Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 new_mm

new_mm

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 January 2012 - 08:42 AM

Ok, my parent's have a really nasty virus going on. It is one of the viruses that runs the fake virus scan on your computer. This one blacked out the desktop background and hid some of the icons that are on their desktop. It pops up several messages about being hacked, low system memory, and fake claims of infection. I followed the initial steps you require before posting about virus removal, but ran into some issues with the DDS and GWAR. The virus is not allowing me to run either program. The DDS would not run at all and the GWAR froze up halfway through the scan and would not continue. I tried this in normal mode, safe mode, and safe mode with networking. Your help is appreciated.

Thanks!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 AM

Posted 16 January 2012 - 08:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437306 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 17 January 2012 - 04:02 PM

Ok, my parent's have a really nasty virus going on. It is one of the viruses that runs the fake virus scan on your computer. This one blacked out the desktop background and hid some of the icons that are on their desktop. It pops up several messages about being hacked, low system memory, and fake claims of infection. I followed the initial steps you require before posting about virus removal, but ran into some issues with the DDS and GWAR. The virus is not allowing me to run either program. The DDS would not run at all and the GWAR froze up halfway through the scan and would not continue. I tried this in normal mode, safe mode, and safe mode with networking. Your help is appreciated.


They are currently using Windows Vista on a 32 bit machine. I am not sure if they have the original CD, but I believe they do.

Thanks,

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:58 AM

Posted 18 January 2012 - 02:02 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst we work on your malware problems, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.


:step1: Before we can do anything we must first end the processes that belong to the rogue program(s) so that they do not interfere with the cleaning procedure. To do this, download the following file to your desktop.

rkill.com Download Link

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with the rogue program(s). Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program(s) when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogoue(s). So, please try running Rkill until the malware is no longer running.

If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


:step2: Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.


Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 January 2012 - 09:34 AM

Thank you, I will go to my parent's house and run the programs above tonight. I will post the results.

#6 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 19 January 2012 - 07:19 PM

Ok, the combo fix ran, after I changed the name. I have attached the log to this post. Please let me know what I need to do next.

Thanks,

Attached Files



#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:58 AM

Posted 20 January 2012 - 07:34 AM

Hi,

How is the PC running now? Has the fake AV gone and the pop ups stopped?

I notice that you've got two (legitimate) anti-virus programs installed. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Microsoft Security Essentials.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 20 January 2012 - 10:16 AM

The fake AV has stopped creating the pop up windows, but the program is still there. The computer seems to be running faster though.

I will go on and remove Security Essentials. I was running that program because the program hacked McAfee. So, I turned to Security Essentials before I contacted the forum. Security Essentials didn't do anything to eliminate the virus.

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:58 AM

Posted 21 January 2012 - 04:10 AM

Hi,

When you say:

the program is still there


What do you mean? Do you mean there is still a shortcut to open the program? Or that the program is still actually loading?

We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 22 January 2012 - 05:16 PM

The program is still showing up on the quick launch bar, desktop, and program list. It doesn't appear to be active though.

Below are the OTL logs.

OTL:

OTL logfile created on: 1/22/2012 5:00:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed & Cathy Wallace\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.23% Memory free
4.21 Gb Paging File | 3.29 Gb Available in Paging File | 78.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 158.35 Gb Free Space | 71.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

Computer Name: WALLACE-PC | User Name: Ed & Cathy Wallace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 16:53:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ed & Cathy Wallace\Desktop\OTL.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/21 10:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/07 16:06:54 | 000,380,928 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/05/07 15:50:24 | 001,089,536 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 01:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/30 14:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/06/05 09:28:57 | 000,988,256 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
PRC - [2007/06/05 09:28:57 | 000,581,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\EmbarqVALite\Update Check Application\EMBARQHelp.exe
PRC - [2007/05/11 08:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/01 14:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe
PRC - [2005/11/28 16:42:42 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/11/28 16:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/28 16:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/11/28 16:25:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/22 08:52:06 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 02:35:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/14 02:33:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/14 02:33:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:33:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/14 02:32:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:32:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/05/07 16:24:14 | 000,094,208 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterDeviceHook.dll
MOD - [2009/05/07 16:06:54 | 000,380,928 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
MOD - [2009/03/03 11:25:20 | 002,121,728 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/02/25 21:38:14 | 007,737,344 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2008/12/29 20:25:42 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2008/12/29 20:25:42 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2008/12/29 20:25:42 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2008/12/29 20:25:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2008/12/29 20:25:42 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2008/12/29 20:25:42 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2008/12/29 20:25:42 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2008/12/29 20:25:42 | 000,236,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2008/12/29 20:25:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2008/12/29 20:25:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2008/12/29 20:25:41 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2008/12/29 20:25:41 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2008/12/29 20:25:41 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2008/12/29 20:25:41 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2008/12/29 20:25:41 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2008/12/29 20:25:41 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2008/12/29 20:25:41 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2008/12/29 20:25:41 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2008/12/29 20:25:41 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2008/12/29 20:25:41 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2008/12/29 20:25:41 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2008/12/29 20:25:41 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2008/12/29 20:25:40 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2008/12/29 20:25:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2008/12/29 20:25:40 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2008/12/29 20:25:40 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2008/12/29 20:25:40 | 000,096,768 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2008/12/29 20:25:40 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2008/12/29 20:25:39 | 001,240,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2008/12/29 20:25:39 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2008/12/29 20:25:39 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2008/12/29 20:25:39 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2008/12/29 20:25:39 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2008/12/29 20:25:39 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2008/07/24 14:36:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2005/11/28 16:42:42 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
MOD - [2005/11/28 16:28:44 | 000,491,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\LayoutDll.dll
MOD - [2005/11/28 16:23:42 | 004,448,256 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\ROXIPP4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 15:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/07 15:50:24 | 001,089,536 | ---- | M] () [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/09/14 08:28:22 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/01 14:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
SRV - [2005/11/28 16:38:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/28 16:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/28 16:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.myembarq.com/index.php"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 03:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 18:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 18:13:33 | 000,000,000 | ---D | M]

[2011/12/28 18:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\mozilla\Firefox\Profiles\eb245lp5.default\extensions
[2011/12/28 18:03:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\mozilla\Firefox\Profiles\eb245lp5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/14 21:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 10:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/18 19:17:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/05 19:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/14 21:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/05/30 10:18:30 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/17 16:59:30 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/17 16:59:31 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/17 16:59:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/12/17 16:59:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/17 16:59:35 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/19 19:07:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (GoodShopToolbar) - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll (Add-in Express Ltd)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120122083135.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (GoodSearchBar) - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll (Add-in Express Ltd)
O3 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EmbarqVALite_McciTrayApp] C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6B7AF91-B6C3-4B23-8D32-F99033812389}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Ed & Cathy Wallace\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ed & Cathy Wallace\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 17:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/22 16:54:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/22 16:52:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ed & Cathy Wallace\Desktop\OTL.exe
[2012/01/21 06:48:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/21 06:48:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/21 06:48:45 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/21 06:47:39 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/21 06:47:38 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/19 19:16:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 18:38:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 18:38:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 18:38:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 18:37:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 18:17:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 18:03:43 | 004,388,139 | R--- | C] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\Caseyboy.exe
[2012/01/09 17:46:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\dds.scr
[2012/01/08 15:30:34 | 000,000,000 | ---D | C] -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/30 18:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/30 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/30 18:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 18:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/30 18:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/04 19:22:02 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\DataSafeDotNet.exe
[2007/03/01 14:52:06 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2007/03/01 14:52:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2007/03/01 14:52:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2007/02/02 05:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 04:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 16:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 16:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 16:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 15:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 15:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 15:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 15:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 15:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 15:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 15:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 15:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll

========== Files - Modified Within 30 Days ==========

[2012/01/22 16:58:33 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 16:58:28 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 16:58:28 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 16:58:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 16:55:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/22 16:54:40 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 16:54:40 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 16:53:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ed & Cathy Wallace\Desktop\OTL.exe
[2012/01/22 16:38:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 19:07:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/19 18:04:31 | 004,388,139 | R--- | M] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\Caseyboy.exe
[2012/01/09 18:06:36 | 000,005,892 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\d3d9caps.dat
[2012/01/09 18:05:25 | 000,302,592 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\gmer.exe
[2012/01/09 18:04:42 | 000,294,195 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\gmer.zip
[2012/01/09 17:52:16 | 000,000,631 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/09 17:50:49 | 000,307,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/09 17:46:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\dds.scr
[2012/01/09 17:36:11 | 000,000,000 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\defogger_reenable
[2012/01/09 17:35:23 | 000,069,120 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 09:50:08 | 000,050,477 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\Defogger.exe
[2012/01/08 19:01:00 | 000,017,696 | -HS- | M] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
[2012/01/08 19:00:59 | 000,017,696 | -HS- | M] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\445q26y51mrgmx4e4gkp5d
[2012/01/08 15:30:35 | 000,000,607 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\System Check.lnk
[2011/12/30 21:24:13 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/12/30 18:00:43 | 000,001,854 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/28 18:12:45 | 000,000,274 | ---- | M] () -- C:\Windows\dellstat.ini

========== Files Created - No Company Name ==========

[2012/01/19 18:38:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 18:38:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 18:38:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 18:38:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 18:38:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/09 18:04:42 | 000,294,195 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Desktop\gmer.zip
[2012/01/09 17:52:16 | 000,000,631 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/09 17:36:11 | 000,000,000 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\defogger_reenable
[2012/01/09 17:35:52 | 000,050,477 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Desktop\Defogger.exe
[2012/01/08 19:00:48 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/08 15:30:35 | 000,000,607 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Desktop\System Check.lnk
[2012/01/08 13:44:37 | 000,017,696 | -HS- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\445q26y51mrgmx4e4gkp5d
[2012/01/08 13:44:37 | 000,017,696 | -HS- | C] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
[2010/03/04 19:56:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\ktdll.dll
[2009/09/18 05:25:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 05:25:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 10:19:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/10 20:08:05 | 000,000,110 | ---- | C] () -- C:\Windows\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini
[2009/04/30 20:17:53 | 000,000,022 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\kodakpcd.ini
[2008/12/31 12:38:36 | 000,008,248 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\en.ini
[2008/10/14 04:29:59 | 000,005,892 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\d3d9caps.dat
[2008/09/20 17:20:56 | 000,000,274 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/09/19 18:25:12 | 000,069,120 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 02:08:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/14 11:59:44 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/09/14 11:59:44 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/09/14 11:59:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/09/14 11:59:44 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/02 05:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 04:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,307,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/12/01 15:05:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2005/11/10 14:30:04 | 003,596,288 | R--- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/11/10 14:30:04 | 000,831,488 | R--- | C] () -- C:\Windows\System32\libeay32.dll
[2005/11/10 14:30:04 | 000,159,744 | R--- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/11/10 14:30:02 | 000,524,288 | R--- | C] () -- C:\Windows\System32\divxsm.exe
[2005/11/10 14:30:02 | 000,110,592 | R--- | C] () -- C:\Windows\System32\dtu100.dll
[2005/10/05 12:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\wsdl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Visual Studio 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\STEWARDSHIP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\SampleSoluWeek5[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Programming 170:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\My Print Creations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\My Data Sources:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Labels for picture:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Film And Lit Class:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\eclipse-SDK-3.5.2-win32:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Computer 100:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Christmas pic 08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\cache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Advanced Comp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Add-in Express:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Desktop\week3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Desktop\my program:Roxio EMC Stream
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA029835

< End of report >


Extras:

OTL Extras logfile created on: 1/22/2012 5:00:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed & Cathy Wallace\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.23% Memory free
4.21 Gb Paging File | 3.29 Gb Available in Paging File | 78.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 158.35 Gb Free Space | 71.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

Computer Name: WALLACE-PC | User Name: Ed & Cathy Wallace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18E12489-FC40-4894-9B46-439D68969E65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{293C1624-55A5-4305-A72A-BE911ACE3AF1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{357C6392-7012-4B8D-AC9B-4BD9836D7E7C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4192B9FC-7F22-4D99-B1F1-5C531FABB1E2}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{55F3D69A-792A-4665-BF64-4A5A07472FCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A34D138-FE4C-4BF4-81FB-DC2A00CB12D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F97DC18-F250-44FD-A38A-8BC1B331A246}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8B4FBDA0-4551-41CA-AB54-5B95A3C2CF7E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{90300CBA-50CC-4109-A9A7-0127DF80C379}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{95CB03AF-75E4-42FB-AAC9-CC3D25A08038}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{96C8884D-3C0B-4143-A417-016E90B87201}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{98B30603-03B4-460E-BBFE-7B9D046EB086}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{B11D5E02-CB97-4FB2-ABE9-508095CBC8E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5564568-2C61-4430-AC23-82F193D188E3}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{BE662843-CFB1-4F7B-A622-B2D8C19F1EA7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EDB71B80-0C10-4377-B8F3-6641EEF2E31F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0E2B8E14-F138-4FC6-8C8E-9DAF371DFADF}" = LeapFrog Leapster2 Plugin
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{329B7564-7E13-4A70-BC2B-F9870C82AAB6}" = Roxio Content 8
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java™ SE Development Kit 6 Update 20
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{47FB62DF-832D-485F-95FC-C93BB08B8FE3}" = LeapFrog Connect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60A2152E-6B69-49AC-88DA-A166BB15344A}" = Roxio PhotoSuite and VideoWave Premier Suite 8
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA125ED-3657-4DA2-95FD-DD6BAADD3F1C}" = Network Recording Player
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4552E24-D5B5-4DE6-83B8-DC574B9DCEB9}" = GoodSearch Toolbar
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"eLab Client_is1" = eLab Client version 1.2.1.20
"EMBARQHelp" = Uninstall EMBARQHelp
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSC" = McAfee SecurityCenter
"myMovo" = myMovo
"MyScribe" = MyScribe
"National Mortgage Lending CompuCram" = National Mortgage Lending CompuCram
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"UPCShell" = LeapFrog Connect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Adobe Digital Editions" = Adobe Digital Editions

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 7:32:35 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:21 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:21 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:21 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:21 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:25 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:25 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:25 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 7:56:25 PM | Computer Name = Wallace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2012 11:18:38 PM | Computer Name = Wallace-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 6/19/2009 8:52:31 PM | Computer Name = Wallace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91615
seconds with 2880 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/19/2012 11:28:41 PM | Computer Name = Wallace-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 1/19/2012 11:28:41 PM | Computer Name = Wallace-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 1/20/2012 8:56:05 AM | Computer Name = Wallace-PC | Source = DCOM | ID = 10010
Description =

Error - 1/20/2012 8:56:24 AM | Computer Name = Wallace-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 1/21/2012 8:30:28 AM | Computer Name = Wallace-PC | Source = DCOM | ID = 10010
Description =

Error - 1/21/2012 8:32:25 AM | Computer Name = Wallace-PC | Source = DCOM | ID = 10010
Description =

Error - 1/21/2012 8:33:28 AM | Computer Name = Wallace-PC | Source = DCOM | ID = 10010
Description =

Error - 1/22/2012 9:43:06 AM | Computer Name = Wallace-PC | Source = DCOM | ID = 10010
Description =

Error - 1/22/2012 9:43:18 AM | Computer Name = Wallace-PC | Source = DCOM | ID = 10010
Description =

Error - 1/22/2012 5:58:24 PM | Computer Name = Wallace-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:56:31 PM on 1/22/2012 was unexpected.


< End of report >

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:58 AM

Posted 23 January 2012 - 07:29 AM

Hi,

Just to double check: what is the name of the fake AV? Is it System Check?

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No CLSID value found.
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    [2012/01/09 17:52:16 | 000,000,631 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/08 15:30:35 | 000,000,607 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Desktop\System Check.lnk
    [2012/01/08 13:44:37 | 000,017,696 | -HS- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\445q26y51mrgmx4e4gkp5d
    [2012/01/08 13:44:37 | 000,017,696 | -HS- | C] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA029835
    
    :commands
    [REBOOT]
    [CREATERESTOREPOINT]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 23 January 2012 - 05:44 PM

Yes, the virus is System Check. I am still showing it in the start menu, program list, but the fix took the program off the desktop and the quick launch bar. A report did not pop us from OTL after the fix, so I ran another OTL report. I am pasting it below:

OTL:

OTL logfile created on: 1/23/2012 5:33:09 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ed & Cathy Wallace\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.04% Memory free
4.21 Gb Paging File | 3.08 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 156.35 Gb Free Space | 70.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

Computer Name: WALLACE-PC | User Name: Ed & Cathy Wallace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 16:53:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ed & Cathy Wallace\Desktop\OTL.exe
PRC - [2012/01/19 18:39:40 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/12/02 08:02:35 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/21 10:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/07 16:06:54 | 000,380,928 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/05/07 15:50:24 | 001,089,536 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/30 14:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/06/05 09:28:57 | 000,988,256 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
PRC - [2007/05/11 08:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/01 14:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe
PRC - [2005/11/28 16:42:42 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/11/28 16:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/28 16:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/11/28 16:25:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/22 08:52:06 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 02:35:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/14 02:35:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/14 02:33:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/14 02:33:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:33:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/14 02:32:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:32:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/14 02:12:25 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\06ac8d640d2dfa7d4bb23c03584304ef\Accessibility.ni.dll
MOD - [2011/10/14 02:05:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011/10/14 02:05:36 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011/10/14 02:05:28 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:05:17 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011/10/14 02:05:14 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/14 02:05:06 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2009/05/07 16:24:14 | 000,094,208 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterDeviceHook.dll
MOD - [2009/05/07 16:06:54 | 000,380,928 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
MOD - [2009/03/03 11:25:20 | 002,121,728 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/02/25 21:38:14 | 007,737,344 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2008/12/29 20:25:42 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2008/12/29 20:25:42 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2008/12/29 20:25:42 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2008/12/29 20:25:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2008/12/29 20:25:42 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2008/12/29 20:25:42 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2008/12/29 20:25:42 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2008/12/29 20:25:42 | 000,236,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2008/12/29 20:25:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2008/12/29 20:25:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2008/12/29 20:25:41 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2008/12/29 20:25:41 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2008/12/29 20:25:41 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2008/12/29 20:25:41 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2008/12/29 20:25:41 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2008/12/29 20:25:41 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2008/12/29 20:25:41 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2008/12/29 20:25:41 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2008/12/29 20:25:41 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2008/12/29 20:25:41 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2008/12/29 20:25:41 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2008/12/29 20:25:41 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2008/12/29 20:25:40 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2008/12/29 20:25:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2008/12/29 20:25:40 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2008/12/29 20:25:40 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2008/12/29 20:25:40 | 000,096,768 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2008/12/29 20:25:40 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2008/12/29 20:25:39 | 001,240,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2008/12/29 20:25:39 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2008/12/29 20:25:39 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2008/12/29 20:25:39 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2008/12/29 20:25:39 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2008/12/29 20:25:39 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2008/07/24 14:36:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2005/11/28 16:42:42 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
MOD - [2005/11/28 16:28:44 | 000,491,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\LayoutDll.dll
MOD - [2005/11/28 16:23:42 | 004,448,256 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\DLLShared\ROXIPP4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 15:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/07 15:50:24 | 001,089,536 | ---- | M] () [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/09/14 08:28:22 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/01 14:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
SRV - [2005/11/28 16:38:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/28 16:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/28 16:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.myembarq.com/index.php"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 03:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 18:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 18:13:33 | 000,000,000 | ---D | M]

[2011/12/28 18:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\mozilla\Firefox\Profiles\eb245lp5.default\extensions
[2011/12/28 18:03:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\mozilla\Firefox\Profiles\eb245lp5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/14 21:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 10:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/18 19:17:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/05 19:24:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/14 21:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/05/30 10:18:30 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/17 16:59:30 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/17 16:59:31 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/17 16:59:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/12/17 16:59:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/17 16:59:35 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/19 19:07:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (GoodShopToolbar) - {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll (Add-in Express Ltd)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120123083927.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (GoodSearchBar) - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - C:\Program Files\GoodSearch.com\GoodSearch Toolbar\adxloader.dll (Add-in Express Ltd)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EmbarqVALite_McciTrayApp] C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-625853190-3057452632-1566952406-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6B7AF91-B6C3-4B23-8D32-F99033812389}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Ed & Cathy Wallace\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ed & Cathy Wallace\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 17:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/23 17:29:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/22 16:54:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/22 16:52:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ed & Cathy Wallace\Desktop\OTL.exe
[2012/01/21 06:48:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/21 06:48:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/21 06:48:45 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/21 06:47:39 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/21 06:47:38 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/19 19:16:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 18:38:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 18:38:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 18:38:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 18:37:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 18:17:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 18:03:43 | 004,388,139 | R--- | C] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\Caseyboy.exe
[2012/01/09 17:46:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\dds.scr
[2012/01/08 15:30:34 | 000,000,000 | ---D | C] -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/30 18:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/30 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/30 18:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 18:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/30 18:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/12/04 19:22:02 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Ed & Cathy Wallace\AppData\Roaming\DataSafeDotNet.exe
[2007/03/01 14:52:06 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2007/03/01 14:52:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2007/03/01 14:52:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2007/02/02 05:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 04:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 16:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 16:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 16:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 15:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 15:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 15:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 15:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 15:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 15:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 15:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 15:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll

========== Files - Modified Within 30 Days ==========

[2012/01/23 17:38:03 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 17:30:59 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 17:30:51 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 17:30:51 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 17:30:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 17:31:10 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 17:31:10 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 16:55:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/22 16:53:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ed & Cathy Wallace\Desktop\OTL.exe
[2012/01/19 19:07:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/19 18:04:31 | 004,388,139 | R--- | M] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\Caseyboy.exe
[2012/01/09 18:06:36 | 000,005,892 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\d3d9caps.dat
[2012/01/09 18:05:25 | 000,302,592 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\gmer.exe
[2012/01/09 18:04:42 | 000,294,195 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\gmer.zip
[2012/01/09 17:50:49 | 000,307,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/09 17:46:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ed & Cathy Wallace\Desktop\dds.scr
[2012/01/09 17:36:11 | 000,000,000 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\defogger_reenable
[2012/01/09 17:35:23 | 000,069,120 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 09:50:08 | 000,050,477 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Desktop\Defogger.exe
[2011/12/30 21:24:13 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/12/30 18:00:43 | 000,001,854 | ---- | M] () -- C:\Users\Ed & Cathy Wallace\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/28 18:12:45 | 000,000,274 | ---- | M] () -- C:\Windows\dellstat.ini

========== Files Created - No Company Name ==========

[2012/01/19 18:38:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 18:38:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 18:38:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 18:38:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 18:38:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/09 18:04:42 | 000,294,195 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Desktop\gmer.zip
[2012/01/09 17:36:11 | 000,000,000 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\defogger_reenable
[2012/01/09 17:35:52 | 000,050,477 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\Desktop\Defogger.exe
[2012/01/08 19:00:48 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/03/04 19:56:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\ktdll.dll
[2009/09/18 05:25:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 05:25:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 10:19:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/10 20:08:05 | 000,000,110 | ---- | C] () -- C:\Windows\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini
[2009/04/30 20:17:53 | 000,000,022 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\kodakpcd.ini
[2008/12/31 12:38:36 | 000,008,248 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\en.ini
[2008/10/14 04:29:59 | 000,005,892 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\d3d9caps.dat
[2008/09/20 17:20:56 | 000,000,274 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/09/19 18:25:12 | 000,069,120 | ---- | C] () -- C:\Users\Ed & Cathy Wallace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 02:08:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/14 11:59:44 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/09/14 11:59:44 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/09/14 11:59:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/09/14 11:59:44 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/02 05:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 04:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,307,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/12/01 15:05:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2005/11/10 14:30:04 | 003,596,288 | R--- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/11/10 14:30:04 | 000,831,488 | R--- | C] () -- C:\Windows\System32\libeay32.dll
[2005/11/10 14:30:04 | 000,159,744 | R--- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/11/10 14:30:02 | 000,524,288 | R--- | C] () -- C:\Windows\System32\divxsm.exe
[2005/11/10 14:30:02 | 000,110,592 | R--- | C] () -- C:\Windows\System32\dtu100.dll
[2005/10/05 12:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\wsdl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Visual Studio 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\STEWARDSHIP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\SampleSoluWeek5[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Programming 170:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\My Print Creations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\My Data Sources:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Labels for picture:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Film And Lit Class:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\eclipse-SDK-3.5.2-win32:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Computer 100:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Christmas pic 08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\cache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Advanced Comp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Documents\Add-in Express:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Desktop\week3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ed & Cathy Wallace\Desktop\my program:Roxio EMC Stream

< End of report >

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:58 AM

Posted 24 January 2012 - 01:09 PM

OK, that looks good.

You should be able to delete the start menu icon by right clicking on it and selecting "remove from this list". You can delete the folder by right clicking on it and clicking "delete".

:step1: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 new_mm

new_mm
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 January 2012 - 10:49 PM

Ok, I deleted the start menu item. Below are the logs.

Malware Bytes:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ed & Cathy Wallace :: WALLACE-PC [administrator]

1/24/2012 5:30:03 PM
mbam-log-2012-01-24 (17-30-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204703
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET:

C:\Users\Ed & Cathy Wallace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\f6b4aa7-241f04bf multiple threats deleted - quarantined

#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:58 AM

Posted 25 January 2012 - 06:19 AM

OK :) great.

How is the PC running now?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users