Solved Desktop changed message saying infected

[Resolved] Desktop changed message saying infected

Wednesday morning my son was on our laptop on the internet trying to find free sheet music for his violin. Something went POOF and a window came up and in the upper left corner it's called System Tools, but nothing I've ever seen before. It appeared to do a quick scan and then tells me that I have 37 infected files. It wants me to click on something to clean these files.

After several attempts, I finally got the window to just close, but now the desktop is a different color blue, there are large words across the screen warning me about this suppossed infection and telling me to get this System Tools Software to clean up the infected files.

My desktop icons are still appearing, although I can't open anything. I've tried to run Malwarebytes and Spybot but can't get them to open. Also, I cannot go online to get any scans to work.

I've read the instructions about the scans I need to run and then post the log here but I can't do any of that. I'm on my older slower secondary computer, hoping I can get help to clean up my beloved laptop.

It's a little over 2 years old and has Windows Vista on it.

Thank You,
Betsy
musicteacher

 

Wow! That is EXACTLY what I have, word for word.

Getting to work on the instructions now. Thanks!

 

Everything went well until I was running Malwarebytes. After scanning for about 30 minutes and finding 8 infected things, the computer shuts off. I tried again and it just did it again. Not sure what to do now.

 

ComboFix 11-02-24.03 - Craig 02/25/2011 0:22.1.2 - x86 NETWORK
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.2814.2174 [GMT -5:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\hNfAcLm15405
c:\programdata\hNfAcLm15405\hNfAcLm15405
c:\programdata\hNfAcLm15405\hNfAcLm15405.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 05:18 . 2011-02-25 05:19 -------- d-----w- C:\32788R22FWJFW
2011-02-23 11:53 . 2011-02-23 11:55 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-23 11:53 . 2011-02-23 11:53 -------- d-----w- c:\programdata\Tarma Installer
2011-02-23 02:45 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1EE5D10-8F61-4693-8E98-9D30B460E428}\mpengine.dll
2011-02-09 12:29 . 2010-12-20 16:36 834048 ----a-w- c:\windows\system32\wininet.dll
2011-02-09 12:29 . 2010-12-20 14:55 389632 ----a-w- c:\windows\system32\html.iec
2011-02-09 12:29 . 2010-12-20 15:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-09 12:26 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 12:26 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-12 12:06 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 23:09 . 2009-07-21 02:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-07-21 02:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 12:05 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2007-12-19 50528]
"SoftAuto.exe "= "c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-08-24 278264]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2006-11-03 49152]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-09 1851128]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ContentTransferWMDetector.exe "= "c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1036202965-3253762931-2050427233-1000]
"EnableNotificationsRef "=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-09 108560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIRescue;LogMeIn Rescue;c:\users\Craig\AppData\Local\Temp\LMICC64.tmp\lmi_rescue.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-31 25104]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\HPCeeScheduleForCraig.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 03:03]

2011-02-25 c:\windows\Tasks\User_Feed_Synchronization-{2E8C93ED-D01F-477B-9E88-FBA7C9C330BC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:18810
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-hpqSRMon - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
HKU-Default-RunOnce-*LogMeInRescue_3299225031 - c:\users\Craig\AppData\Local\Temp\LMI2674.tmp\lmi_rescue.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-25 00:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-02-25 00:32:26
ComboFix-quarantined-files.txt 2011-02-25 05:32

Pre-Run: 88,810,852,352 bytes free
Post-Run: 88,755,646,464 bytes free

- - End Of File - - BD7A7F43210BB3DE3DF010987D535231

 

ComboFix 11-02-24.03 - Craig 02/25/2011 0:49.2.2 - x86 NETWORK
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.2814.2070 [GMT -5:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
Command switches used :: c:\users\Craig\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 05:53 . 2011-02-25 05:53 -------- d-----w- c:\users\Craig\AppData\Local\temp
2011-02-25 05:53 . 2011-02-25 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 11:53 . 2011-02-23 11:55 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-23 11:53 . 2011-02-23 11:53 -------- d-----w- c:\programdata\Tarma Installer
2011-02-23 02:45 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1EE5D10-8F61-4693-8E98-9D30B460E428}\mpengine.dll
2011-02-09 12:29 . 2010-12-20 16:36 834048 ----a-w- c:\windows\system32\wininet.dll
2011-02-09 12:29 . 2010-12-20 14:55 389632 ----a-w- c:\windows\system32\html.iec
2011-02-09 12:29 . 2010-12-20 15:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-09 12:26 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 12:26 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-12 12:06 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 23:09 . 2009-07-21 02:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-07-21 02:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 12:05 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2007-12-19 50528]
"SoftAuto.exe "= "c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-08-24 278264]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2006-11-03 49152]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-09 1851128]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ContentTransferWMDetector.exe "= "c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1036202965-3253762931-2050427233-1000]
"EnableNotificationsRef "=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-09 108560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIRescue;LogMeIn Rescue;c:\users\Craig\AppData\Local\Temp\LMICC64.tmp\lmi_rescue.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-31 25104]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\HPCeeScheduleForCraig.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 03:03]

2011-02-25 c:\windows\Tasks\User_Feed_Synchronization-{2E8C93ED-D01F-477B-9E88-FBA7C9C330BC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-25 00:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-02-25 00:55:44
ComboFix-quarantined-files.txt 2011-02-25 05:55
ComboFix2.txt 2011-02-25 05:32

Pre-Run: 88,812,474,368 bytes free
Post-Run: 88,444,702,720 bytes free

- - End Of File - - E4D8B686CE390C8A8F109D129FF0EC6A

 

OTL logfile created on: 2/27/2011 7:48:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Craig\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 81.34 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive D: | 9.32 Gb Total Space | 1.69 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: CRAIG-LAPTOP | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 19:40:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
PRC - [2010/09/14 16:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 06:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/24 17:02:17 | 000,278,264 | ---- | M] (COMODO) -- C:\Program Files\COMODO\SafeSurf\cssurf.exe
PRC - [2009/08/18 20:37:30 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/04/11 01:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/09 16:41:50 | 002,260,728 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
PRC - [2009/04/09 16:41:34 | 001,851,128 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/04/09 16:41:20 | 000,700,152 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/12 22:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/20 21:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/12/19 11:02:58 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 04:32:00 | 000,049,152 | R--- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ICO.EXE


========== Modules (SafeList) ==========

MOD - [2011/02/27 19:40:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/09 16:42:55 | 000,155,384 | ---- | M] () -- C:\Windows\System32\guard32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LMIRescue)
SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService)
SRV - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/03 10:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/04/09 16:41:20 | 000,700,152 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/21 06:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/01/18 15:39:06 | 000,003,200 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/07/23 20:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/09 16:42:53 | 000,108,560 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2008/12/31 10:41:30 | 000,025,104 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 08:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 21:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/03 04:33:00 | 000,016,512 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2006/11/03 04:33:00 | 000,013,184 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELUSBlf.SYS -- (pelusblf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.cnn.com/
IE - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/20 09:02:14 | 000,000,000 | ---D | M]

[2010/07/27 15:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2010/07/27 15:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/07/27 15:55:01 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2011/02/25 00:30:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4 - HKLM..\Run: [COMODO SafeSurf] C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1036202965-3253762931-2050427233-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\cssdll32.dll) - C:\Windows\System32\cssdll32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 08:06:15 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/19 11:50:35 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 19:40:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2011/02/27 19:23:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/25 00:55:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/25 00:55:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\temp
[2011/02/25 00:54:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/25 00:47:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/25 00:19:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/25 00:19:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/25 00:19:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 00:19:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/24 20:53:40 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup.exe
[2011/02/23 06:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/02/23 06:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/02/02 19:06:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\Documents\Disney reviews
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Craig\Documents\*.tmp files -> C:\Users\Craig\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/27 19:40:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2011/02/27 19:35:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2E8C93ED-D01F-477B-9E88-FBA7C9C330BC}.job
[2011/02/27 19:34:13 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/02/27 19:34:11 | 000,048,175 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/27 19:34:03 | 000,048,175 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/27 19:20:50 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/27 19:20:50 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/27 19:13:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 19:13:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 19:12:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 19:12:55 | 2951,094,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 00:30:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/25 00:17:23 | 004,274,571 | R--- | M] () -- C:\Users\Craig\Desktop\ComboFix.exe
[2011/02/24 20:54:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/24 20:53:40 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup.exe
[2011/02/24 20:46:16 | 000,721,324 | ---- | M] () -- C:\Users\Craig\Desktop\iExplore.exe
[2011/02/23 22:24:10 | 258,193,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/23 22:22:42 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/13 00:31:54 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/02/10 03:30:17 | 000,393,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/08 07:46:06 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCraig.job
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Craig\Documents\*.tmp files -> C:\Users\Craig\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/27 19:19:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/27 19:19:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/27 19:19:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/27 19:12:55 | 2951,094,272 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/25 00:19:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/25 00:19:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/25 00:19:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/25 00:19:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/25 00:19:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 00:17:23 | 004,274,571 | R--- | C] () -- C:\Users\Craig\Desktop\ComboFix.exe
[2011/02/24 20:46:05 | 000,721,324 | ---- | C] () -- C:\Users\Craig\Desktop\iExplore.exe
[2011/02/23 07:30:09 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010/12/13 18:11:58 | 000,000,036 | ---- | C] () -- C:\Users\Craig\AppData\Local\housecall.guid.cache
[2010/02/20 09:01:44 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/18 15:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/12/20 14:55:43 | 000,077,352 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/10/25 14:47:33 | 000,178,355 | ---- | C] () -- C:\Windows\hpwins20.dat
[2009/10/23 18:31:23 | 000,000,321 | ---- | C] () -- C:\Windows\System32\XMLConfig_SYSID.ini
[2009/09/17 21:11:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 21:11:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 15:16:58 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2009/08/12 19:03:12 | 000,004,096 | -H-- | C] () -- C:\Users\Craig\AppData\Local\keyfile3.drm
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 18:45:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/25 21:01:51 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/05/03 13:50:38 | 000,006,144 | ---- | C] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/27 21:57:13 | 000,000,469 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/01/07 21:29:24 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/01/06 19:47:09 | 000,008,771 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2009/01/06 19:47:09 | 000,000,184 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2009/01/03 11:38:51 | 000,157,687 | ---- | C] () -- C:\Windows\hphins26.dat
[2008/12/31 13:02:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/31 10:41:43 | 000,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/12/25 08:35:22 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/12/16 23:03:42 | 000,048,175 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/16 22:58:46 | 000,048,175 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/08 21:57:55 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/11 08:20:54 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/01/08 07:42:32 | 000,002,428 | R--- | C] () -- C:\Windows\hpwmdl20.dat
[2007/12/12 19:01:47 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,393,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/21 19:48:11 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\acccore
[2010/02/10 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Amazon
[2010/09/20 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\funkitron
[2009/01/23 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\iWin
[2009/03/24 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\MSNInstaller
[2009/01/11 06:50:35 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\PlayFirst
[2010/07/27 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\TomTom
[2008/12/16 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\WildTangent
[2011/02/24 23:23:58 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/27 19:35:56 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2E8C93ED-D01F-477B-9E88-FBA7C9C330BC}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/11 08:06:15 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008/12/19 11:50:35 | 000,003,802 | ---- | M] () -- C:\Autorun_dll.log
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/02/25 00:55:44 | 000,009,796 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/02/23 22:22:42 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/27 19:12:55 | 2951,094,272 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/16 22:51:15 | 000,000,368 | -H-- | M] () -- C:\IPH.PH
[2010/06/28 18:05:39 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/02/27 19:12:53 | 3264,942,080 | -HS- | M] () -- C:\pagefile.sys
[2009/07/01 13:58:02 | 109,727,606 | ---- | M] () -- C:\Project1.exe
[2011/02/24 20:50:32 | 000,000,368 | ---- | M] () -- C:\rkill.log
[2010/07/25 12:49:22 | 000,156,672 | ---- | M] () -- C:\Ryan's loan schedule 1.xls

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/23 09:14:06 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/12/03 17:55:24 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/23 10:06:31 | 000,000,286 | -HS- | M] () -- C:\Users\Craig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/25 00:17:23 | 004,274,571 | R--- | M] () -- C:\Users\Craig\Desktop\ComboFix.exe
[2011/02/24 20:46:16 | 000,721,324 | ---- | M] () -- C:\Users\Craig\Desktop\iExplore.exe
[2011/02/24 20:53:40 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup.exe
[2011/02/27 19:40:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2009/06/25 20:59:14 | 008,028,712 | ---- | M] (United States Postal Service ) -- C:\Users\Craig\Desktop\setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/12/16 22:55:19 | 000,000,402 | -HS- | M] () -- C:\Users\Craig\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/02/20 09:01:45 | 000,008,304 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/06/25 21:01:51 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/27 19:34:11 | 000,048,175 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

OTL Extras logfile created on: 2/27/2011 7:48:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Craig\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 81.34 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive D: | 9.32 Gb Total Space | 1.69 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: CRAIG-LAPTOP | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1036202965-3253762931-2050427233-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0925C553-4951-44AB-A93C-23FDE5A492BE}" = rport=445 | protocol=6 | dir=out | app=system |
"{29AB50D6-C0A7-4DAB-8BCE-1AAEB2CB3A30}" = rport=137 | protocol=17 | dir=out | app=system |
"{37E017EB-F601-4F6C-96E0-D039DD0F3B96}" = lport=445 | protocol=6 | dir=in | app=system |
"{74C5F4CB-699E-445A-A741-0F7D4F5CD755}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{924BE06C-3CA5-48CF-90C4-5C6F1158BF3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA31C5AF-54B6-48E9-92E5-F378F316FE62}" = rport=138 | protocol=17 | dir=out | app=system |
"{C032ECEA-0C9C-489F-8C14-49E667CE20D1}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5F9C6FB-677A-40DA-A331-883F1058413E}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECA88FA2-0820-45D1-AD3E-E134EE2BF28A}" = lport=138 | protocol=17 | dir=in | app=system |
"{F6200180-C1FB-4F8B-978F-A7FF90CC50C0}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{253DB2AC-538D-4ECF-A1A9-5722002874E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CDF6434-B99B-480B-B5D2-3C670F15C311}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3D27F7D7-786E-4D92-8110-013A27B8A147}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{52209DDD-DAA0-4557-921D-BA954E350013}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5B4065A7-6C3A-4E89-B949-94EA3C642370}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5FED20CC-2ADB-4BCE-9C44-62C2695276D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8E1952F8-6CCC-4E90-9C5B-7E1305766813}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94E0D80F-0688-4EBD-B8A2-12F453DD9957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D051A2A-9283-46A2-B979-4084BE010162}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A424CAAB-C486-4E59-85B2-D0C8D27FD879}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C3ED6832-E036-490B-848B-AF9A17A3B835}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D0EED3AD-7EF3-470F-BE7E-F4D9C14D4192}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E74547D6-9C6E-41C9-A63B-67612A4BDB54}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{1817059D-2405-4752-85F4-7486D3B35211}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{2AEDA9EB-6D13-48A5-9707-DAEADD8CD42D}C:\windows\lmi9f2b.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi9f2b.tmp\lmi_rescue.exe |
"TCP Query User{77A4EDDB-EA08-4989-81D7-43973EB55A55}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{98ACA1D7-4463-45ED-B1E6-046E825A8E00}C:\users\craig\appdata\local\temp\lmi2674.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\craig\appdata\local\temp\lmi2674.tmp\lmi_rescue.exe |
"TCP Query User{DF226D7F-DF84-41A1-BF54-B3D73024DDF5}C:\users\craig\appdata\local\temp\lmicc64.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\craig\appdata\local\temp\lmicc64.tmp\lmi_rescue.exe |
"TCP Query User{EB77B5FC-45F1-4834-BD0D-182B9CE15D35}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4A0949AD-B42A-4420-BDC0-F9F903D7C59F}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{53C340DB-BA4D-460B-9155-7C43852E9F5C}C:\windows\lmi9f2b.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi9f2b.tmp\lmi_rescue.exe |
"UDP Query User{552DA023-ECC8-45E3-8305-5453D4B409E5}C:\users\craig\appdata\local\temp\lmicc64.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\craig\appdata\local\temp\lmicc64.tmp\lmi_rescue.exe |
"UDP Query User{93B88CC2-9D77-46D0-BA45-758DE4A132A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B6A0EBAC-9153-465A-8594-22F06D424F08}C:\users\craig\appdata\local\temp\lmi2674.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\craig\appdata\local\temp\lmi2674.tmp\lmi_rescue.exe |
"UDP Query User{E6918CD5-677B-4463-9BE3-0F16A60B4B4F}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{50CE6FB8-23DF-42B1-98CE-AA17A0905C7A}" = Learning QuickBooks 2009
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9D7E5329-5751-435B-B585-0EFF51783A20}" = NWZ-E350 WALKMAN Guide
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AudibleManager" = AudibleManager
"BFG-Babysitting Mania" = Babysitting Mania
"BFGC" = Big Fish Games: Game Manager
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"COMODO Internet Security" = COMODO Internet Security
"COMODO SafeSurf" = COMODO SafeSurf
"Creative Centrale" = Creative Centrale
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Learning QuickBooks 2009" = Learning QuickBooks 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MouseSuite98" = Mouse Suite
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MSNINST" = MSN
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"ZENMozaicUG" = Creative ZEN Mozaic User's Guide

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1036202965-3253762931-2050427233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACI onPrint Lite" = ACI onPrint Lite
"ACI onPrint Pro" = ACI onPrint Pro
"ACIonline onPrint" = ACIonline onPrint
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Studio Art Suite" = Studio Art Suite

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2011 1:13:48 AM | Computer Name = Craig-laptop | Source = EventSystem | ID = 4609
Description =

Error - 2/25/2011 1:14:07 AM | Computer Name = Craig-laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2011 1:19:43 AM | Computer Name = Craig-laptop | Source = VSS | ID = 18
Description =

Error - 2/25/2011 1:19:43 AM | Computer Name = Craig-laptop | Source = VSS | ID = 8193
Description =

Error - 2/25/2011 1:19:43 AM | Computer Name = Craig-laptop | Source = System Restore | ID = 8193
Description =

Error - 2/25/2011 1:32:38 AM | Computer Name = Craig-laptop | Source = EventSystem | ID = 4609
Description =

Error - 2/25/2011 1:48:38 AM | Computer Name = Craig-laptop | Source = VSS | ID = 18
Description =

Error - 2/25/2011 1:48:38 AM | Computer Name = Craig-laptop | Source = VSS | ID = 8193
Description =

Error - 2/25/2011 1:48:38 AM | Computer Name = Craig-laptop | Source = System Restore | ID = 8193
Description =

Error - 2/25/2011 1:54:46 AM | Computer Name = Craig-laptop | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 2/25/2011 1:30:19 AM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 2/25/2011 1:33:24 AM | Computer Name = Craig-laptop | Source = DCOM | ID = 10005
Description =

Error - 2/25/2011 1:49:06 AM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 2/25/2011 1:51:17 AM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 2/25/2011 1:53:45 AM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 2/26/2011 1:14:01 AM | Computer Name = Craig-laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 1:14:20 AM | Computer Name = Craig-laptop | Source = DCOM | ID = 10005
Description =

Error - 2/27/2011 8:13:18 PM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 2/27/2011 8:13:18 PM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 2/27/2011 8:14:45 PM | Computer Name = Craig-laptop | Source = Service Control Manager | ID = 7022
Description =


< End of report >

 

The stuff that was on the screen before is gone and the correct desktop appears to be back.

When I restarted the computer, the Comodo thing that is installed to find viruses found something and quarantined it.

 

Perhaps I shouldn't have done this, but I updated Malwarebytes and started a full scan using that. It has already found 1 infected item.

Shall I abort that and follow your instructions or let the scan continue? Very sorry if I took a step I should not have.

 

Appears to have found 4 things:



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5898

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

2/28/2011 6:04:26 AM
mbam-log-2011-02-28 (06-04-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 349868
Time elapsed: 1 hour(s), 39 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\comodo\comodo internet security\quarantine\autorun.inf (Worm.Autorun) -> Delete on reboot.
c:\Qoobox\quarantine\C\programdata\hnfaclm15405\hnfaclm15405.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Craig\AppData\LocalLow\Sun\Java\deployment\cache\6.0\26\2cc9afda-66dfaf75 (Trojan.Agent) -> Quarantined and deleted successfully.

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-1036202965-3253762931-2050427233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\LMI9F2B.tmp\rescue.log deleted successfully.
C:\Windows\LMI9F2B.tmp folder deleted successfully.
C:\Windows\NV15363940.TMP folder deleted successfully.
C:\Windows\NV50245760.TMP folder deleted successfully.
C:\Users\Craig\Documents\~WRL0004.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Craig
->Temp folder emptied: 1013506 bytes
->Temporary Internet Files folder emptied: 15607979 bytes
->Java cache emptied: 91454318 bytes
->Flash cache emptied: 5953502 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40148 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 109.00 mb


[EMPTYFLASH]

User: All Users

User: Craig
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02282011_183342

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````