Broadband Tech > Security > Security Cleanup > [Virus] Need help please with clearing XP Security 2012

[Virus] Need help please with clearing XP Security 2012

OTL
OTL logfile created on: 1/10/2012 11:52:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Me.TIFFANY\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 419.68 Mb Available Physical Memory | 41.37% Memory free
2.38 Gb Paging File | 1.91 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.72 Gb Total Space | 15.21 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
Drive D: | 17.08 Gb Total Space | 16.85 Gb Free Space | 98.66% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TIFFANY | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/01/10 11:51:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me.TIFFANY\My Documents\Downloads\OTL (1).exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Me.TIFFANY\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/30 02:06:18 | 001,945,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
PRC - [2007/11/02 05:48:46 | 004,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
PRC - [2007/11/02 05:48:40 | 003,990,792 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Marker.exe
PRC - [2007/11/02 05:48:34 | 002,090,248 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\Aware.exe
PRC - [2007/11/02 05:48:32 | 001,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
PRC - [2007/10/15 07:38:10 | 000,376,832 | ---- | M] () -- C:\Program Files\ISM\ISMModule7.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/07/13 12:09:10 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005/11/11 16:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 15:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 15:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 18:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/26 09:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 17:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/10 12:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/12/13 15:30:00 | 000,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/11 01:22:40 | 000,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/30 02:11:36 | 000,125,888 | ---- | M] () -- C:\Program Files\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll
MOD - [2010/09/30 02:07:02 | 008,560,576 | ---- | M] () -- C:\Program Files\Adobe\Elements 9 Organizer\QtGui4.dll
MOD - [2010/09/30 02:07:00 | 002,386,368 | ---- | M] () -- C:\Program Files\Adobe\Elements 9 Organizer\QtCore4.dll
MOD - [2007/11/01 23:58:12 | 000,257,536 | ---- | M] () -- C:\WINDOWS\system32\BiImg.dll
MOD - [2007/10/15 07:38:10 | 000,376,832 | ---- | M] () -- C:\Program Files\ISM\ISMModule7.exe
MOD - [2006/07/13 12:09:10 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/07/13 12:09:10 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/04/06 14:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/28 12:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 12:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 12:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/16 10:05:08 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2004/08/11 01:23:16 | 000,229,376 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx
MOD - [2004/08/11 01:15:28 | 000,491,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll
MOD - [2004/08/11 01:12:18 | 000,056,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2004/08/11 01:10:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2004/08/11 01:09:48 | 000,120,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2004/08/11 01:08:58 | 001,019,904 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll
MOD - [2004/08/11 01:08:02 | 000,282,624 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2004/08/11 01:02:16 | 000,253,952 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2004/07/23 07:24:28 | 000,397,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx
MOD - [2004/07/23 07:21:18 | 000,618,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx
MOD - [2004/07/23 07:16:44 | 000,352,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
MOD - [2004/07/23 07:04:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2004/07/23 07:00:16 | 000,012,800 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll
MOD - [2004/07/23 07:00:00 | 000,013,824 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodosCamBack.dll
MOD - [2004/07/23 06:20:56 | 000,013,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistacameraUploadSysx.dll
MOD - [2004/04/11 19:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll
MOD - [2003/09/16 10:32:06 | 000,110,592 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
MOD - [2003/09/16 10:30:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
MOD - [2003/09/16 10:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll
MOD - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2007/11/02 05:48:58 | 000,767,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server)
SRV - [2007/11/02 05:48:32 | 001,283,336 | ---- | M] (SMART Technologies Inc.) [Auto | Running] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/07/13 12:02:40 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2005/12/07 16:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/11/11 15:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [On_Demand | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 18:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/12 18:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/07/01 19:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/13 15:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/13 12:02:40 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/13 11:58:05 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/07 16:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 16:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/12/04 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/11 15:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/10 11:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »us.rd.yahoo.com/customize/ie/def···rch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = »us.rd.yahoo.com/customize/ie/def···rch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Me.TIFFANY\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Me.TIFFANY\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Me.TIFFANY\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/08 15:54:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/08 15:54:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Me.TIFFANY\Application Data\Move Networks [2010/01/11 18:58:54 | 000,000,000 | ---D | M]

[2009/02/15 01:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me.TIFFANY\Application Data\Mozilla\Extensions
[2009/02/15 01:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me.TIFFANY\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/12/08 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me.TIFFANY\Application Data\Mozilla\Firefox\Profiles\9eh9493z.default\extensions
[2011/09/05 22:52:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me.TIFFANY\Application Data\Mozilla\Firefox\Profiles\9eh9493z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/08 15:57:22 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\Me.TIFFANY\Application Data\Mozilla\Firefox\Profiles\9eh9493z.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/12/08 15:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/26 09:43:33 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/02/26 09:43:34 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/12/22 08:51:39 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/12/22 08:51:06 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2008/12/28 12:47:41 | 000,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/31 01:20:39 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Me.TIFFANY\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Me.TIFFANY\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Glow = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0\
CHR - Extension: Poppit = C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFEXE] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start File not found
O4 - HKCU..\Run: [ISMModule7] C:\Program Files\ISM\ISMModule7.exe ()
O4 - HKCU..\Run: [ISMModule8] C:\Program Files\ISM\ISMModule8.exe ()
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe (SMART Technologies Inc.)
O4 - Startup: C:\Documents and Settings\Me.TIFFANY\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Me.TIFFANY\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - »wwws.musicmatch.com/mmz/openWebRadio.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload.macromedia.com/pub/sh···lash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A615BFE7-4F58-479F-B94D-B84DA6A3C470}: DhcpNameServer = 192.168.200.1 192.168.200.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Campus Pub\Campus Pub 010.jpg
O24 - Desktop Components:1 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\PICS2\PICS2 384.jpg
O24 - Desktop Components:10 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Kaylyn Bday\Kaylyn Bday 042.jpg
O24 - Desktop Components:11 (My Current Home Page) - About:Home
O24 - Desktop Components:2 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\PICS2\PICS2 560.jpg
O24 - Desktop Components:3 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\PICS2\PICS2 710.jpg
O24 - Desktop Components:4 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Campus Pub\Campus Pub 029.jpg
O24 - Desktop Components:5 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\PICS2\PICS2 995.jpg
O24 - Desktop Components:6 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Campus Pub\Campus Pub 013.jpg
O24 - Desktop Components:7 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Birthday 23\Birthday 23 101.jpg
O24 - Desktop Components:8 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Ann's Birthday!\Ann's Birthday! 039.jpg
O24 - Desktop Components:9 () - C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures\Campus Pub\Campus Pub 032.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02f12d95-4fb7-11db-8e61-00038a000015}\Shell\Auto\command - "" = F:\AdobeR.exe e
O33 - MountPoints2\{02f12d95-4fb7-11db-8e61-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02f12d95-4fb7-11db-8e61-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{0c683541-0f9c-11df-8fbe-0015c51cc63b}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{0c683541-0f9c-11df-8fbe-0015c51cc63b}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{18325178-f80e-11de-8fb6-0015c51cc63b}\Shell\AutoRun\command - "" = DmailerSync_v9_0_15109.exe
O33 - MountPoints2\{2094767c-307a-11de-8f89-0015c51cc63b}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O33 - MountPoints2\{22589dd9-8de5-11e0-9009-0015c51cc63b}\Shell - "" = AutoRun
O33 - MountPoints2\{22589dd9-8de5-11e0-9009-0015c51cc63b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{22589dd9-8de5-11e0-9009-0015c51cc63b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{56770cce-3487-11df-8fc9-0015c51cc63b}\Shell - "" = AutoRun
O33 - MountPoints2\{56770cce-3487-11df-8fc9-0015c51cc63b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{56770cce-3487-11df-8fc9-0015c51cc63b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{56770cec-3487-11df-8fc9-0015c51cc63b}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{56770cec-3487-11df-8fc9-0015c51cc63b}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/01/10 01:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 01:25:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/07 01:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Malwarebytes
[2012/01/07 01:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/07 01:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/07 01:16:01 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Me.TIFFANY\My Documents\mbam-setup.exe
[2012/01/07 00:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me.TIFFANY\My Documents\Downloads
[2012/01/07 00:53:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me.TIFFANY\My Documents\My Music
[2012/01/06 23:48:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me.TIFFANY\My Documents\My Pictures
[2012/01/05 22:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\eventnetTrust
[2011/06/21 18:02:23 | 013,683,064 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 5.0.exe
[2009/02/27 21:47:35 | 000,273,040 | ---- | C] (NCH Software) -- C:\Program Files\prismsetup.exe
[2008/12/31 05:14:36 | 022,329,537 | ---- | C] (Macrovision Corporation) -- C:\Program Files\FullTiltSetup.exe
[2006/09/24 11:08:33 | 059,163,944 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2006/08/21 10:28:02 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[2006/07/22 13:16:32 | 010,317,168 | ---- | C] (Skype Technologies S.A. ) -- C:\Program Files\SkypeSetup.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/01/10 11:48:17 | 000,184,384 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2012/01/10 11:46:59 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/10 11:19:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2652283084-2915224578-1122158702-1006UA.job
[2012/01/10 11:14:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 07:58:11 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 07:58:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 06:19:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2652283084-2915224578-1122158702-1006Core.job
[2012/01/10 02:00:06 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TIFFANY-Me.job
[2012/01/10 01:25:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 00:24:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 00:16:52 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Me.TIFFANY\Desktop\TUNES.lnk
[2012/01/09 09:12:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/09 08:54:48 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Desktop\Skype.lnk
[2012/01/07 00:51:22 | 000,012,370 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s47gd5u48p
[2012/01/07 00:51:21 | 000,012,370 | -HS- | M] () -- C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\s47gd5u48p
[2012/01/06 23:15:00 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Me.TIFFANY\My Documents\mbam-setup.exe
[2012/01/06 22:45:02 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Me.TIFFANY\My Documents\FixNCR.reg
[2012/01/06 21:25:03 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Me.TIFFANY\Desktop\Google Chrome.lnk
[2012/01/06 21:25:03 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Me.TIFFANY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 18:30:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (TIFFANY-Me).job
[2011/12/20 15:53:56 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/20 15:53:50 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\DA425DD452.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/01/10 01:25:02 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 00:55:12 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Me.TIFFANY\My Documents\FixNCR.reg
[2012/01/07 00:50:44 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/06 21:43:01 | 000,012,370 | -HS- | C] () -- C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\s47gd5u48p
[2012/01/06 21:43:01 | 000,012,370 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s47gd5u48p
[2011/08/18 14:11:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/20 15:00:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/18 14:09:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/08 00:36:07 | 000,050,516 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/02 21:38:10 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Me.TIFFANY\Application Data\usb.inf
[2009/12/29 21:35:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/29 21:35:56 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/12/29 21:35:56 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 21:35:56 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/12/29 21:35:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/29 21:35:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/12/29 21:35:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/12/29 21:35:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/29 21:35:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/12/29 21:35:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/12/29 21:35:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/12/29 21:35:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/12/29 21:35:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/29 21:35:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/12/29 21:35:56 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/12/29 21:35:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/12/29 21:35:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/12/29 21:35:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/12/29 21:35:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/28 00:01:37 | 002,400,489 | ---- | C] () -- C:\Program Files\wma-mp3-converter.exe
[2008/12/27 17:52:36 | 009,165,168 | ---- | C] () -- C:\Program Files\trillian-v3.1.12.0.exe
[2008/08/04 17:38:46 | 000,141,237 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2008/08/04 17:38:46 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/06/02 01:48:10 | 000,001,157 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/17 19:07:53 | 000,003,436 | ---- | C] () -- C:\Documents and Settings\Me.TIFFANY\Application Data\evpro32.prf
[2008/03/30 17:55:27 | 000,000,462 | ---- | C] () -- C:\Program Files\chandel.mid
[2008/02/27 09:58:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/02 22:45:15 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/01/27 11:19:31 | 000,005,120 | ---- | C] () -- C:\WINDOWS\rictions.dll
[2007/11/01 23:58:12 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2007/11/01 23:58:12 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2007/11/01 23:58:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/11/01 23:58:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2007/11/01 23:58:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2007/11/01 23:58:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2007/11/01 23:58:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BiEAppNT.exe
[2007/11/01 23:58:10 | 000,000,073 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2007/08/07 19:33:57 | 000,002,936 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/30 21:30:48 | 000,000,499 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/04/30 11:10:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/06 18:09:49 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\52D45D42DA.sys
[2006/10/03 15:28:53 | 000,035,328 | ---- | C] () -- C:\Program Files\british council - Ashley.php
[2006/09/18 09:51:03 | 000,004,620 | ---- | C] () -- C:\Program Files\winmail.dat
[2006/08/19 09:47:24 | 009,000,041 | ---- | C] () -- C:\Program Files\trillian-v3[1].1.exe
[2006/07/30 21:28:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Me.TIFFANY\Application Data\PFP120JPR.{PB
[2006/07/30 21:28:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Me.TIFFANY\Application Data\PFP120JCM.{PB
[2006/07/27 12:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/22 13:43:19 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/22 13:43:19 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DA425DD452.sys
[2006/07/22 13:29:50 | 008,715,352 | ---- | C] () -- C:\Program Files\Install_AIM.exe
[2006/07/22 13:10:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/13 12:16:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 12:05:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/07/13 12:02:52 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/13 11:58:55 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/13 11:57:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/13 11:52:09 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/13 11:26:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/13 11:26:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/13 11:24:32 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/11 18:40:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2006/07/11 17:33:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/04/09 10:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,243,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,460,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,079,478 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/08/11 23:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999/08/11 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999/08/11 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2011/06/23 22:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/02/27 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/23 23:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/02/20 13:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2009/09/01 20:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/25 20:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/08 00:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/21 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Aim
[2011/06/24 00:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/10 09:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/11/03 11:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Decipher Media
[2012/01/10 11:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Dropbox
[2010/02/04 22:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Facebook
[2006/08/16 19:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Leadertech
[2011/06/21 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\LimeWire
[2009/02/27 21:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\NCH Swift Sound
[2011/06/24 00:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2007/05/14 04:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\PlayFirst
[2008/02/20 13:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\SMART Technologies Inc
[2008/06/02 01:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Snapfish
[2010/09/18 21:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/04/19 15:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\Viewpoint
[2009/12/22 08:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me.TIFFANY\Application Data\webex

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Me.TIFFANY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini: SummaryInformation

OTL EXTRAS
OTL Extras logfile created on: 1/10/2012 11:52:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Me.TIFFANY\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 419.68 Mb Available Physical Memory | 41.37% Memory free
2.38 Gb Paging File | 1.91 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.72 Gb Total Space | 15.21 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
Drive D: | 17.08 Gb Total Space | 16.85 Gb Free Space | 98.66% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TIFFANY | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\Me.TIFFANY\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Me.TIFFANY\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AAC0AF2-8F53-4B3C-A050-AEDC827EA1CC}" = SMART Product Update
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2348B97D-C991-438F-BC44-294C931E7B8B}" = SMART Essentials for Educators
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5057B5-1190-4369-9F96-7FAE7EF39541}" = Decipher TextMessage
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DivX Content Uploader" = DivX Content Uploader
"Google Desktop" = Google Desktop
"Google Video Uploader" = Google Video Uploader
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"ImTOO Video Editor" = ImTOO Video Editor
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Uninstall Utility" = McAfee Uninstaller
"McDougal Littell EasyPlanner" = McDougal Littell EasyPlanner
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Network Play System (Patching)" = Network Play System (Patching)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"PPTView97" = Microsoft PowerPoint Viewer 97
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"Skype_is1" = Skype 2.5
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 1/6/2012 11:44:31 AM | Computer Name = TIFFANY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37907250

Error - 1/6/2012 1:16:34 PM | Computer Name = TIFFANY | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.1.0.163, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2012 2:03:32 AM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 1/7/2012 2:03:33 AM | Computer Name = TIFFANY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 1/7/2012 3:08:05 AM | Computer Name = TIFFANY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.1.4341, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2012 11:36:17 PM | Computer Name = TIFFANY | Source = Application Error | ID = 1000
Description = Faulting application photoshopelementseditor.exe, version 9.0.0.0,
faulting module photoshopelementseditor.exe, version 9.0.0.0, fault address 0x00bfdf24.

Error - 1/8/2012 12:16:10 AM | Computer Name = TIFFANY | Source = Application Hang | ID = 1002
Description = Hanging application PhotoshopElementsOrganizer.exe, version 9.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/8/2012 12:21:48 PM | Computer Name = TIFFANY | Source = Application Error | ID = 1000
Description = Faulting application photoshopelementseditor.exe, version 9.0.0.0,
faulting module photoshopelementseditor.exe, version 9.0.0.0, fault address 0x005c3a75.

Error - 1/8/2012 6:09:15 PM | Computer Name = TIFFANY | Source = Application Hang | ID = 1002
Description = Hanging application iFrmewrk.exe, version 10.1.0.17, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2012 1:42:58 AM | Computer Name = TIFFANY | Source = Application Hang | ID = 1002
Description = Hanging application iFrmewrk.exe, version 10.1.0.17, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/15/2011 7:46:24 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 12/15/2011 7:46:24 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 12/15/2011 7:48:50 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 12/15/2011 7:48:50 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 12/15/2011 7:48:50 PM | Computer Name = TIFFANY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 12/15/2011 7:50:50 PM | Computer Name = TIFFANY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MskService
with arguments "" in order to run the server: {5109B8D8-73AF-4C41-A70E-73707E1F908A}

Error - 12/15/2011 7:50:50 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
service to connect.

Error - 12/15/2011 7:50:50 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7000
Description = The McAfee SpamKiller Server service failed to start due to the following
error: %%1053

Error - 12/18/2011 10:03:13 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Pml Driver HPZ12 service.

Error - 12/18/2011 10:03:13 PM | Computer Name = TIFFANY | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053

SECURITY CHECK
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
[color=red]Out of date service pack!![/color]
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
McAfee Uninstaller
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Norton Ghost 10.0
Java(TM) 6 Update 23
Java 2 Runtime Environment, SE v1.4.2_03
[color=red]Out of date Java installed![/color]
Adobe Flash Player ( 10.3.181.26) [color=red]Flash Player Out of Date![/color]
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
``````````End of Log````````````

ONLINE ANTIVIRUS SCAN
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=304b7497945e5b47b094770096228c88
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-10 07:04:23
# local_time=2012-01-10 02:04:23 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=107364
# found=14
# cleaned=14
# scan_time=4093
C:\info.exe a variant of Win32/Kryptik.BRC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ISM\bndloader.exe probably a variant of Win32/Agent.DYLNYLB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ISM\ism.exe probably a variant of Win32/Agent.BJOAFPJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ISM\ISMModule7.exe a variant of Win32/Adware.ISM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ISM\ISMModule8.exe a variant of Win32/Adware.ISM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\drifting sarah mclachlan.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\flambee montalbanaise.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\Jason Mraz - Conversation with Myself.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\Kings of Leon - My Third House.wma WMA/TrojanDownloader.Wimad.NAD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\MC SOLAAR - Baby love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\reve de lhippocampe.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\she begins to lie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LimeWire\Limewire Downloads\sir mix alot jump on it clean(Club MIX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\rictions.dll a variant of Win32/Kryptik.BRC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

reply to TdH
Currently your operating system is no longer supported by Microsoft.

Is there a particular reason your Windows XP is only updated to SP2 and not updated to the supported SP3?
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Hello... thanks for your reply.

I have no clue why it's not updated to SP3?

Should I look into this and download that service pack?

Thanks.

reply to TdH
Yes ,when you get to it, make sure to install all offered upgrades.. Microsoft stopped supporting Windows XP SP2 on July 10, 2010.

Unfortunately, the only advice I will give you is to reformat and start over. With only SP2 installed the only assumption I can make is that your computer is compromised.

See here for more info on compromised computers:
»Security Cleanup FAQ »Noteworthy Comments About Compromised Computers
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum