Could "System Check" removal attempt have ruined my PC?

bichons9 · Jan 24, 2012

I'm doing it now..Sorry i got a little down and took the night off thinking about restoring back to factory settings.

Broni · Jan 24, 2012

No worries

bichons9 · Jan 24, 2012

1/2 of one result

OTL logfile created on: 1/24/2012 2:25:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\fran\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.08% Memory free
6.21 Gb Paging File | 5.39 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 364.93 Gb Total Space | 29.35 Gb Free Space | 8.04% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 1.64 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive F: | 376.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRAN-PC | User Name: fran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 14:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010/08/10 12:57:42 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/08/10 12:57:42 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/07/01 12:39:18 | 000,071,224 | ---- | M] (ArcSoft, Inc.) -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application\VSSUACToken.exe
PRC - [2010/07/01 12:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/11/12 16:03:56 | 000,323,392 | -H-- | M] (BitTorrent, Inc.) -- C:\Users\fran\Program Files\DNA\btdna.exe
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/16 19:12:28 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/25 19:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/12 19:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/28 07:42:24 | 000,065,536 | -H-- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | -H-- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2005/04/18 12:38:59 | 000,046,680 | R--- | M] (America Online) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2002/04/17 11:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/10 12:57:42 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/07/01 12:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/06 14:15:59 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/12 19:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/03 12:32:28 | 000,208,896 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2005/04/18 12:38:59 | 000,046,680 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/13 14:48:44 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/24 16:03:10 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\Windows\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\fran\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/25 09:07:16 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\fran\Program Files\DNA [2012/01/24 14:08:23 | 000,000,000 | -H-D | M]

[2009/05/18 14:44:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Extensions
[2009/02/23 19:43:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/05/18 14:44:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/01/23 10:54:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\8orrx91a.default\extensions
[2008/01/19 20:45:56 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\8orrx91a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/01/19 20:45:56 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\8orrx91a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

========== Chrome ==========

Hosts file not found
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SBCONVERT Class) - {4AF9DF3E-17A4-428F-A39E-28ADA0A3A522} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\VistaCodecPack\QT\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIWWFDnoJEOaR.exe] C:\ProgramData\UIWWFDnoJEOaR.exe File not found
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [BitTorrent DNA] C:\Users\fran\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [hbcVhKDrqeOuR.exe] C:\ProgramData\hbcVhKDrqeOuR.exe File not found
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2DED2D-53DE-44A7-9B4B-8442CE66B60F}: NameServer = 68.87.68.162,68.87.74.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0DC0797-6583-4D36-B4C6-351CF9AB503E}: NameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\fran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\fran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/05 12:32:01 | 000,000,174 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell - "" = AutoRun
O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.tssoft32 - C:\Windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - C:\WINDOWS\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.GEOX - C:\WINDOWS\GeoCodec.dll (Geovision)
Drivers32: vidc.iv50 - C:\WINDOWS\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - C:\Windows\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.MJPG - C:\WINDOWS\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.mpg2 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg3 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

bichons9 · Jan 24, 2012

second half of one result =txt file

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 14:18:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
[2012/01/24 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSS
[2012/01/24 14:10:48 | 000,000,000 | ---D | C] -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application
[2012/01/24 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\fran\AppData\Roaming\HPSS
[2012/01/23 16:30:36 | 000,000,000 | --SD | C] -- C:\YourApp
[2012/01/22 11:56:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 11:56:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 11:56:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 11:55:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/22 11:47:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 11:46:25 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\fran\Desktop\Combofix.exe
[2012/01/20 16:51:53 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\fran\Desktop\MY APP.exe
[2012/01/20 16:18:00 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\fran\Desktop\boot_cleaner.exe
[2012/01/20 15:37:22 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\fran\Desktop\aswMBR.exe
[2012/01/18 16:33:41 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\fran\Desktop\explorer.exe.exe
[2012/01/18 14:52:15 | 000,000,000 | -H-D | C] -- C:\Users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/28 19:48:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/28 19:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/28 19:46:35 | 016,409,960 | -H-- | C] (Safer Networking Limited ) -- C:\Users\fran\Documents\spybotsd162.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\fran\*.tmp files -> C:\Users\fran\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 14:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
[2012/01/24 14:13:10 | 000,617,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/24 14:13:10 | 000,108,360 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/24 14:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F623431B-85FC-4B49-9266-D17D838F2373}.job
[2012/01/24 14:08:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 14:08:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 14:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 14:15:40 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\fran\Desktop\Combofix.exe
[2012/01/22 14:05:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/22 14:05:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/21 21:17:41 | 000,000,512 | ---- | M] () -- C:\Users\fran\Desktop\MBR.dat
[2012/01/20 16:52:00 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\fran\Desktop\MY APP.exe
[2012/01/20 16:17:21 | 000,044,607 | ---- | M] () -- C:\Users\fran\Desktop\bootkit_remover.zip
[2012/01/20 15:37:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\fran\Desktop\aswMBR.exe
[2012/01/20 15:14:35 | 253,952,373 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/19 17:21:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/19 17:19:51 | 000,000,631 | -H-- | M] () -- C:\Users\fran\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 16:26:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2r
[2012/01/19 16:15:47 | 000,448,768 | -H-- | M] () -- C:\ProgramData\123.exe
[2012/01/18 17:06:14 | 000,014,186 | -HS- | M] () -- C:\Users\fran\Documents\Folder.jpg
[2012/01/18 17:06:14 | 000,014,186 | -HS- | M] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Large.jpg
[2012/01/18 17:05:40 | 000,003,171 | -HS- | M] () -- C:\Users\fran\Documents\AlbumArtSmall.jpg
[2012/01/18 17:05:40 | 000,003,171 | -HS- | M] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Small.jpg
[2012/01/18 17:03:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 14:55:22 | 000,000,440 | -H-- | M] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/18 14:52:15 | 000,000,607 | -H-- | M] () -- C:\Users\fran\Desktop\System Check.lnk
[2012/01/16 19:37:38 | 000,008,754 | ---- | M] () -- C:\ProgramData\52423c85
[2012/01/16 16:04:43 | 000,062,459 | -H-- | M] () -- C:\Users\fran\Documents\The_Descendants_2011_REPACK_SCREENER_XviD_-_ZOMBiES.6959683.TPB.torrent
[2012/01/16 15:49:14 | 000,029,738 | -H-- | M] () -- C:\Users\fran\Documents\Moneyball_2011_BRRip_XviD-FTW.6892152.TPB.torrent
[2012/01/15 14:03:03 | 000,001,854 | -H-- | M] () -- C:\Users\fran\Desktop\PeerBlock.lnk
[2012/01/15 14:03:03 | 000,001,825 | -H-- | M] () -- C:\Users\fran\Desktop\BitTorrent.lnk
[2012/01/14 20:43:45 | 000,014,666 | -H-- | M] () -- C:\Users\fran\Documents\Person.of.Interest.S01E10.HDTV.XviD-ASAP [AGENT][1337x.org].torrent
[2012/01/13 17:58:32 | 000,007,476 | -H-- | M] () -- C:\Users\fran\Documents\The.Mentalist.S04E11.HDTV.XviD-ASAP.[VTV].avi.6951405.TPB.torrent
[2012/01/13 17:01:24 | 000,014,499 | -H-- | M] () -- C:\Users\fran\Documents\Person_of_Interest_S01E11_HDTV_XviD-ASAP_[eztv].6951579.TPB.torrent
[2012/01/12 14:19:44 | 000,014,593 | -H-- | M] () -- C:\Users\fran\Documents\Unforgettable_S01E12_HDTV_XviD-ASAP_[eztv][1337x.org].torrent
[2012/01/12 14:17:56 | 000,014,590 | -H-- | M] () -- C:\Users\fran\Documents\Unforgettable_S01E13_HDTV_XviD-2HD_[eztv][1337x.org].torrent
[2012/01/12 14:14:21 | 000,014,490 | -H-- | M] () -- C:\Users\fran\Documents\Harrys_Law_S02E11_HDTV_XviD-LOL_[eztv].6949132.TPB.torrent
[2012/01/12 14:11:44 | 000,014,479 | -H-- | M] () -- C:\Users\fran\Documents\Law.and.Order.SVU.S13E11.HDTV.XviD-LOL.[VTV].avi.6949230.TPB.torrent
[2012/01/09 17:13:27 | 017,364,199 | -H-- | M] () -- C:\Users\fran\Desktop\Excel 2010 For Dummies - (Maalestrom).pdf
[2012/01/09 17:12:20 | 000,006,337 | -H-- | M] () -- C:\Users\fran\Documents\Excel 2010 For Dummies - (Malestrom) [h33t].torrent
[2012/01/09 16:35:45 | 000,006,726 | -H-- | M] () -- C:\Users\fran\AppData\Roaming\wklnhst.dat
[2011/12/30 12:58:41 | 000,031,232 | -H-- | M] () -- C:\Users\fran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 19:47:43 | 016,409,960 | -H-- | M] (Safer Networking Limited ) -- C:\Users\fran\Documents\spybotsd162.exe
[2011/12/26 13:13:52 | 000,008,105 | -H-- | M] () -- C:\Users\fran\Documents\Sibling.Rivalry.1990.DVDRip.x264.6384000.TPB.torrent
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\fran\*.tmp files -> C:\Users\fran\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/22 11:56:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/22 11:56:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/22 11:56:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/22 11:56:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/22 11:56:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/20 16:17:20 | 000,044,607 | ---- | C] () -- C:\Users\fran\Desktop\bootkit_remover.zip
[2012/01/20 16:10:17 | 000,000,512 | ---- | C] () -- C:\Users\fran\Desktop\MBR.dat
[2012/01/19 17:19:53 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/19 17:19:51 | 000,000,631 | -H-- | C] () -- C:\Users\fran\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 17:19:46 | 000,000,448 | -H-- | C] () -- C:\ProgramData\k7vUREwXGlnIiC
[2012/01/19 16:24:23 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~q5Tf4nr63zhUx2r
[2012/01/19 16:24:14 | 000,000,456 | -H-- | C] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2012/01/19 16:15:47 | 000,448,768 | -H-- | C] () -- C:\ProgramData\123.exe
[2012/01/18 17:06:16 | 000,014,186 | -HS- | C] () -- C:\Users\fran\Documents\Folder.jpg
[2012/01/18 17:06:16 | 000,014,186 | -HS- | C] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Large.jpg
[2012/01/18 17:06:16 | 000,003,171 | -HS- | C] () -- C:\Users\fran\Documents\AlbumArtSmall.jpg
[2012/01/18 17:06:16 | 000,003,171 | -HS- | C] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Small.jpg
[2012/01/18 17:03:49 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 14:52:17 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/18 14:52:15 | 000,000,607 | -H-- | C] () -- C:\Users\fran\Desktop\System Check.lnk
[2012/01/18 14:52:12 | 000,000,440 | -H-- | C] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/16 16:06:09 | 000,008,754 | ---- | C] () -- C:\ProgramData\52423c85
[2012/01/16 16:04:43 | 000,062,459 | -H-- | C] () -- C:\Users\fran\Documents\The_Descendants_2011_REPACK_SCREENER_XviD_-_ZOMBiES.6959683.TPB.torrent
[2012/01/16 15:49:13 | 000,029,738 | -H-- | C] () -- C:\Users\fran\Documents\Moneyball_2011_BRRip_XviD-FTW.6892152.TPB.torrent
[2012/01/14 20:43:45 | 000,014,666 | -H-- | C] () -- C:\Users\fran\Documents\Person.of.Interest.S01E10.HDTV.XviD-ASAP [AGENT][1337x.org].torrent
[2012/01/13 17:58:32 | 000,007,476 | -H-- | C] () -- C:\Users\fran\Documents\The.Mentalist.S04E11.HDTV.XviD-ASAP.[VTV].avi.6951405.TPB.torrent
[2012/01/13 17:01:24 | 000,014,499 | -H-- | C] () -- C:\Users\fran\Documents\Person_of_Interest_S01E11_HDTV_XviD-ASAP_[eztv].6951579.TPB.torrent
[2012/01/12 14:19:43 | 000,014,593 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E12_HDTV_XviD-ASAP_[eztv][1337x.org].torrent
[2012/01/12 14:17:50 | 000,014,590 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E13_HDTV_XviD-2HD_[eztv][1337x.org].torrent
[2012/01/12 14:14:21 | 000,014,490 | -H-- | C] () -- C:\Users\fran\Documents\Harrys_Law_S02E11_HDTV_XviD-LOL_[eztv].6949132.TPB.torrent
[2012/01/12 14:11:42 | 000,014,479 | -H-- | C] () -- C:\Users\fran\Documents\Law.and.Order.SVU.S13E11.HDTV.XviD-LOL.[VTV].avi.6949230.TPB.torrent
[2012/01/09 17:14:25 | 017,364,199 | -H-- | C] () -- C:\Users\fran\Desktop\Excel 2010 For Dummies - (Maalestrom).pdf
[2012/01/09 17:12:20 | 000,006,337 | -H-- | C] () -- C:\Users\fran\Documents\Excel 2010 For Dummies - (Malestrom) [h33t].torrent
[2011/12/30 12:48:35 | 001,667,808 | -H-- | C] () -- C:\Users\fran\Desktop\Picture 102.jpg
[2011/12/29 17:11:41 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/26 13:13:52 | 000,008,105 | -H-- | C] () -- C:\Users\fran\Documents\Sibling.Rivalry.1990.DVDRip.x264.6384000.TPB.torrent
[2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\Users\fran\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/20 13:10:54 | 000,004,348 | -HS- | C] () -- C:\Users\fran\AppData\Local\506881s3y808c713u857y1ysd5m6
[2011/12/20 13:10:54 | 000,003,930 | -HS- | C] () -- C:\ProgramData\506881s3y808c713u857y1ysd5m6
[2010/07/14 14:36:24 | 000,000,620 | ---- | C] () -- C:\Windows\RegGenie.ini
[2010/05/20 14:04:48 | 000,002,873 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/03/27 20:06:36 | 000,100,000 | ---- | C] () -- C:\Windows\System32\xvidcore (2).dll
[2009/11/22 10:14:57 | 000,000,578 | ---- | C] () -- C:\Windows\M3JPEG.INI
[2009/09/16 20:58:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 20:58:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/15 12:22:41 | 000,169,341 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 13:50:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll
[2009/06/30 12:25:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands
[2009/06/30 12:25:09 | 000,000,268 | RH-- | C] () -- C:\Users\fran\AppData\Roaming\ColorTable
[2009/06/30 12:25:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/06/30 12:12:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Comedy Noises
[2009/06/30 12:12:46 | 000,000,268 | RH-- | C] () -- C:\Users\fran\AppData\Roaming\Cocoa
[2009/06/30 12:12:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/10 10:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\LiveClient.dll
[2009/04/10 10:22:50 | 000,176,128 | ---- | C] () -- C:\Windows\GeoCodecLib.dll
[2009/01/12 18:06:56 | 000,005,055 | -H-- | C] () -- C:\ProgramData\ywasvxup.hvs
[2009/01/10 11:39:27 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\879bd249e38aa95
[2009/01/10 11:36:51 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e2885dfed4432ad
[2009/01/10 11:30:31 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\f4b4078416895d5
[2009/01/10 11:30:11 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5bd984c3690c592
[2009/01/10 11:27:06 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e24b76a18275429
[2009/01/10 11:26:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\16a31fe427215df
[2009/01/10 11:23:25 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\8c381622b054eae
[2009/01/10 11:21:10 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\dfa409a166a6a13
[2009/01/10 11:19:15 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\32584a94ef4d92a
[2009/01/10 11:19:05 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1a4687276c956c8
[2009/01/10 11:18:00 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\99ce21a2ae22606
[2009/01/10 11:17:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c8c5499adc56da5
[2009/01/10 11:14:50 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\acbb6ef48b6dc68
[2009/01/10 11:14:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c9104d4825b6261
[2009/01/10 11:07:59 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\4f8f8cf620a3077
[2009/01/10 10:23:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\65a00ff4fc8f1af
[2009/01/10 10:22:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b06b03ba03bca22
[2009/01/09 18:10:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\491b74175c778c5
[2009/01/09 18:05:40 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\d4b5c41f8d74e6a
[2009/01/09 18:04:41 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\eb4387b7e66a85f
[2009/01/09 17:59:55 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\ff86e0b75094016
[2009/01/09 17:59:09 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5b3cf438eb60b35
[2009/01/09 17:57:49 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1c259bf20aab364
[2009/01/09 17:56:44 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\40beebab9c36ce0
[2009/01/09 17:53:34 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b1b638edd446128
[2009/01/09 17:53:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\94800ada1706250
[2008/09/24 11:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/22 12:11:23 | 000,130,976 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2008/07/22 12:11:23 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2008/06/18 19:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/03/25 15:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/02/27 16:04:58 | 000,000,153 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2008/02/17 16:27:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/01/26 15:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/01/19 12:15:12 | 000,001,028 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\AVIEncoder.wff
[2008/01/04 15:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/17 07:45:12 | 000,000,087 | ---- | C] () -- C:\Windows\UsnapPRO.INI
[2007/10/16 10:46:44 | 000,250,156 | -H-- | C] () -- C:\Users\fran\AppData\Local\rx_image.Cache
[2007/09/26 16:07:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/10 12:55:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/08/28 18:23:04 | 000,006,726 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\wklnhst.dat
[2007/08/24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/23 18:35:04 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2007/08/23 18:35:04 | 000,000,165 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007/08/23 18:35:03 | 000,100,864 | ---- | C] () -- C:\Windows\System32\Dc50ip32.dll
[2007/08/23 18:35:03 | 000,065,864 | ---- | C] () -- C:\Windows\System32\Digita.sys
[2007/08/23 18:35:03 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ImgLibLead.dll
[2007/08/23 15:41:46 | 000,130,425 | ---- | C] () -- C:\Windows\hpoins18.dat
[2007/08/23 11:27:37 | 000,031,232 | -H-- | C] () -- C:\Users\fran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/23 11:23:50 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/03/10 05:51:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/03/08 09:25:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/03/08 09:22:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/08 09:22:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/08 09:13:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/03/06 12:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/28 17:52:43 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2007/02/05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/10 05:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,461,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,617,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,108,360 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/17 09:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpusp32.dll
[2006/08/11 01:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 01:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2006/02/25 12:09:38 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

========== LOP Check ==========

[2007/12/05 12:49:48 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\AVSMedia
[2008/01/19 20:45:55 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Azureus
[2012/01/16 16:59:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\BitTorrent
[2008/03/13 10:28:13 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\BitTorrent DNA
[2012/01/24 14:28:25 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\DNA
[2009/01/12 12:17:50 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\DriverCure
[2010/06/20 19:06:43 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\FreeFLVConverter
[2008/11/13 16:58:15 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\FrostWire
[2008/11/05 11:05:30 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\GrabPro
[2011/11/01 18:13:35 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Image Zone Express
[2010/05/14 17:00:31 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Leadertech
[2008/11/22 12:06:01 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\LimeWire(56)
[2009/05/06 16:05:01 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\muvee Technologies
[2008/01/19 12:18:35 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\NCH Swift Sound
[2009/07/17 16:18:14 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Nikon
[2008/02/18 10:20:15 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Opera
[2011/06/17 13:56:28 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Orbit
[2007/12/29 17:52:47 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Pegasys Inc
[2007/08/23 16:25:44 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Printer Info Cache
[2008/01/19 20:45:56 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\SuperNZB
[2007/08/28 18:23:06 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Template
[2009/02/23 19:42:59 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\TomTom
[2010/07/14 14:56:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Uniblue
[2008/02/05 15:08:17 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\WinAVI
[2007/08/24 13:53:11 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\WinBatch
[2011/05/20 13:49:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Windows Live Writer
[2012/01/23 19:52:30 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/24 14:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F623431B-85FC-4B49-9266-D17D838F2373}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2009/05/05 12:32:01 | 000,000,174 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 12:51:28 | 000,009,762 | ---- | M] () -- C:\avi_log.txt
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/03/08 09:12:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/01/19 17:50:41 | 000,024,219 | ---- | M] () -- C:\debug.log
[2009/11/17 17:28:04 | 000,000,064 | ---- | M] () -- C:\FINIS_IT.TXT
[2007/10/20 13:34:07 | 024,116,881 | ---- | M] () -- C:\HpWinVNC4.log
[2007/08/23 18:33:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/23 18:33:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/06/22 09:13:21 | 000,000,761 | ---- | M] () -- C:\net_save.dna
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2012/01/24 14:08:02 | 3525,066,752 | -HS- | M] () -- C:\pagefile.sys
[2007/07/18 23:29:40 | 003,405,312 | ---- | M] (Adobe Systems, Inc.) -- C:\PD4.exe
[2008/07/21 10:22:48 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2012/01/20 16:54:48 | 000,074,194 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_20.01.2012_16.53.13_log.txt
[2012/01/23 16:29:17 | 000,071,858 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_23.01.2012_16.20.12_log.txt
[2008/01/19 15:29:08 | 000,004,745 | ---- | M] () -- C:\unins000.dat
[2008/12/13 12:14:23 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/23 14:55:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1998/04/18 09:34:56 | 000,054,784 | ---- | M] (Storm Technology, Inc.) -- C:\Windows\EasyPhoto Slide Show.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/19 10:37:32 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2008/03/15 06:10:09 | 023,454,528 | -H-- | M] ( ) -- C:\Users\fran\Desktop\AdbeRdr812_en_US.exe
[2012/01/20 15:37:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\fran\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\fran\Desktop\boot_cleaner.exe
[2012/01/23 14:15:40 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\fran\Desktop\Combofix.exe
[2010/12/24 16:22:34 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\fran\Desktop\explorer.exe.exe
[2012/01/20 16:52:00 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\fran\Desktop\MY APP.exe
[2012/01/24 14:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
[2007/11/13 18:50:35 | 022,749,719 | -H-- | M] (Shark007) -- C:\Users\fran\Desktop\VistaCodecs_v452.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/07/30 09:56:55 | 000,061,224 | -H-- | M] () -- C:\Users\fran\GoToAssistDownloadHelper.exe
[1 C:\Users\fran\*.tmp files -> C:\Users\fran\*.tmp -> ]

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/23 15:16:56 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2009/09/23 15:16:26 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/29 08:38:58 | 000,000,402 | -HS- | M] () -- C:\Users\fran\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/01/19 16:15:47 | 000,448,768 | -H-- | M] () -- C:\ProgramData\123.exe
[2011/12/24 23:24:36 | 000,012,680 | -HS- | M] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/20 13:14:42 | 000,003,930 | -HS- | M] () -- C:\ProgramData\506881s3y808c713u857y1ysd5m6
[2012/01/16 19:37:38 | 000,008,754 | ---- | M] () -- C:\ProgramData\52423c85
[2009/06/30 12:12:46 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Comedy Noises
[2009/06/30 12:25:09 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Commands
[2009/08/15 12:24:20 | 000,005,167 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/01/19 17:21:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\k7vUREwXGlnIiC
[2010/05/20 14:05:03 | 000,002,873 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/01/22 14:05:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/18 14:55:22 | 000,000,440 | -H-- | M] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/19 16:26:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2009/01/12 18:06:56 | 000,005,055 | -H-- | M] () -- C:\ProgramData\ywasvxup.hvs
[2012/01/19 17:19:53 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/18 14:52:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/19 16:24:23 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2r

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Files - Unicode (All) ==========
[2011/04/08 16:31:33 | 000,000,000 | -H-D | M](C:\Users\fran\AppData\Roaming\???????sAppData) -- C:\Users\fran\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2011/04/08 16:31:33 | 000,000,000 | -H-D | M](C:\Users\fran\AppData\Roaming\???????sAppData) -- C:\Users\fran\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\fran\AppData\Roaming\???????sAppData) -- C:\Users\fran\AppData\Roaming\敎潲䍄敔灭慬整sAppData

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB56286$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\Romantics - Talking In Your Sleep.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\MeatLoaf - Let Me Sleep On It.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\jesse maccartney - Don't Go Breaking My Heart.mp3:TOC.WMV
@Alternate Data Stream - 3241 bytes -> C:\Users\fran\Documents\Girlfriends.eml:OECustomProperty
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:F4CE9946
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >

Broni · Jan 24, 2012

I still need Extras.txt

bichons9 · Jan 24, 2012

extras

OTL Extras logfile created on: 1/24/2012 2:25:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\fran\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.08% Memory free
6.21 Gb Paging File | 5.39 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 364.93 Gb Total Space | 29.35 Gb Free Space | 8.04% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 1.64 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive F: | 376.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRAN-PC | User Name: fran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{111A5D75-4278-4B07-9646-E9DAD4A3C518}" = rport=10243 | protocol=6 | dir=out | app=system |
"{18848E6C-3755-4171-BB81-647CC82DDC25}" = lport=56579 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{25246C8A-8251-4E00-AD6C-6FC62003CB95}" = lport=6884 | protocol=6 | dir=in | name=bittorrent |
"{2AAC040C-C226-449F-9784-E601292CE8BB}" = lport=6881 | protocol=6 | dir=in | name=utorrent |
"{31E070D9-EA2A-46C7-987A-496A40BFA683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BBAF6C2-8CD8-448C-929C-E1E32AD7C307}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{44E2C9A0-01A3-48F3-A1FA-F7E4BE4D9355}" = lport=6886 | protocol=6 | dir=in | name=bittorrent |
"{46D2BD0E-9055-4BF3-84A5-682429B55FA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{480F5E3C-7F94-445F-ABE0-0F31C290A01D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{547C0029-FEBD-46BD-ADE6-9E5FD46FF7DC}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{619FB86D-6B94-4F0D-B007-96E8C957115F}" = lport=6882 | protocol=6 | dir=in | name=bittorrent |
"{62158EF2-F2B1-44A5-8025-81925B1198B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6223E4FD-5A09-4357-A42D-84C73DAA4210}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B280EEA-02A7-4900-AA36-C85EAAE6189A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BAF3491-4F8D-4D67-BFA5-59DDE708560D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{714C176B-55FB-4EE1-8B7B-489232ACFCB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7872BABD-62C7-40EF-AFD6-5D9206626B8D}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{7A0C6DDF-4EC2-4BB7-A7DF-5ACDBF0A0E54}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88A38B2E-B617-4E7C-851A-A615C75E5705}" = lport=6885 | protocol=6 | dir=in | name=bittorrent |
"{8B440974-9A43-4B6D-B4B0-29469EE4F6CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A7A1187-6F0A-40A5-8C29-11B4C3B9D3D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EE38279-3308-4C6E-BC53-E48C6711FC98}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A1CB9F75-6678-435F-A8FA-41317E765D07}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A90CFABA-3F6A-442D-A8EF-7EF67315F382}" = lport=56579 | protocol=6 | dir=in | name=pando p2p tcp listening port |
"{C0D502B2-9964-4D09-B314-A910E94DC8F5}" = lport=6883 | protocol=6 | dir=in | name=bittorrent |
"{C7D5706C-82A8-4A56-BD77-2AFC38F4F9C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C8B67810-1B07-44AC-BA53-DDE754935723}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D9818A17-AC1A-4FDD-8ABB-862024226AEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4C5B21F-09C0-440E-B8A5-D5B4F18D91F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6E2AF3D-314F-44ED-A9D1-F2C61122A706}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008DD81A-5A2D-4B4D-9654-744CBE7EAE52}" = protocol=6 | dir=in | app=c:\program files\bittorrent\choose_language.exe |
"{00DBB426-6C5B-4C49-94A3-361024EBBE84}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{06713A81-84EB-407B-941E-6051A4BD98C9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{06CDCE07-4F55-46C3-9DE5-352F98BA9F75}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{06EB4DC4-AD9C-46BE-BCA5-C343F7C903B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C24F5D1-8721-4C84-B78A-CC312231F8F4}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{158D58C0-05B1-4799-AD07-B515879B08D5}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{1B2A60CF-28FF-4BBC-99EA-5FB4BC6F7474}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1C8503A7-B7FA-4207-9072-1F053471A8C2}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{1D59BBE1-920F-485A-816A-7BEC21C22FB7}" = protocol=6 | dir=in | app=c:\program files\vistacodecpack\filters\ac3config.exe |
"{23203484-64DB-4DD7-950A-EFE30FFE8F6B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{27BC3C4E-03BA-44E5-BB41-9BCCC9D08BDB}" = protocol=6 | dir=out | app=system |
"{28A814CC-1CD5-4531-B7D5-456826A51C75}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{3F00F963-9916-4EDB-A192-064070E2AA44}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{41F1EB33-30A9-4310-BC7A-8802CD31417F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{4739FCBB-B0EE-47A2-8183-44D2627AD81E}" = dir=in | app=rosettastoneversion3.exe |
"{4C4DCEAA-19A8-4505-AA93-FC875DBD2CC7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{4F1F2A85-B5B2-45BD-A2FC-4D770A7420FC}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{58A675AA-B178-47DC-983B-8C03CC34491A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5FC968D0-B774-4875-9628-0BFF28185B7D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{616CFA5F-E481-4D81-9312-778EB1E080E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{617358EC-FC56-45EE-B6D6-FBC09D15930E}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{62C621DC-7831-4365-A09D-73C2DA4B16CB}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{62EAEF64-0798-4D7B-891A-6F30B700D86D}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{6646BFFE-5F7D-4851-83AA-C0175B86B5A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67549DB7-ADCB-4903-B239-02376DCE392A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67DCAD36-4193-45D4-8B7D-FDE9582D7577}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{716F828D-2E61-4438-AA0C-D44B9C729017}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{77B4A6BE-90D9-4F67-A55C-A995F0ABFF1F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7942B8D5-BCEA-425A-B639-D1C569EC9E18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CFD2D05-7CE7-41ED-9C97-78F2CC350884}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{841025A4-1305-4E54-AF56-0D16D2894EB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85326B87-5C5E-404A-A60B-84554D3530ED}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{883B9865-78B7-4567-9809-CBD5546C4FA3}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{8FC84FDF-CBBC-4FEC-A482-BADA8A53F864}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{939F21E4-B4DA-40FC-8DDF-C7C4A6CDEF9D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{96D5A838-CCCD-41C6-989C-53D286B9E122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B52DFFE-F76E-460D-A627-47DB45F2E9F3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{9D842222-DCD7-4DF7-96A0-4D1918FE62DC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9F6C3E3B-7ED8-4D56-B0EC-4ED7517D2F96}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9F949A9E-1214-4012-A3D3-CE330F719676}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{A350F728-014F-4523-B856-54F8B3BA79FE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A3ABF0F4-5091-4752-8FD3-05F42AEF1859}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A76C3CF3-69BB-4214-AC01-A23B0C256DB9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A7E42570-F80D-4AB0-9574-8DDB3DD81E02}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{AF186039-7E81-4CB5-9469-E0EF36086955}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B05453B7-FCFF-4E4E-A673-3A091B56F358}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B1778F4A-9302-4A8F-BA9E-2E8FB05E8B9D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B2AAB157-F549-4866-86C5-449820A2B55E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3171362-F4BC-417E-9C71-2E6BC4746A4B}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{B5AA98CC-ED8D-42CA-A6A4-B906E8328564}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{B65C95F4-B4E4-4CDD-BF75-7F7080BC9FD8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B7B2CE6B-FCC6-435A-BD24-B900CAB157D5}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{BAC6B761-E436-4246-9930-2884F077149D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF3793AF-E36E-4E2D-8DE8-9BC6F2601297}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C316313B-DAAC-4DB1-B1DC-E555FBF019DC}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{C3711D51-14A7-4069-8EA3-2D49BF541633}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{C6070FD2-859D-4468-B308-A15009A51141}" = protocol=17 | dir=in | app=c:\program files\vistacodecpack\filters\ac3config.exe |
"{CE837851-21D5-490D-80CA-9BC88EF7E24A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEDCEB8C-A98B-4BA3-8443-E31A7FA2EA88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3309040-8A1A-4B8D-B71D-1C131E08A02C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D665EE67-875B-40B9-805F-4D21C6E5D0C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC4D722-7343-4F70-923C-2C3D57887BA3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DD502E2A-222B-4712-B516-4D9209F2AA3C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{DEA5CFBF-5CBF-4B07-AB37-F719E9B3798C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E11A29F4-AED9-4E53-981D-096D364085F7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\choose_language.exe |
"{E52B6427-F30F-4926-A53D-6C24AE8775E9}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{F40BF604-48CE-4CB3-85CA-3909B1DA90AF}" = dir=in | app=support inrosettastoneltdservices.exe |
"{F8029894-4EAC-4E5D-AD88-144590BD4CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA08B9E2-D52E-40F9-98CB-55830B98FFDF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FCE7615E-7736-4AE5-BBFE-1BACB961D745}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FE15A08F-BDF2-47CE-9D51-A108DE8DD116}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF07E052-57B3-45F8-ACDE-6580C6945E5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1D94C021-992C-4D01-90FB-8D9E017FC1AE}C:\users\fran\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\bittorrent_dna\dna.exe |
"TCP Query User{226193B2-464D-4C05-B5D9-01448F326DCD}C:\users\fran\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"TCP Query User{27FDF760-2C13-48B5-9A93-64BDA3DB1AAF}C:\users\fran\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"TCP Query User{5B4EEABB-91F0-48A0-B36C-BA7BFCBA686B}C:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe" = protocol=6 | dir=in | app=c:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe |
"TCP Query User{6A77F969-9B10-4B82-A297-F0DF744AEDA9}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{70B61A7B-D5F7-4CB7-807B-BE22113540CB}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{7C7A59A7-3B4A-4ADD-9C89-83D4F6224A77}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{7D10DE02-263C-403E-A6AE-A351F41109F8}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{80425282-E561-43C9-A9C0-98A04CA49B45}C:\users\fran\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\bittorrent\bittorrent.exe |
"TCP Query User{80D5FA7F-846A-4C8F-AB87-26324C4C4950}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{A4345628-0F6C-4D44-BAFB-FFD7287E0C21}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A6C4B790-168C-4342-982E-56C6AADB3F1E}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{D9FE627A-02A4-4849-A268-8D7F99238DBA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{DF116AD9-9FEB-4FAB-BDEA-C0A22DFE8D9D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{EC69F429-087A-414E-BFB6-1C8A229BD0B6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{15A59BC8-340D-4517-85AB-109E77D76C68}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{18F44350-2116-4338-9B13-D00AB2686E84}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{328D4D4C-CE43-41E5-8292-CE530C0F3025}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{3F28B61C-80CE-49A6-9C42-0C741F85034B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4937F117-C937-42FC-B8D8-464217F78E23}C:\users\fran\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"UDP Query User{58340C81-1DC6-4876-8D28-C337895E9005}C:\users\fran\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\bittorrent\bittorrent.exe |
"UDP Query User{9A3E3E69-8C31-42AA-9494-DC315120980F}C:\users\fran\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"UDP Query User{A992339E-7622-495B-B5A6-2319AEF33F2A}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{B3ABD457-E8A7-4C54-9891-294E3C9DEA50}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D2161AAB-F490-4796-A29D-F5BC69FB0B63}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{D9B44D03-C49C-4EF4-97E7-276D1D287EA8}C:\users\fran\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\bittorrent_dna\dna.exe |
"UDP Query User{DC149898-3507-4EF6-B851-5F94B0B30D68}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{E3C47099-D8C0-4158-9887-6D3B55AEC1E1}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{EA4FC1CD-9DAF-4DAF-AD88-2D7BC67FCF52}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{FD05B935-07CD-4BAC-AEC4-097C4CBDF8C0}C:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe" = protocol=17 | dir=in | app=c:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A023A2D1-8BD3-4B3D-8077-CD9DDA489CB5}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B46E38DB-F929-4EA6-BBB1-BE9873A0F1F4}" = muvee Reveal
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe Home Edition 3.1" = Adobe PhotoDeluxe Home Edition 3.1
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MediaInfo" = MediaInfo 0.7.18
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RAR Key Demo" = RAR Key 8.1 Demo
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 5.2
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Rhapsody" = Rhapsody
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.5.2.60
"TurboTax Premier 2007" = TurboTax Premier 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2012 6:41:12 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Mail\wlmail.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:33 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Mesh\WLSync.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:17:32 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:17:32 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:20:33 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:20:33 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 12/6/2007 10:54:40 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/20/2007 2:04:37 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/22/2007 1:51:14 AM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/16/2008 4:55:25 PM | Computer Name = fran-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/22/2008 4:52:03 PM | Computer Name = fran-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/12/2008 11:30:55 AM | Computer Name = fran-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2008 12:13:07 AM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 3/26/2009 9:28:15 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 10:06:55 AM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/6/2009 9:29:06 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/23/2012 6:39:19 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/23/2012 6:39:19 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/23/2012 6:39:22 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/23/2012 6:41:24 PM | Computer Name = fran-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/24/2012 4:09:50 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/24/2012 4:11:52 PM | Computer Name = fran-PC | Source = WMPNetworkSvc | ID = 866293
Description =

< End of report >

Broni · Jan 24, 2012

You have "hosts" file missing.

Open Notepad.
Paste the following text into it:

Code:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

[IMG]

NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.

==============================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2011/08/17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
O3 - HKLM\..\Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UIWWFDnoJEOaR.exe] C:\ProgramData\UIWWFDnoJEOaR.exe File not found
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [hbcVhKDrqeOuR.exe] C:\ProgramData\hbcVhKDrqeOuR.exe File not found
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell - "" = AutoRun
O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O37 - HKLM\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2012/01/18 14:52:15 | 000,000,000 | -H-D | C] -- C:\Users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/19 17:21:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/19 17:19:51 | 000,000,631 | -H-- | M] () -- C:\Users\fran\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 16:26:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2r
[2012/01/19 16:15:47 | 000,448,768 | -H-- | M] () -- C:\ProgramData\123.exe
[2012/01/18 14:55:22 | 000,000,440 | -H-- | M] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/18 14:52:15 | 000,000,607 | -H-- | M] () -- C:\Users\fran\Desktop\System Check.lnk
[2012/01/16 19:37:38 | 000,008,754 | ---- | M] () -- C:\ProgramData\52423c85
[2012/01/16 16:04:43 | 000,062,459 | -H-- | C] () -- C:\Users\fran\Documents\The_Descendants_2011_REPACK_SCREENER_XviD_-_ZOMBiES.6959683.TPB.torrent
[2012/01/16 15:49:13 | 000,029,738 | -H-- | C] () -- C:\Users\fran\Documents\Moneyball_2011_BRRip_XviD-FTW.6892152.TPB.torrent
[2012/01/14 20:43:45 | 000,014,666 | -H-- | C] () -- C:\Users\fran\Documents\Person.of.Interest.S01E10.HDTV.XviD-ASAP [AGENT][1337x.org].torrent
[2012/01/13 17:58:32 | 000,007,476 | -H-- | C] () -- C:\Users\fran\Documents\The.Mentalist.S04E11.HDTV.XviD-ASAP.[VTV].avi.6951405.TPB.torrent
[2012/01/13 17:01:24 | 000,014,499 | -H-- | C] () -- C:\Users\fran\Documents\Person_of_Interest_S01E11_HDTV_XviD-ASAP_[eztv].6951579.TPB.torrent
[2012/01/12 14:19:43 | 000,014,593 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E12_HDTV_XviD-ASAP_[eztv][1337x.org].torrent
[2012/01/12 14:17:50 | 000,014,590 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E13_HDTV_XviD-2HD_[eztv][1337x.org].torrent
[2012/01/12 14:14:21 | 000,014,490 | -H-- | C] () -- C:\Users\fran\Documents\Harrys_Law_S02E11_HDTV_XviD-LOL_[eztv].6949132.TPB.torrent
[2012/01/12 14:11:42 | 000,014,479 | -H-- | C] () -- C:\Users\fran\Documents\Law.and.Order.SVU.S13E11.HDTV.XviD-LOL.[VTV].avi.6949230.TPB.torrent
[2012/01/09 17:14:25 | 017,364,199 | -H-- | C] () -- C:\Users\fran\Desktop\Excel 2010 For Dummies - (Maalestrom).pdf
[2012/01/09 17:12:20 | 000,006,337 | -H-- | C] () -- C:\Users\fran\Documents\Excel 2010 For Dummies - (Malestrom) [h33t].torrent
[2011/12/26 13:13:52 | 000,008,105 | -H-- | C] () -- C:\Users\fran\Documents\Sibling.Rivalry.1990.DVDRip.x264.6384000.TPB.torren t
[2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\Users\fran\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/20 13:10:54 | 000,004,348 | -HS- | C] () -- C:\Users\fran\AppData\Local\506881s3y808c713u857y1ysd5m6
[2011/12/20 13:10:54 | 000,003,930 | -HS- | C] () -- C:\ProgramData\506881s3y808c713u857y1ysd5m6
[2009/01/12 18:06:56 | 000,005,055 | -H-- | C] () -- C:\ProgramData\ywasvxup.hvs
[2009/01/10 11:39:27 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\879bd249e38aa95
[2009/01/10 11:36:51 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e2885dfed4432ad
[2009/01/10 11:30:31 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\f4b4078416895d5
[2009/01/10 11:30:11 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5bd984c3690c592
[2009/01/10 11:27:06 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e24b76a18275429
[2009/01/10 11:26:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\16a31fe427215df
[2009/01/10 11:23:25 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\8c381622b054eae
[2009/01/10 11:21:10 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\dfa409a166a6a13
[2009/01/10 11:19:15 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\32584a94ef4d92a
[2009/01/10 11:19:05 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1a4687276c956c8
[2009/01/10 11:18:00 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\99ce21a2ae22606
[2009/01/10 11:17:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c8c5499adc56da5
[2009/01/10 11:14:50 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\acbb6ef48b6dc68
[2009/01/10 11:14:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c9104d4825b6261
[2009/01/10 11:07:59 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\4f8f8cf620a3077
[2009/01/10 10:23:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\65a00ff4fc8f1af
[2009/01/10 10:22:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b06b03ba03bca22
[2009/01/09 18:10:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\491b74175c778c5
[2009/01/09 18:05:40 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\d4b5c41f8d74e6a
[2009/01/09 18:04:41 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\eb4387b7e66a85f
[2009/01/09 17:59:55 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\ff86e0b75094016
[2009/01/09 17:59:09 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5b3cf438eb60b35
[2009/01/09 17:57:49 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1c259bf20aab364
[2009/01/09 17:56:44 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\40beebab9c36ce0
[2009/01/09 17:53:34 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b1b638edd446128
[2009/01/09 17:53:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\94800ada1706250
[2010/07/14 14:56:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Uniblue
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\Romantics - Talking In Your Sleep.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\MeatLoaf - Let Me Sleep On It.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\jesse maccartney - Don't Go Breaking My Heart.mp3:TOC.WMV
@Alternate Data Stream - 3241 bytes -> C:\Users\fran\Documents\Girlfriends.eml:OECustomProperty
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:F4CE9946
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ECF54A0E

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" =-

:Files
C:\Program Files\Common Files\Spigot
C:\Users\fran\AppData\Local\Temp\87EPgtDlSWkVpf.exe.tmp
C:\Users\fran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\393d13ac-2a08195f
C:\ProgramData\123.exe

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

bichons9 · Jan 24, 2012

Are the hosts missing because i copied wrong or because something is wrong? When you asked me to copy the following text, this is where my lack of pc smartness is really showing. i almost thought you wanted me to copy that box labeled Code,right below, starting "This is a sample HOSTS file...". What am I suppose to paste into noteapd?

bichons9 · Jan 24, 2012

I saved it to my desktop because system32 drivers etc exists but it doesn't show up and let me save it there. I am copying that code box into it by hand.

Broni · Jan 24, 2012

Copy everything inside the box (leave alone word "code").

it doesn't show up
Click to expand...

It doesn't show up where?

Broni · Jan 24, 2012

Let's make it easier for you....

Download following "hosts"(zipped) file: http://www.bleepstatic.com/fhost/uploads/0/hosts_vista.zip
Unzip it.
Copy hosts file found inside.
Open Windows Explorer and paste hosts file to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.

NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.

TechSpot

Could "System Check" removal attempt have ruined my PC?

bichons9 TS Rookie Topic Starter Posts: 39

Broni Malware Annihilator Posts: 53,795 +369

bichons9 TS Rookie Topic Starter Posts: 39

bichons9 TS Rookie Topic Starter Posts: 39

Broni Malware Annihilator Posts: 53,795 +369

bichons9 TS Rookie Topic Starter Posts: 39

Broni Malware Annihilator Posts: 53,795 +369

bichons9 TS Rookie Topic Starter Posts: 39

bichons9 TS Rookie Topic Starter Posts: 39

Broni Malware Annihilator Posts: 53,795 +369

Broni Malware Annihilator Posts: 53,795 +369

Similar Topics

Add New Comment