23:52:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Patti\ntuser.ini
[2010/01/16 23:52:09 | 03,767,326 | -H-- | M] () -- C:\Documents and Settings\Patti\Local Settings\Application Data\IconCache.db
[2010/01/16 23:52:00 | 00,013,910 | ---- | M] () -- C:\Documents and Settings\All Users\lxdi
[2010/01/16 18:17:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1202660629-1801674531-1003Core.job
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/13 07:43:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 18:10:56 | 00,011,491 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\Basket Ideas for Auction 2010.docx
[2010/01/11 21:46:55 | 05,987,328 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\Color Box 2.doc
[2010/01/11 18:05:01 | 00,549,931 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\bfc_icon2.zip
[2010/01/10 22:01:17 | 00,336,384 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\games night RSVP 1-24-09.doc
[2010/01/10 12:40:15 | 14,385,152 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\Color Box 2
[2010/01/10 11:47:22 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/10 11:15:11 | 00,560,640 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\37. Baric Tablets.doc
[2010/01/08 00:55:09 | 00,000,064 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\How to configure Windows XP to start in a -clean boot- state.url
[2010/01/08 00:37:57 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Patti\Desktop\sar_15_sfx.exe
[2010/01/07 21:58:40 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Patti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 21:06:56 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Cnifeqalux.dat
[2010/01/07 06:31:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Vzidoxewofesed.bin
[2010/01/06 18:53:27 | 00,010,434 | ---- | M] () -- C:\Documents and Settings\Patti\My Documents\intern letter.docx
[2010/01/05 17:18:17 | 05,540,352 | ---- | M] () -- C:\Documents and Settings\Patti\My Documents\fall newsletter.pub
[2010/01/04 22:24:11 | 00,349,548 | ---- | M] () -- C:\Documents and Settings\Patti\My Documents\Evy and Grandpa.jpg
[2010/01/03 13:03:14 | 00,084,480 | ---- | M] () -- C:\Documents and Settings\Patti\My Documents\2010.pub
[2010/01/03 02:02:55 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/03 02:02:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/03 02:02:55 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/03 01:27:37 | 00,006,206 | ---- | M] () -- C:\Documents and Settings\Patti\My Documents\cc_20100103_012727.reg
[2010/01/03 00:30:17 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\nvDrv.sy
[2010/01/03 00:30:09 | 00,000,028 | ---- | M] () -- C:\Documents and Settings\Patti\Application Data\fvgqad.dat
[2010/01/03 00:29:57 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Patti\Application Data\avdrn.dat
[2009/12/26 21:39:21 | 00,056,136 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/21 11:49:46 | 00,283,334 | ---- | M] () -- C:\Documents and Settings\Patti\My Documents\xmas.docx
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/01/13 07:43:05 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 18:10:56 | 00,011,491 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\Basket Ideas for Auction 2010.docx
[2010/01/11 21:46:50 | 05,987,328 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\Color Box 2.doc
[2010/01/11 18:04:59 | 00,549,931 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\bfc_icon2.zip
[2010/01/10 12:39:54 | 14,385,152 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\Color Box 2
[2010/01/10 11:15:10 | 00,560,640 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\37. Baric Tablets.doc
[2010/01/08 00:55:09 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\How to configure Windows XP to start in a -clean boot- state.url
[2010/01/08 00:37:54 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\sar_15_sfx.exe
[2010/01/07 19:36:51 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/06 18:53:26 | 00,010,434 | ---- | C] () -- C:\Documents and Settings\Patti\My Documents\intern letter.docx
[2010/01/04 22:24:11 | 00,349,548 | ---- | C] () -- C:\Documents and Settings\Patti\My Documents\Evy and Grandpa.jpg
[2010/01/03 16:12:47 | 00,336,384 | ---- | C] () -- C:\Documents and Settings\Patti\Desktop\games night RSVP 1-24-09.doc
[2010/01/03 13:03:14 | 00,084,480 | ---- | C] () -- C:\Documents and Settings\Patti\My Documents\2010.pub
[2010/01/03 01:27:32 | 00,006,206 | ---- | C] () -- C:\Documents and Settings\Patti\My Documents\cc_20100103_012727.reg
[2010/01/03 00:34:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Vzidoxewofesed.bin
[2010/01/03 00:34:19 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Cnifeqalux.dat
[2010/01/03 00:30:25 | 00,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\slgcuzx.sys
[2010/01/03 00:30:17 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\nvDrv.sy
[2010/01/03 00:30:09 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\Patti\Application Data\fvgqad.dat
[2010/01/03 00:29:57 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Patti\Application Data\avdrn.dat
[2009/12/26 21:39:21 | 00,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/21 11:49:45 | 00,283,334 | ---- | C] () -- C:\Documents and Settings\Patti\My Documents\xmas.docx
[2009/11/27 18:03:58 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/11/26 20:39:12 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/06 23:25:05 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Patti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 18:48:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2009/09/04 18:48:43 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2009/09/04 18:48:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2009/09/04 18:48:20 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2009/09/04 18:48:20 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2009/09/04 18:48:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2009/09/04 18:48:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2009/09/04 18:48:04 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2009/09/04 18:48:04 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/09/04 18:44:16 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2009/09/04 18:44:03 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2009/09/04 18:44:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
< End of report >
-------------------------------------------------------------------------
Extras.Txt: --------------------------------------------------------------
OTL Extras logfile created on: 1/17/2010 9:21:19 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Patti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.50 Gb Free Space | 94.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 213.45 Gb Free Space | 91.66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GALADRIEL
Current User Name: Patti
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:3500-4500 Series Server -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Device Monitor Application -- (Lexmark)
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01ED0835-5D97-BF31-6AF2-7553A87014F9}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31180401-FE98-6EF7-9DB0-CB6509E5D44D}" = ccc-core-preinstall
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E8D32E-CD66-6D3B-5BDF-588B2AFB4656}" = CCC Help English
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{57ED31E0-BCF4-67D3-DF6B-4239FDA77C11}" = Catalyst Control Center Graphics Full New
"{6759A77E-9163-F3BE-5602-D4DFD5CC8DD2}" = Skins
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8830F934-C6FE-C47E-5840-E6FFBD68DCE2}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97915182-C85B-AF14-8B21-D900E0958A4E}" = Catalyst Control Center Core Implementation
"{9A87F497-A986-F862-E830-FCBBE3BDCA03}" = Catalyst Control Center Graphics Previews Common
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9A84D37-5FAE-8317-1E6C-BAE79F15B88B}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DC0D1DD4-C894-341F-538E-5DD09F039D63}" = Catalyst Control Center Graphics Light
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/6/2009 6:00:32 PM | Computer Name = GALADRIEL | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/9/2009 7:35:13 AM | Computer Name = GALADRIEL | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/9/2009 7:38:36 AM | Computer Name = GALADRIEL | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/15/2009 3:40:29 PM | Computer Name = GALADRIEL | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/5/2009 8:53:29 PM | Computer Name = GALADRIEL | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.2.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/16/2009 11:17:05 PM | Computer Name = GALADRIEL | Source = Google Update | ID = 20
Description =
Error - 1/3/2010 2:37:39 AM | Computer Name = GALADRIEL | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Patti\Desktop\WindowsDefender.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.
Error - 1/3/2010 2:39:12 AM | Computer Name = GALADRIEL | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Patti\Desktop\WindowsDefender.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.
Error - 1/7/2010 10:24:29 PM | Computer Name = GALADRIEL | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 1/8/2010 12:33:55 AM | Computer Name = GALADRIEL | Source = MSSecurityEssentials | ID = 5000
Description =
[ System Events ]
Error - 1/14/2010 7:27:43 AM | Computer Name = GALADRIEL | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 1/14/2010 4:29:46 PM | Computer Name = GALADRIEL | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 1/14/2010 4:58:43 PM | Computer Name = GALADRIEL | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 1/14/2010 8:09:21 PM | Computer Name = GALADRIEL | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=370...atid=2147630632 User:
NT AUTHORITY\NETWORK SERVICE Name: VirTool:WinNT/Rootkit.BV ID: 2147630632 Severity:
Severe Category: Tool Path: Action: %%808 Error Code: 0x8007001f Error description:
A device attached to the system is not functioning. Status: Signature Version:
AV: 1.71.2212.0, AS: 1.71.2212.0 Engine Version: 1.1.5302.0
Error - 1/15/2010 7:45:34 AM | Computer Name = GALADRIEL | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 1/15/2010 7:37:27 PM | Computer Name = GALADRIEL | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=370...atid=2147630632 User:
NT AUTHORITY\NETWORK SERVICE Name: VirTool:WinNT/Rootkit.BV ID: 2147630632 Severity:
Severe Category: Tool Path: Action: %%808 Error Code: 0x8007001f Error description:
A device attached to the system is not functioning. Status: Signature Version:
AV: 1.71.2259.0, AS: 1.71.2259.0 Engine Version: 1.1.5302.0
Error - 1/15/2010 11:02:23 PM | Computer Name = GALADRIEL | Source = Print | ID = 6161
Description = The document Microsoft Word - Pillow foot matching-original work.doc
owned by Patti failed to print on printer Lexmark 3500-4500 Series. Data type:
LEMF. Size of the spool file in bytes: 40550542. Number of bytes printed: 40550542.
Total number of pages in the document: 4. Number of pages printed: 0. Client machine:
\\GALADRIEL. Win32 error code returned by the print processor: 0 (0x0).
Error - 1/16/2010 7:47:55 AM | Computer Name = GALADRIEL | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 1/16/2010 7:52:40 PM | Computer Name = GALADRIEL | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=370...atid=2147630632 User:
NT AUTHORITY\NETWORK SERVICE Name: VirTool:WinNT/Rootkit.BV ID: 2147630632 Severity:
Severe Category: Tool Path: Action: %%808 Error Code: 0x8007001f Error description:
A device attached to the system is not functioning. Status: Signature Version:
AV: 1.71.2314.0, AS: 1.71.2314.0 Engine Version: 1.1.5302.0
Error - 1/17/2010 8:06:55 AM | Computer Name = GALADRIEL | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
< End of report >
-------------------------------------------------------------------------