Inactive Could "System Check" removal attempt have ruined my PC?

[bichons9]

I'm doing it now..Sorry i got a little down and took the night off thinking about restoring back to factory settings.

 

[Broni]

No worries

 

[bichons9]

1/2 of one result

OTL logfile created on: 1/24/2012 2:25:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\fran\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.08% Memory free
6.21 Gb Paging File | 5.39 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 364.93 Gb Total Space | 29.35 Gb Free Space | 8.04% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 1.64 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive F: | 376.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRAN-PC | User Name: fran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 14:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010/08/10 12:57:42 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/08/10 12:57:42 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/07/01 12:39:18 | 000,071,224 | ---- | M] (ArcSoft, Inc.) -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application\VSSUACToken.exe
PRC - [2010/07/01 12:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/11/12 16:03:56 | 000,323,392 | -H-- | M] (BitTorrent, Inc.) -- C:\Users\fran\Program Files\DNA\btdna.exe
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/16 19:12:28 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/25 19:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/12 19:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/28 07:42:24 | 000,065,536 | -H-- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | -H-- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2005/04/18 12:38:59 | 000,046,680 | R--- | M] (America Online) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2002/04/17 11:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/10 12:57:42 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/07/01 12:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/06 14:15:59 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/12 19:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/03 12:32:28 | 000,208,896 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2005/04/18 12:38:59 | 000,046,680 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/13 14:48:44 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/24 16:03:10 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\Windows\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\fran\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/10/25 09:07:16 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\fran\Program Files\DNA [2012/01/24 14:08:23 | 000,000,000 | -H-D | M]

[2009/05/18 14:44:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Extensions
[2009/02/23 19:43:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/05/18 14:44:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/01/23 10:54:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\8orrx91a.default\extensions
[2008/01/19 20:45:56 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\8orrx91a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/01/19 20:45:56 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\fran\AppData\Roaming\Mozilla\Firefox\Profiles\8orrx91a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

========== Chrome ==========


Hosts file not found
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SBCONVERT Class) - {4AF9DF3E-17A4-428F-A39E-28ADA0A3A522} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\VistaCodecPack\QT\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UIWWFDnoJEOaR.exe] C:\ProgramData\UIWWFDnoJEOaR.exe File not found
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [BitTorrent DNA] C:\Users\fran\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [hbcVhKDrqeOuR.exe] C:\ProgramData\hbcVhKDrqeOuR.exe File not found
O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2DED2D-53DE-44A7-9B4B-8442CE66B60F}: NameServer = 68.87.68.162,68.87.74.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0DC0797-6583-4D36-B4C6-351CF9AB503E}: NameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\fran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\fran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/05 12:32:01 | 000,000,174 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell - "" = AutoRun
O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.tssoft32 - C:\Windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - C:\WINDOWS\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.GEOX - C:\WINDOWS\GeoCodec.dll (Geovision)
Drivers32: vidc.iv50 - C:\WINDOWS\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - C:\Windows\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.MJPG - C:\WINDOWS\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.mpg2 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg3 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

 

[bichons9]

second half of one result =txt file

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 14:18:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
[2012/01/24 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSS
[2012/01/24 14:10:48 | 000,000,000 | ---D | C] -- C:\Users\fran\AppData\Roaming\HP SimpleSave Application
[2012/01/24 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\fran\AppData\Roaming\HPSS
[2012/01/23 16:30:36 | 000,000,000 | --SD | C] -- C:\YourApp
[2012/01/22 11:56:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/22 11:56:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/22 11:56:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/22 11:55:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/22 11:47:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 11:46:25 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\fran\Desktop\Combofix.exe
[2012/01/20 16:51:53 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\fran\Desktop\MY APP.exe
[2012/01/20 16:18:00 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\fran\Desktop\boot_cleaner.exe
[2012/01/20 15:37:22 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\fran\Desktop\aswMBR.exe
[2012/01/18 16:33:41 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\fran\Desktop\explorer.exe.exe
[2012/01/18 14:52:15 | 000,000,000 | -H-D | C] -- C:\Users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/28 19:48:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/28 19:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/28 19:46:35 | 016,409,960 | -H-- | C] (Safer Networking Limited ) -- C:\Users\fran\Documents\spybotsd162.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\fran\*.tmp files -> C:\Users\fran\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 14:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
[2012/01/24 14:13:10 | 000,617,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/24 14:13:10 | 000,108,360 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/24 14:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F623431B-85FC-4B49-9266-D17D838F2373}.job
[2012/01/24 14:08:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 14:08:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 14:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 14:15:40 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\fran\Desktop\Combofix.exe
[2012/01/22 14:05:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/22 14:05:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/21 21:17:41 | 000,000,512 | ---- | M] () -- C:\Users\fran\Desktop\MBR.dat
[2012/01/20 16:52:00 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\fran\Desktop\MY APP.exe
[2012/01/20 16:17:21 | 000,044,607 | ---- | M] () -- C:\Users\fran\Desktop\bootkit_remover.zip
[2012/01/20 15:37:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\fran\Desktop\aswMBR.exe
[2012/01/20 15:14:35 | 253,952,373 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/19 17:21:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/19 17:19:51 | 000,000,631 | -H-- | M] () -- C:\Users\fran\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 16:26:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2r
[2012/01/19 16:15:47 | 000,448,768 | -H-- | M] () -- C:\ProgramData\123.exe
[2012/01/18 17:06:14 | 000,014,186 | -HS- | M] () -- C:\Users\fran\Documents\Folder.jpg
[2012/01/18 17:06:14 | 000,014,186 | -HS- | M] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Large.jpg
[2012/01/18 17:05:40 | 000,003,171 | -HS- | M] () -- C:\Users\fran\Documents\AlbumArtSmall.jpg
[2012/01/18 17:05:40 | 000,003,171 | -HS- | M] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Small.jpg
[2012/01/18 17:03:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 14:55:22 | 000,000,440 | -H-- | M] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/18 14:52:15 | 000,000,607 | -H-- | M] () -- C:\Users\fran\Desktop\System Check.lnk
[2012/01/16 19:37:38 | 000,008,754 | ---- | M] () -- C:\ProgramData\52423c85
[2012/01/16 16:04:43 | 000,062,459 | -H-- | M] () -- C:\Users\fran\Documents\The_Descendants_2011_REPACK_SCREENER_XviD_-_ZOMBiES.6959683.TPB.torrent
[2012/01/16 15:49:14 | 000,029,738 | -H-- | M] () -- C:\Users\fran\Documents\Moneyball_2011_BRRip_XviD-FTW.6892152.TPB.torrent
[2012/01/15 14:03:03 | 000,001,854 | -H-- | M] () -- C:\Users\fran\Desktop\PeerBlock.lnk
[2012/01/15 14:03:03 | 000,001,825 | -H-- | M] () -- C:\Users\fran\Desktop\BitTorrent.lnk
[2012/01/14 20:43:45 | 000,014,666 | -H-- | M] () -- C:\Users\fran\Documents\Person.of.Interest.S01E10.HDTV.XviD-ASAP [AGENT][1337x.org].torrent
[2012/01/13 17:58:32 | 000,007,476 | -H-- | M] () -- C:\Users\fran\Documents\The.Mentalist.S04E11.HDTV.XviD-ASAP.[VTV].avi.6951405.TPB.torrent
[2012/01/13 17:01:24 | 000,014,499 | -H-- | M] () -- C:\Users\fran\Documents\Person_of_Interest_S01E11_HDTV_XviD-ASAP_[eztv].6951579.TPB.torrent
[2012/01/12 14:19:44 | 000,014,593 | -H-- | M] () -- C:\Users\fran\Documents\Unforgettable_S01E12_HDTV_XviD-ASAP_[eztv][1337x.org].torrent
[2012/01/12 14:17:56 | 000,014,590 | -H-- | M] () -- C:\Users\fran\Documents\Unforgettable_S01E13_HDTV_XviD-2HD_[eztv][1337x.org].torrent
[2012/01/12 14:14:21 | 000,014,490 | -H-- | M] () -- C:\Users\fran\Documents\Harrys_Law_S02E11_HDTV_XviD-LOL_[eztv].6949132.TPB.torrent
[2012/01/12 14:11:44 | 000,014,479 | -H-- | M] () -- C:\Users\fran\Documents\Law.and.Order.SVU.S13E11.HDTV.XviD-LOL.[VTV].avi.6949230.TPB.torrent
[2012/01/09 17:13:27 | 017,364,199 | -H-- | M] () -- C:\Users\fran\Desktop\Excel 2010 For Dummies - (Maalestrom).pdf
[2012/01/09 17:12:20 | 000,006,337 | -H-- | M] () -- C:\Users\fran\Documents\Excel 2010 For Dummies - (Malestrom) [h33t].torrent
[2012/01/09 16:35:45 | 000,006,726 | -H-- | M] () -- C:\Users\fran\AppData\Roaming\wklnhst.dat
[2011/12/30 12:58:41 | 000,031,232 | -H-- | M] () -- C:\Users\fran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 19:47:43 | 016,409,960 | -H-- | M] (Safer Networking Limited ) -- C:\Users\fran\Documents\spybotsd162.exe
[2011/12/26 13:13:52 | 000,008,105 | -H-- | M] () -- C:\Users\fran\Documents\Sibling.Rivalry.1990.DVDRip.x264.6384000.TPB.torrent
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\fran\*.tmp files -> C:\Users\fran\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/22 11:56:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/22 11:56:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/22 11:56:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/22 11:56:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/22 11:56:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/20 16:17:20 | 000,044,607 | ---- | C] () -- C:\Users\fran\Desktop\bootkit_remover.zip
[2012/01/20 16:10:17 | 000,000,512 | ---- | C] () -- C:\Users\fran\Desktop\MBR.dat
[2012/01/19 17:19:53 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/19 17:19:51 | 000,000,631 | -H-- | C] () -- C:\Users\fran\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/19 17:19:46 | 000,000,448 | -H-- | C] () -- C:\ProgramData\k7vUREwXGlnIiC
[2012/01/19 16:24:23 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~q5Tf4nr63zhUx2r
[2012/01/19 16:24:14 | 000,000,456 | -H-- | C] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2012/01/19 16:15:47 | 000,448,768 | -H-- | C] () -- C:\ProgramData\123.exe
[2012/01/18 17:06:16 | 000,014,186 | -HS- | C] () -- C:\Users\fran\Documents\Folder.jpg
[2012/01/18 17:06:16 | 000,014,186 | -HS- | C] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Large.jpg
[2012/01/18 17:06:16 | 000,003,171 | -HS- | C] () -- C:\Users\fran\Documents\AlbumArtSmall.jpg
[2012/01/18 17:06:16 | 000,003,171 | -HS- | C] () -- C:\Users\fran\Documents\AlbumArt_{EFCC2E09-1FAB-4AF3-8F7B-C3273BFBD6CF}_Small.jpg
[2012/01/18 17:03:49 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 14:52:17 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/18 14:52:15 | 000,000,607 | -H-- | C] () -- C:\Users\fran\Desktop\System Check.lnk
[2012/01/18 14:52:12 | 000,000,440 | -H-- | C] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/16 16:06:09 | 000,008,754 | ---- | C] () -- C:\ProgramData\52423c85
[2012/01/16 16:04:43 | 000,062,459 | -H-- | C] () -- C:\Users\fran\Documents\The_Descendants_2011_REPACK_SCREENER_XviD_-_ZOMBiES.6959683.TPB.torrent
[2012/01/16 15:49:13 | 000,029,738 | -H-- | C] () -- C:\Users\fran\Documents\Moneyball_2011_BRRip_XviD-FTW.6892152.TPB.torrent
[2012/01/14 20:43:45 | 000,014,666 | -H-- | C] () -- C:\Users\fran\Documents\Person.of.Interest.S01E10.HDTV.XviD-ASAP [AGENT][1337x.org].torrent
[2012/01/13 17:58:32 | 000,007,476 | -H-- | C] () -- C:\Users\fran\Documents\The.Mentalist.S04E11.HDTV.XviD-ASAP.[VTV].avi.6951405.TPB.torrent
[2012/01/13 17:01:24 | 000,014,499 | -H-- | C] () -- C:\Users\fran\Documents\Person_of_Interest_S01E11_HDTV_XviD-ASAP_[eztv].6951579.TPB.torrent
[2012/01/12 14:19:43 | 000,014,593 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E12_HDTV_XviD-ASAP_[eztv][1337x.org].torrent
[2012/01/12 14:17:50 | 000,014,590 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E13_HDTV_XviD-2HD_[eztv][1337x.org].torrent
[2012/01/12 14:14:21 | 000,014,490 | -H-- | C] () -- C:\Users\fran\Documents\Harrys_Law_S02E11_HDTV_XviD-LOL_[eztv].6949132.TPB.torrent
[2012/01/12 14:11:42 | 000,014,479 | -H-- | C] () -- C:\Users\fran\Documents\Law.and.Order.SVU.S13E11.HDTV.XviD-LOL.[VTV].avi.6949230.TPB.torrent
[2012/01/09 17:14:25 | 017,364,199 | -H-- | C] () -- C:\Users\fran\Desktop\Excel 2010 For Dummies - (Maalestrom).pdf
[2012/01/09 17:12:20 | 000,006,337 | -H-- | C] () -- C:\Users\fran\Documents\Excel 2010 For Dummies - (Malestrom) [h33t].torrent
[2011/12/30 12:48:35 | 001,667,808 | -H-- | C] () -- C:\Users\fran\Desktop\Picture 102.jpg
[2011/12/29 17:11:41 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/26 13:13:52 | 000,008,105 | -H-- | C] () -- C:\Users\fran\Documents\Sibling.Rivalry.1990.DVDRip.x264.6384000.TPB.torrent
[2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\Users\fran\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/20 13:10:54 | 000,004,348 | -HS- | C] () -- C:\Users\fran\AppData\Local\506881s3y808c713u857y1ysd5m6
[2011/12/20 13:10:54 | 000,003,930 | -HS- | C] () -- C:\ProgramData\506881s3y808c713u857y1ysd5m6
[2010/07/14 14:36:24 | 000,000,620 | ---- | C] () -- C:\Windows\RegGenie.ini
[2010/05/20 14:04:48 | 000,002,873 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/03/27 20:06:36 | 000,100,000 | ---- | C] () -- C:\Windows\System32\xvidcore (2).dll
[2009/11/22 10:14:57 | 000,000,578 | ---- | C] () -- C:\Windows\M3JPEG.INI
[2009/09/16 20:58:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 20:58:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/15 12:22:41 | 000,169,341 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 13:50:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll
[2009/06/30 12:25:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands
[2009/06/30 12:25:09 | 000,000,268 | RH-- | C] () -- C:\Users\fran\AppData\Roaming\ColorTable
[2009/06/30 12:25:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/06/30 12:12:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Comedy Noises
[2009/06/30 12:12:46 | 000,000,268 | RH-- | C] () -- C:\Users\fran\AppData\Roaming\Cocoa
[2009/06/30 12:12:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/10 10:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\LiveClient.dll
[2009/04/10 10:22:50 | 000,176,128 | ---- | C] () -- C:\Windows\GeoCodecLib.dll
[2009/01/12 18:06:56 | 000,005,055 | -H-- | C] () -- C:\ProgramData\ywasvxup.hvs
[2009/01/10 11:39:27 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\879bd249e38aa95
[2009/01/10 11:36:51 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e2885dfed4432ad
[2009/01/10 11:30:31 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\f4b4078416895d5
[2009/01/10 11:30:11 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5bd984c3690c592
[2009/01/10 11:27:06 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e24b76a18275429
[2009/01/10 11:26:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\16a31fe427215df
[2009/01/10 11:23:25 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\8c381622b054eae
[2009/01/10 11:21:10 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\dfa409a166a6a13
[2009/01/10 11:19:15 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\32584a94ef4d92a
[2009/01/10 11:19:05 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1a4687276c956c8
[2009/01/10 11:18:00 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\99ce21a2ae22606
[2009/01/10 11:17:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c8c5499adc56da5
[2009/01/10 11:14:50 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\acbb6ef48b6dc68
[2009/01/10 11:14:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c9104d4825b6261
[2009/01/10 11:07:59 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\4f8f8cf620a3077
[2009/01/10 10:23:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\65a00ff4fc8f1af
[2009/01/10 10:22:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b06b03ba03bca22
[2009/01/09 18:10:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\491b74175c778c5
[2009/01/09 18:05:40 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\d4b5c41f8d74e6a
[2009/01/09 18:04:41 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\eb4387b7e66a85f
[2009/01/09 17:59:55 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\ff86e0b75094016
[2009/01/09 17:59:09 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5b3cf438eb60b35
[2009/01/09 17:57:49 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1c259bf20aab364
[2009/01/09 17:56:44 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\40beebab9c36ce0
[2009/01/09 17:53:34 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b1b638edd446128
[2009/01/09 17:53:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\94800ada1706250
[2008/09/24 11:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/22 12:11:23 | 000,130,976 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2008/07/22 12:11:23 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2008/06/18 19:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/03/25 15:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/02/27 16:04:58 | 000,000,153 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2008/02/17 16:27:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/01/26 15:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/01/19 12:15:12 | 000,001,028 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\AVIEncoder.wff
[2008/01/04 15:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/17 07:45:12 | 000,000,087 | ---- | C] () -- C:\Windows\UsnapPRO.INI
[2007/10/16 10:46:44 | 000,250,156 | -H-- | C] () -- C:\Users\fran\AppData\Local\rx_image.Cache
[2007/09/26 16:07:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/10 12:55:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/08/28 18:23:04 | 000,006,726 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\wklnhst.dat
[2007/08/24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/23 18:35:04 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2007/08/23 18:35:04 | 000,000,165 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007/08/23 18:35:03 | 000,100,864 | ---- | C] () -- C:\Windows\System32\Dc50ip32.dll
[2007/08/23 18:35:03 | 000,065,864 | ---- | C] () -- C:\Windows\System32\Digita.sys
[2007/08/23 18:35:03 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ImgLibLead.dll
[2007/08/23 15:41:46 | 000,130,425 | ---- | C] () -- C:\Windows\hpoins18.dat
[2007/08/23 11:27:37 | 000,031,232 | -H-- | C] () -- C:\Users\fran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/23 11:23:50 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/03/10 05:51:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/03/08 09:25:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/03/08 09:22:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/08 09:22:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/08 09:13:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/03/06 12:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/28 17:52:43 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2007/02/05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/10 05:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,461,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,617,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,108,360 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/17 09:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpusp32.dll
[2006/08/11 01:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 01:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2006/02/25 12:09:38 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

========== LOP Check ==========

[2007/12/05 12:49:48 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\AVSMedia
[2008/01/19 20:45:55 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Azureus
[2012/01/16 16:59:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\BitTorrent
[2008/03/13 10:28:13 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\BitTorrent DNA
[2012/01/24 14:28:25 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\DNA
[2009/01/12 12:17:50 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\DriverCure
[2010/06/20 19:06:43 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\FreeFLVConverter
[2008/11/13 16:58:15 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\FrostWire
[2008/11/05 11:05:30 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\GrabPro
[2011/11/01 18:13:35 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Image Zone Express
[2010/05/14 17:00:31 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Leadertech
[2008/11/22 12:06:01 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\LimeWire(56)
[2009/05/06 16:05:01 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\muvee Technologies
[2008/01/19 12:18:35 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\NCH Swift Sound
[2009/07/17 16:18:14 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Nikon
[2008/02/18 10:20:15 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Opera
[2011/06/17 13:56:28 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Orbit
[2007/12/29 17:52:47 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Pegasys Inc
[2007/08/23 16:25:44 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Printer Info Cache
[2008/01/19 20:45:56 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\SuperNZB
[2007/08/28 18:23:06 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Template
[2009/02/23 19:42:59 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\TomTom
[2010/07/14 14:56:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Uniblue
[2008/02/05 15:08:17 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\WinAVI
[2007/08/24 13:53:11 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\WinBatch
[2011/05/20 13:49:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Windows Live Writer
[2012/01/23 19:52:30 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/24 14:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F623431B-85FC-4B49-9266-D17D838F2373}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2009/05/05 12:32:01 | 000,000,174 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 12:51:28 | 000,009,762 | ---- | M] () -- C:\avi_log.txt
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/03/08 09:12:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/01/19 17:50:41 | 000,024,219 | ---- | M] () -- C:\debug.log
[2009/11/17 17:28:04 | 000,000,064 | ---- | M] () -- C:\FINIS_IT.TXT
[2007/10/20 13:34:07 | 024,116,881 | ---- | M] () -- C:\HpWinVNC4.log
[2007/08/23 18:33:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/23 18:33:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/06/22 09:13:21 | 000,000,761 | ---- | M] () -- C:\net_save.dna
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2012/01/24 14:08:02 | 3525,066,752 | -HS- | M] () -- C:\pagefile.sys
[2007/07/18 23:29:40 | 003,405,312 | ---- | M] (Adobe Systems, Inc.) -- C:\PD4.exe
[2008/07/21 10:22:48 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2012/01/20 16:54:48 | 000,074,194 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_20.01.2012_16.53.13_log.txt
[2012/01/23 16:29:17 | 000,071,858 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_23.01.2012_16.20.12_log.txt
[2008/01/19 15:29:08 | 000,004,745 | ---- | M] () -- C:\unins000.dat
[2008/12/13 12:14:23 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/23 14:55:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1998/04/18 09:34:56 | 000,054,784 | ---- | M] (Storm Technology, Inc.) -- C:\Windows\EasyPhoto Slide Show.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/19 10:37:32 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2008/03/15 06:10:09 | 023,454,528 | -H-- | M] ( ) -- C:\Users\fran\Desktop\AdbeRdr812_en_US.exe
[2012/01/20 15:37:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\fran\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\fran\Desktop\boot_cleaner.exe
[2012/01/23 14:15:40 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\fran\Desktop\Combofix.exe
[2010/12/24 16:22:34 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\fran\Desktop\explorer.exe.exe
[2012/01/20 16:52:00 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\fran\Desktop\MY APP.exe
[2012/01/24 14:18:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\fran\Desktop\OTL.exe
[2007/11/13 18:50:35 | 022,749,719 | -H-- | M] (Shark007) -- C:\Users\fran\Desktop\VistaCodecs_v452.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/07/30 09:56:55 | 000,061,224 | -H-- | M] () -- C:\Users\fran\GoToAssistDownloadHelper.exe
[1 C:\Users\fran\*.tmp files -> C:\Users\fran\*.tmp -> ]

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/23 15:16:56 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/09/23 15:16:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2009/09/23 15:16:26 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/08/29 08:38:58 | 000,000,402 | -HS- | M] () -- C:\Users\fran\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/01/19 16:15:47 | 000,448,768 | -H-- | M] () -- C:\ProgramData\123.exe
[2011/12/24 23:24:36 | 000,012,680 | -HS- | M] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
[2011/12/20 13:14:42 | 000,003,930 | -HS- | M] () -- C:\ProgramData\506881s3y808c713u857y1ysd5m6
[2012/01/16 19:37:38 | 000,008,754 | ---- | M] () -- C:\ProgramData\52423c85
[2009/06/30 12:12:46 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Comedy Noises
[2009/06/30 12:25:09 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Commands
[2009/08/15 12:24:20 | 000,005,167 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/01/19 17:21:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\k7vUREwXGlnIiC
[2010/05/20 14:05:03 | 000,002,873 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/01/22 14:05:23 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/18 14:55:22 | 000,000,440 | -H-- | M] () -- C:\ProgramData\ofMZsqDhhCLj4V
[2012/01/19 16:26:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\q5Tf4nr63zhUx2
[2009/01/12 18:06:56 | 000,005,055 | -H-- | M] () -- C:\ProgramData\ywasvxup.hvs
[2012/01/19 17:19:53 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiC
[2012/01/19 17:19:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiCr
[2012/01/18 14:52:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4V
[2012/01/18 14:52:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
[2012/01/19 16:24:23 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2
[2012/01/19 16:24:23 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2r

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Files - Unicode (All) ==========
[2011/04/08 16:31:33 | 000,000,000 | -H-D | M](C:\Users\fran\AppData\Roaming\???????sAppData) -- C:\Users\fran\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2011/04/08 16:31:33 | 000,000,000 | -H-D | M](C:\Users\fran\AppData\Roaming\???????sAppData) -- C:\Users\fran\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\fran\AppData\Roaming\???????sAppData) -- C:\Users\fran\AppData\Roaming\敎潲䍄敔灭慬整sAppData

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB56286$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\Romantics - Talking In Your Sleep.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\MeatLoaf - Let Me Sleep On It.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\jesse maccartney - Don't Go Breaking My Heart.mp3:TOC.WMV
@Alternate Data Stream - 3241 bytes -> C:\Users\fran\Documents\Girlfriends.eml:OECustomProperty
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:F4CE9946
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >

 

[Broni]

I still need Extras.txt

 

[bichons9]

extras

OTL Extras logfile created on: 1/24/2012 2:25:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\fran\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.08% Memory free
6.21 Gb Paging File | 5.39 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 364.93 Gb Total Space | 29.35 Gb Free Space | 8.04% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 1.64 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive F: | 376.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRAN-PC | User Name: fran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{111A5D75-4278-4B07-9646-E9DAD4A3C518}" = rport=10243 | protocol=6 | dir=out | app=system |
"{18848E6C-3755-4171-BB81-647CC82DDC25}" = lport=56579 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{25246C8A-8251-4E00-AD6C-6FC62003CB95}" = lport=6884 | protocol=6 | dir=in | name=bittorrent |
"{2AAC040C-C226-449F-9784-E601292CE8BB}" = lport=6881 | protocol=6 | dir=in | name=utorrent |
"{31E070D9-EA2A-46C7-987A-496A40BFA683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BBAF6C2-8CD8-448C-929C-E1E32AD7C307}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{44E2C9A0-01A3-48F3-A1FA-F7E4BE4D9355}" = lport=6886 | protocol=6 | dir=in | name=bittorrent |
"{46D2BD0E-9055-4BF3-84A5-682429B55FA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{480F5E3C-7F94-445F-ABE0-0F31C290A01D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{547C0029-FEBD-46BD-ADE6-9E5FD46FF7DC}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{619FB86D-6B94-4F0D-B007-96E8C957115F}" = lport=6882 | protocol=6 | dir=in | name=bittorrent |
"{62158EF2-F2B1-44A5-8025-81925B1198B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6223E4FD-5A09-4357-A42D-84C73DAA4210}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B280EEA-02A7-4900-AA36-C85EAAE6189A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BAF3491-4F8D-4D67-BFA5-59DDE708560D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{714C176B-55FB-4EE1-8B7B-489232ACFCB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7872BABD-62C7-40EF-AFD6-5D9206626B8D}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{7A0C6DDF-4EC2-4BB7-A7DF-5ACDBF0A0E54}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88A38B2E-B617-4E7C-851A-A615C75E5705}" = lport=6885 | protocol=6 | dir=in | name=bittorrent |
"{8B440974-9A43-4B6D-B4B0-29469EE4F6CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A7A1187-6F0A-40A5-8C29-11B4C3B9D3D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EE38279-3308-4C6E-BC53-E48C6711FC98}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A1CB9F75-6678-435F-A8FA-41317E765D07}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A90CFABA-3F6A-442D-A8EF-7EF67315F382}" = lport=56579 | protocol=6 | dir=in | name=pando p2p tcp listening port |
"{C0D502B2-9964-4D09-B314-A910E94DC8F5}" = lport=6883 | protocol=6 | dir=in | name=bittorrent |
"{C7D5706C-82A8-4A56-BD77-2AFC38F4F9C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C8B67810-1B07-44AC-BA53-DDE754935723}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D9818A17-AC1A-4FDD-8ABB-862024226AEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4C5B21F-09C0-440E-B8A5-D5B4F18D91F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6E2AF3D-314F-44ED-A9D1-F2C61122A706}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008DD81A-5A2D-4B4D-9654-744CBE7EAE52}" = protocol=6 | dir=in | app=c:\program files\bittorrent\choose_language.exe |
"{00DBB426-6C5B-4C49-94A3-361024EBBE84}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{06713A81-84EB-407B-941E-6051A4BD98C9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{06CDCE07-4F55-46C3-9DE5-352F98BA9F75}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{06EB4DC4-AD9C-46BE-BCA5-C343F7C903B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C24F5D1-8721-4C84-B78A-CC312231F8F4}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{158D58C0-05B1-4799-AD07-B515879B08D5}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{1B2A60CF-28FF-4BBC-99EA-5FB4BC6F7474}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1C8503A7-B7FA-4207-9072-1F053471A8C2}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{1D59BBE1-920F-485A-816A-7BEC21C22FB7}" = protocol=6 | dir=in | app=c:\program files\vistacodecpack\filters\ac3config.exe |
"{23203484-64DB-4DD7-950A-EFE30FFE8F6B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{27BC3C4E-03BA-44E5-BB41-9BCCC9D08BDB}" = protocol=6 | dir=out | app=system |
"{28A814CC-1CD5-4531-B7D5-456826A51C75}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{3F00F963-9916-4EDB-A192-064070E2AA44}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{41F1EB33-30A9-4310-BC7A-8802CD31417F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{4739FCBB-B0EE-47A2-8183-44D2627AD81E}" = dir=in | app=rosettastoneversion3.exe |
"{4C4DCEAA-19A8-4505-AA93-FC875DBD2CC7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{4F1F2A85-B5B2-45BD-A2FC-4D770A7420FC}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{58A675AA-B178-47DC-983B-8C03CC34491A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5FC968D0-B774-4875-9628-0BFF28185B7D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{616CFA5F-E481-4D81-9312-778EB1E080E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{617358EC-FC56-45EE-B6D6-FBC09D15930E}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{62C621DC-7831-4365-A09D-73C2DA4B16CB}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{62EAEF64-0798-4D7B-891A-6F30B700D86D}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{6646BFFE-5F7D-4851-83AA-C0175B86B5A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67549DB7-ADCB-4903-B239-02376DCE392A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67DCAD36-4193-45D4-8B7D-FDE9582D7577}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{716F828D-2E61-4438-AA0C-D44B9C729017}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{77B4A6BE-90D9-4F67-A55C-A995F0ABFF1F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7942B8D5-BCEA-425A-B639-D1C569EC9E18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CFD2D05-7CE7-41ED-9C97-78F2CC350884}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{841025A4-1305-4E54-AF56-0D16D2894EB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85326B87-5C5E-404A-A60B-84554D3530ED}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{883B9865-78B7-4567-9809-CBD5546C4FA3}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{8FC84FDF-CBBC-4FEC-A482-BADA8A53F864}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{939F21E4-B4DA-40FC-8DDF-C7C4A6CDEF9D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{96D5A838-CCCD-41C6-989C-53D286B9E122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B52DFFE-F76E-460D-A627-47DB45F2E9F3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{9D842222-DCD7-4DF7-96A0-4D1918FE62DC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9F6C3E3B-7ED8-4D56-B0EC-4ED7517D2F96}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9F949A9E-1214-4012-A3D3-CE330F719676}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{A350F728-014F-4523-B856-54F8B3BA79FE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A3ABF0F4-5091-4752-8FD3-05F42AEF1859}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A76C3CF3-69BB-4214-AC01-A23B0C256DB9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A7E42570-F80D-4AB0-9574-8DDB3DD81E02}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{AF186039-7E81-4CB5-9469-E0EF36086955}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B05453B7-FCFF-4E4E-A673-3A091B56F358}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B1778F4A-9302-4A8F-BA9E-2E8FB05E8B9D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B2AAB157-F549-4866-86C5-449820A2B55E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3171362-F4BC-417E-9C71-2E6BC4746A4B}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{B5AA98CC-ED8D-42CA-A6A4-B906E8328564}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{B65C95F4-B4E4-4CDD-BF75-7F7080BC9FD8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B7B2CE6B-FCC6-435A-BD24-B900CAB157D5}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{BAC6B761-E436-4246-9930-2884F077149D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF3793AF-E36E-4E2D-8DE8-9BC6F2601297}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C316313B-DAAC-4DB1-B1DC-E555FBF019DC}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{C3711D51-14A7-4069-8EA3-2D49BF541633}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{C6070FD2-859D-4468-B308-A15009A51141}" = protocol=17 | dir=in | app=c:\program files\vistacodecpack\filters\ac3config.exe |
"{CE837851-21D5-490D-80CA-9BC88EF7E24A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEDCEB8C-A98B-4BA3-8443-E31A7FA2EA88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3309040-8A1A-4B8D-B71D-1C131E08A02C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D665EE67-875B-40B9-805F-4D21C6E5D0C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC4D722-7343-4F70-923C-2C3D57887BA3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DD502E2A-222B-4712-B516-4D9209F2AA3C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{DEA5CFBF-5CBF-4B07-AB37-F719E9B3798C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E11A29F4-AED9-4E53-981D-096D364085F7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\choose_language.exe |
"{E52B6427-F30F-4926-A53D-6C24AE8775E9}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{F40BF604-48CE-4CB3-85CA-3909B1DA90AF}" = dir=in | app=support inrosettastoneltdservices.exe |
"{F8029894-4EAC-4E5D-AD88-144590BD4CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA08B9E2-D52E-40F9-98CB-55830B98FFDF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FCE7615E-7736-4AE5-BBFE-1BACB961D745}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FE15A08F-BDF2-47CE-9D51-A108DE8DD116}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF07E052-57B3-45F8-ACDE-6580C6945E5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1D94C021-992C-4D01-90FB-8D9E017FC1AE}C:\users\fran\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\bittorrent_dna\dna.exe |
"TCP Query User{226193B2-464D-4C05-B5D9-01448F326DCD}C:\users\fran\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"TCP Query User{27FDF760-2C13-48B5-9A93-64BDA3DB1AAF}C:\users\fran\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"TCP Query User{5B4EEABB-91F0-48A0-B36C-BA7BFCBA686B}C:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe" = protocol=6 | dir=in | app=c:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe |
"TCP Query User{6A77F969-9B10-4B82-A297-F0DF744AEDA9}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{70B61A7B-D5F7-4CB7-807B-BE22113540CB}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{7C7A59A7-3B4A-4ADD-9C89-83D4F6224A77}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{7D10DE02-263C-403E-A6AE-A351F41109F8}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{80425282-E561-43C9-A9C0-98A04CA49B45}C:\users\fran\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\fran\program files\bittorrent\bittorrent.exe |
"TCP Query User{80D5FA7F-846A-4C8F-AB87-26324C4C4950}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{A4345628-0F6C-4D44-BAFB-FFD7287E0C21}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A6C4B790-168C-4342-982E-56C6AADB3F1E}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{D9FE627A-02A4-4849-A268-8D7F99238DBA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{DF116AD9-9FEB-4FAB-BDEA-C0A22DFE8D9D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{EC69F429-087A-414E-BFB6-1C8A229BD0B6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{15A59BC8-340D-4517-85AB-109E77D76C68}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{18F44350-2116-4338-9B13-D00AB2686E84}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{328D4D4C-CE43-41E5-8292-CE530C0F3025}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{3F28B61C-80CE-49A6-9C42-0C741F85034B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4937F117-C937-42FC-B8D8-464217F78E23}C:\users\fran\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"UDP Query User{58340C81-1DC6-4876-8D28-C337895E9005}C:\users\fran\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\bittorrent\bittorrent.exe |
"UDP Query User{9A3E3E69-8C31-42AA-9494-DC315120980F}C:\users\fran\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\dna\btdna.exe |
"UDP Query User{A992339E-7622-495B-B5A6-2319AEF33F2A}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{B3ABD457-E8A7-4C54-9891-294E3C9DEA50}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D2161AAB-F490-4796-A29D-F5BC69FB0B63}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{D9B44D03-C49C-4EF4-97E7-276D1D287EA8}C:\users\fran\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\fran\program files\bittorrent_dna\dna.exe |
"UDP Query User{DC149898-3507-4EF6-B851-5F94B0B30D68}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{E3C47099-D8C0-4158-9887-6D3B55AEC1E1}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{EA4FC1CD-9DAF-4DAF-AD88-2D7BC67FCF52}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{FD05B935-07CD-4BAC-AEC4-097C4CBDF8C0}C:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe" = protocol=17 | dir=in | app=c:\program files\adobe\photoshop elements 5.0\photoshopelementsorganizer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A023A2D1-8BD3-4B3D-8077-CD9DDA489CB5}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B46E38DB-F929-4EA6-BBB1-BE9873A0F1F4}" = muvee Reveal
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe Home Edition 3.1" = Adobe PhotoDeluxe Home Edition 3.1
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MediaInfo" = MediaInfo 0.7.18
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RAR Key Demo" = RAR Key 8.1 Demo
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 5.2
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Rhapsody" = Rhapsody
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.5.2.60
"TurboTax Premier 2007" = TurboTax Premier 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2541608533-1603495204-1932474290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2012 6:41:12 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Mail\wlmail.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:21 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:08:33 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Mesh\WLSync.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:17:32 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:17:32 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:20:33 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/24/2012 4:20:33 PM | Computer Name = fran-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 12/6/2007 10:54:40 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/20/2007 2:04:37 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/22/2007 1:51:14 AM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/16/2008 4:55:25 PM | Computer Name = fran-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/22/2008 4:52:03 PM | Computer Name = fran-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/12/2008 11:30:55 AM | Computer Name = fran-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/1/2008 12:13:07 AM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 3/26/2009 9:28:15 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 10:06:55 AM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/6/2009 9:29:06 PM | Computer Name = fran-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/23/2012 6:39:19 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/23/2012 6:39:19 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/23/2012 6:39:22 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/23/2012 6:41:24 PM | Computer Name = fran-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/24/2012 4:09:46 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/24/2012 4:09:50 PM | Computer Name = fran-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/24/2012 4:11:52 PM | Computer Name = fran-PC | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >

 

[Broni]

You have "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.

==============================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2011/08/17 12:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
  O3 - HKLM\..\Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
  O3 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
  O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
  O4 - HKLM..\Run: [UIWWFDnoJEOaR.exe] C:\ProgramData\UIWWFDnoJEOaR.exe File not found
  O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [hbcVhKDrqeOuR.exe] C:\ProgramData\hbcVhKDrqeOuR.exe File not found
  O4 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
  O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
  O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe File not found
  O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
  O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
  O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: internet ([]about in Trusted sites)
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
  O15 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell - "" = AutoRun
  O33 - MountPoints2\{180b5077-46c7-11e1-9e49-9e705b79f991}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
  O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell - "" = AutoRun
  O33 - MountPoints2\{b255a0da-51c8-11dc-9faf-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
  O33 - MountPoints2\J\Shell - "" = AutoRun
  O37 - HKLM\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
  O37 - HKU\.DEFAULT\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
  O37 - HKU\S-1-5-18\...exe [@ = anp] -- "C:\Windows\system32\config\systemprofile\AppData\Local\yzv.exe" -a "%1" %*
  O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
  O37 - HKU\S-1-5-21-2541608533-1603495204-1932474290-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
  [2012/01/18 14:52:15 | 000,000,000 | -H-D | C] -- C:\Users\fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
  [2012/01/19 17:21:33 | 000,000,448 | -H-- | M] () -- C:\ProgramData\k7vUREwXGlnIiC
  [2012/01/19 17:19:53 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiC
  [2012/01/19 17:19:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~k7vUREwXGlnIiCr
  [2012/01/19 17:19:51 | 000,000,631 | -H-- | M] () -- C:\Users\fran\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
  [2012/01/19 16:26:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\q5Tf4nr63zhUx2
  [2012/01/19 16:24:23 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2
  [2012/01/19 16:24:23 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~q5Tf4nr63zhUx2r
  [2012/01/19 16:15:47 | 000,448,768 | -H-- | M] () -- C:\ProgramData\123.exe
  [2012/01/18 14:55:22 | 000,000,440 | -H-- | M] () -- C:\ProgramData\ofMZsqDhhCLj4V
  [2012/01/18 14:52:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4V
  [2012/01/18 14:52:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~ofMZsqDhhCLj4Vr
  [2012/01/18 14:52:15 | 000,000,607 | -H-- | M] () -- C:\Users\fran\Desktop\System Check.lnk
  [2012/01/16 19:37:38 | 000,008,754 | ---- | M] () -- C:\ProgramData\52423c85
  [2012/01/16 16:04:43 | 000,062,459 | -H-- | C] () -- C:\Users\fran\Documents\The_Descendants_2011_REPACK_SCREENER_XviD_-_ZOMBiES.6959683.TPB.torrent
  [2012/01/16 15:49:13 | 000,029,738 | -H-- | C] () -- C:\Users\fran\Documents\Moneyball_2011_BRRip_XviD-FTW.6892152.TPB.torrent
  [2012/01/14 20:43:45 | 000,014,666 | -H-- | C] () -- C:\Users\fran\Documents\Person.of.Interest.S01E10.HDTV.XviD-ASAP [AGENT][1337x.org].torrent
  [2012/01/13 17:58:32 | 000,007,476 | -H-- | C] () -- C:\Users\fran\Documents\The.Mentalist.S04E11.HDTV.XviD-ASAP.[VTV].avi.6951405.TPB.torrent
  [2012/01/13 17:01:24 | 000,014,499 | -H-- | C] () -- C:\Users\fran\Documents\Person_of_Interest_S01E11_HDTV_XviD-ASAP_[eztv].6951579.TPB.torrent
  [2012/01/12 14:19:43 | 000,014,593 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E12_HDTV_XviD-ASAP_[eztv][1337x.org].torrent
  [2012/01/12 14:17:50 | 000,014,590 | -H-- | C] () -- C:\Users\fran\Documents\Unforgettable_S01E13_HDTV_XviD-2HD_[eztv][1337x.org].torrent
  [2012/01/12 14:14:21 | 000,014,490 | -H-- | C] () -- C:\Users\fran\Documents\Harrys_Law_S02E11_HDTV_XviD-LOL_[eztv].6949132.TPB.torrent
  [2012/01/12 14:11:42 | 000,014,479 | -H-- | C] () -- C:\Users\fran\Documents\Law.and.Order.SVU.S13E11.HDTV.XviD-LOL.[VTV].avi.6949230.TPB.torrent
  [2012/01/09 17:14:25 | 017,364,199 | -H-- | C] () -- C:\Users\fran\Desktop\Excel 2010 For Dummies - (Maalestrom).pdf
  [2012/01/09 17:12:20 | 000,006,337 | -H-- | C] () -- C:\Users\fran\Documents\Excel 2010 For Dummies - (Malestrom) [h33t].torrent
  [2011/12/26 13:13:52 | 000,008,105 | -H-- | C] () -- C:\Users\fran\Documents\Sibling.Rivalry.1990.DVDRip.x264.6384000.TPB.torren t
  [2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\Users\fran\AppData\Local\16qb5285s67yesn24bxfk81p33a02r8x
  [2011/12/24 18:08:34 | 000,012,680 | -HS- | C] () -- C:\ProgramData\16qb5285s67yesn24bxfk81p33a02r8x
  [2011/12/20 13:10:54 | 000,004,348 | -HS- | C] () -- C:\Users\fran\AppData\Local\506881s3y808c713u857y1ysd5m6
  [2011/12/20 13:10:54 | 000,003,930 | -HS- | C] () -- C:\ProgramData\506881s3y808c713u857y1ysd5m6
  [2009/01/12 18:06:56 | 000,005,055 | -H-- | C] () -- C:\ProgramData\ywasvxup.hvs
  [2009/01/10 11:39:27 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\879bd249e38aa95
  [2009/01/10 11:36:51 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e2885dfed4432ad
  [2009/01/10 11:30:31 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\f4b4078416895d5
  [2009/01/10 11:30:11 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5bd984c3690c592
  [2009/01/10 11:27:06 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\e24b76a18275429
  [2009/01/10 11:26:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\16a31fe427215df
  [2009/01/10 11:23:25 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\8c381622b054eae
  [2009/01/10 11:21:10 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\dfa409a166a6a13
  [2009/01/10 11:19:15 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\32584a94ef4d92a
  [2009/01/10 11:19:05 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1a4687276c956c8
  [2009/01/10 11:18:00 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\99ce21a2ae22606
  [2009/01/10 11:17:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c8c5499adc56da5
  [2009/01/10 11:14:50 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\acbb6ef48b6dc68
  [2009/01/10 11:14:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\c9104d4825b6261
  [2009/01/10 11:07:59 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\4f8f8cf620a3077
  [2009/01/10 10:23:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\65a00ff4fc8f1af
  [2009/01/10 10:22:30 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b06b03ba03bca22
  [2009/01/09 18:10:36 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\491b74175c778c5
  [2009/01/09 18:05:40 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\d4b5c41f8d74e6a
  [2009/01/09 18:04:41 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\eb4387b7e66a85f
  [2009/01/09 17:59:55 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\ff86e0b75094016
  [2009/01/09 17:59:09 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\5b3cf438eb60b35
  [2009/01/09 17:57:49 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\1c259bf20aab364
  [2009/01/09 17:56:44 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\40beebab9c36ce0
  [2009/01/09 17:53:34 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\b1b638edd446128
  [2009/01/09 17:53:14 | 000,003,262 | -H-- | C] () -- C:\Users\fran\AppData\Roaming\94800ada1706250
  [2010/07/14 14:56:53 | 000,000,000 | -H-D | M] -- C:\Users\fran\AppData\Roaming\Uniblue
  @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  @Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\Romantics - Talking In Your Sleep.mp3:TOC.WMV
  @Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\MeatLoaf - Let Me Sleep On It.mp3:TOC.WMV
  @Alternate Data Stream - 64 bytes -> C:\Users\fran\Documents\jesse maccartney - Don't Go Breaking My Heart.mp3:TOC.WMV
  @Alternate Data Stream - 3241 bytes -> C:\Users\fran\Documents\Girlfriends.eml:OECustomProperty
  @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:F4CE9946
  @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:7F4E393D
  @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ECF54A0E
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
  "DisableMonitoring" =-
  
  :Files
  C:\Program Files\Common Files\Spigot
  C:\Users\fran\AppData\Local\Temp\87EPgtDlSWkVpf.exe.tmp
  C:\Users\fran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\393d13ac-2a08195f
  C:\ProgramData\123.exe
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

 

[bichons9]

Are the hosts missing because i copied wrong or because something is wrong? When you asked me to copy the following text, this is where my lack of pc smartness is really showing. i almost thought you wanted me to copy that box labeled Code,right below, starting "This is a sample HOSTS file...". What am I suppose to paste into noteapd?

 

[bichons9]

I saved it to my desktop because system32 drivers etc exists but it doesn't show up and let me save it there. I am copying that code box into it by hand.

 

[Broni]

Copy everything inside the box (leave alone word "code").

it doesn't show up

It doesn't show up where?

 

[Broni]

Let's make it easier for you....

Download following "hosts"(zipped) file: http://www.bleepstatic.com/fhost/uploads/0/hosts_vista.zip
Unzip it.
Copy hosts file found inside.
Open Windows Explorer and paste hosts file to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.

NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.