Firstly, I have never used whatthetech before, so hi! I've read the "Are you infected?" thread and I understand I am not supposed to uninstall anything yet.. unfortunately I have already tried this, not having realised I'd be coming here for help. I will detail everything I have done so far here. I am told that Blekko will attempt to stop any google searches and display its own search bar upon opening a browser, instead of standard search results it links to many sites infected with viruses, etc (this is what I have discovered after a number of searches).
Problem:
- Blekko 'toolbar' has hijacked my browser
- The problem cannot be fixed by changing my default browser back to Google
- Blekko was installed by a CNET installer for some software I was installing without my consent (this is according to other sources I have read, and I believe it since I have recently installed some software via CNET)
What I have done so far:
- Run AVG scan: no results
- Uninstalled Blekko Toolbar with Revo Uninstaller Pro and deleted any "leftover files" and registry items that it detected
- Deleted any files associated with Blekko
- The problem persists
OS: Windows 7
Browser: Google Chrome
OTL Results
OTL.txt
OTL logfile created on: 12/06/2012 17:32:08 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mitch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
7.95 Gb Total Physical Memory | 5.53 Gb Available Physical Memory | 69.54% Memory free
15.90 Gb Paging File | 13.15 Gb Available in Paging File | 82.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 730.32 Gb Total Space | 608.38 Gb Free Space | 83.30% Space Free | Partition Type: NTFS
Drive D: | 750.00 Mb Total Space | 529.89 Mb Free Space | 70.65% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 83.58 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Alienware)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\439862b007b2dd84127ff35af476f5ad\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\b66483e0236a08b2e70d433c47978ec3\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\54d6d2991095fb2de89cbb164644fa1d\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a31066ac437b7da0e6e52917400c3395\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\eba1ea877df19e9a05fb7f8cb0bc3368\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\360e9c00572679f437fff0ae719a5886\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll ()
MOD - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin\screen_capture.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/alienware
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...mp;tbp=homepage
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000944452997b8f
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :80
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mitch\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mitch\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 14:00:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 10:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/13 01:47:29 | 000,000,000 | ---D | M]
[2012/04/10 13:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/10 13:20:23 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/05/10 20:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/10 20:41:01 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\ffxtlbr@babylon.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mitch\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mitch\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: YouTube = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Web Cache = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coblegoildgpecccijneplifmeghcgip\0.4_0\
CHR - Extension: Google Search = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Publisher Toolbar (by Google) = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc\3.1_0\
CHR - Extension: Gmail = C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/04/17 12:19:15 | 000,000,850 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 78.151.38.24 DDOS_ME_NOW
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKCU..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f File not found
O4 - HKCU..\RunOnce: [blekkotb_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Anti-phishing Domain Advisor" /s /q File not found
O4 - HKCU..\RunOnce: [blekkotb_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\Mitch\AppData\Local\blekkotb" /s /q File not found
O4 - HKCU..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D4CBA6-0268-4F7D-9F97-3C81BC9AD6EA}: DhcpNameServer = 10.72.0.68 10.72.0.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54019E1-16BA-4E20-A8FB-9BCDE7237B62}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.xtor - DxtoryCodec64.dll (Dxtory Software)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.xtor - C:\Windows\SysWow64\DxtoryCodec.dll (Dxtory Software)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/06/12 17:30:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2012/06/11 14:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/09 00:26:38 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\Super Hostile 01 - Sea of Flame II v3.0
[2012/06/08 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\uhc7
[2012/06/04 16:53:59 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\infernalsky videos
[2012/06/02 00:40:42 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\PandoraRecovery
[2012/06/02 00:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2012/06/02 00:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2012/06/02 00:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/05/19 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
[2012/05/19 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mouse Auto Clicker
[2012/05/15 22:52:09 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\Wakingup
[2012/05/13 17:41:20 | 000,000,000 | ---D | C] -- C:\Users\Mitch\New folder
========== Files - Modified Within 30 Days ==========
[2012/06/12 17:32:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 17:30:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2012/06/12 17:20:01 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/12 17:02:06 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3496025154-2282200793-280511904-1000UA.job
[2012/06/12 17:00:48 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 17:00:48 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 16:58:28 | 000,780,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 16:58:28 | 000,665,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 16:58:28 | 000,125,608 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 16:58:20 | 000,034,764 | ---- | M] () -- C:\Users\Mitch\AppData\Local\dt.dat
[2012/06/12 16:53:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 16:53:29 | 2109,894,655 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 16:52:25 | 000,481,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 16:52:12 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/12 09:57:39 | 100,255,877 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/12 05:06:47 | 000,002,401 | ---- | M] () -- C:\Users\Mitch\Desktop\Google Chrome.lnk
[2012/06/12 02:54:55 | 000,000,024 | ---- | M] () -- C:\Users\Mitch\random.dat
[2012/06/12 02:50:20 | 000,000,044 | ---- | M] () -- C:\Users\Mitch\jagex_cl_runescape_LIVE.dat
[2012/06/11 17:22:06 | 000,262,562 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/11 16:19:35 | 000,171,232 | ---- | M] () -- C:\Users\Mitch\Desktop\Reel Big Fish New Album Teaser -Candy Coated Fury- Out Summer 2012.mp3.sfk
[2012/06/11 16:16:32 | 001,987,186 | ---- | M] () -- C:\Users\Mitch\Desktop\Reel Big Fish New Album Teaser -Candy Coated Fury- Out Summer 2012.mp3
[2012/06/11 14:11:09 | 000,256,000 | ---- | M] () -- C:\Users\Mitch\Desktop\EnchantmentCalculator.exe
[2012/06/11 14:00:07 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/11 13:52:57 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3496025154-2282200793-280511904-1000Core.job
[2012/06/09 02:22:24 | 000,144,136 | ---- | M] () -- C:\Users\Mitch\Desktop\Spazzmatica Polka.mp3.sfk
[2012/06/09 01:53:15 | 003,844,039 | ---- | M] () -- C:\Users\Mitch\Desktop\Spazzmatica Polka.mp3
[2012/06/08 00:12:23 | 078,878,720 | ---- | M] () -- C:\Users\Mitch\Desktop\uhc7.tar
[2012/06/07 15:10:26 | 000,320,450 | ---- | M] () -- C:\Users\Mitch\Desktop\12w23b.png
[2012/06/07 14:52:05 | 214,111,257 | ---- | M] () -- C:\Users\Mitch\Desktop\12w23b.wmv
[2012/06/07 14:45:33 | 000,049,904 | ---- | M] () -- C:\Users\Mitch\Desktop\12w23b.veg
[2012/06/07 14:44:59 | 000,049,904 | ---- | M] () -- C:\Users\Mitch\Desktop\12w23b.veg.bak
[2012/06/05 21:45:48 | 000,066,375 | ---- | M] () -- C:\Users\Mitch\Desktop\youdied.png
[2012/06/05 21:38:55 | 000,036,450 | ---- | M] () -- C:\Users\Mitch\Desktop\vechs.png
[2012/06/05 15:42:00 | 315,672,109 | ---- | M] () -- C:\Users\Mitch\Desktop\megapumpkins.wmv
[2012/06/05 15:40:44 | 000,541,867 | ---- | M] () -- C:\Users\Mitch\Desktop\megapumpkinTHUMB.png
[2012/06/05 15:38:45 | 000,305,029 | ---- | M] () -- C:\Users\Mitch\Desktop\fiery-kaboom-red-abstract-31000.jpg
[2012/06/05 15:32:25 | 000,016,448 | ---- | M] () -- C:\Users\Mitch\Desktop\megapumpkins.veg
[2012/06/05 15:27:15 | 000,016,568 | ---- | M] () -- C:\Users\Mitch\Desktop\megapumpkins.veg.bak
[2012/06/04 17:32:38 | 000,318,344 | ---- | M] () -- C:\Users\Mitch\Desktop\Big Rock.mp3.sfk
[2012/06/04 17:16:38 | 000,529,756 | ---- | M] () -- C:\Users\Mitch\Desktop\xMM7u.png
[2012/06/04 16:52:32 | 000,031,919 | ---- | M] () -- C:\Users\Mitch\Documents\ooh.wma
[2012/06/02 00:40:40 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/05/31 14:11:02 | 000,793,041 | ---- | M] () -- C:\Users\Mitch\Desktop\12w22athumb.png
[2012/05/28 21:34:57 | 012,736,803 | ---- | M] () -- C:\Users\Mitch\Desktop\Super Hostile 01 - Sea of Flame II v3.0.zip
[2012/05/27 22:55:21 | 000,064,728 | ---- | M] () -- C:\Users\Mitch\Desktop\infernomines.veg
[2012/05/27 20:32:25 | 010,728,189 | ---- | M] () -- C:\Users\Mitch\Desktop\Redletter.mp3
[2012/05/27 20:28:26 | 000,001,330 | ---- | M] () -- C:\Users\Mitch\Desktop\q20067skin.png
[2012/05/27 20:26:02 | 000,000,895 | ---- | M] () -- C:\Users\Mitch\Desktop\Vechs1skin.png
[2012/05/25 20:24:51 | 003,969,772 | ---- | M] () -- C:\Users\Mitch\Desktop\Chase Pulse Faster.mp3
[2012/05/25 20:24:37 | 005,847,232 | ---- | M] () -- C:\Users\Mitch\Desktop\Zombie Chase.mp3
[2012/05/24 15:17:31 | 000,018,168 | ---- | M] () -- C:\Users\Mitch\Desktop\snaptemplate.veg
[2012/05/20 19:01:47 | 009,597,251 | ---- | M] () -- C:\Users\Mitch\Desktop\The Whip Theme (Extended Version).mp3
[2012/05/20 19:00:59 | 009,027,702 | ---- | M] () -- C:\Users\Mitch\Desktop\El Magicia.mp3
[2012/05/20 15:56:53 | 005,651,748 | ---- | M] () -- C:\Users\Mitch\Desktop\Big Rock.mp3
[2012/05/19 21:25:13 | 008,025,984 | ---- | M] () -- C:\Users\Mitch\Desktop\Batty McFaddin.mp3
[2012/05/13 18:17:44 | 001,167,481 | ---- | M] () -- C:\Users\Mitch\Desktop\Picture1.png
[2012/05/13 18:05:46 | 000,085,349 | ---- | M] () -- C:\Users\Mitch\Desktop\Untitled.png
[2012/05/13 18:02:04 | 000,037,044 | ---- | M] () -- C:\Users\Mitch\Desktop\banner3d1.png
========== Files Created - No Company Name ==========
[2012/06/12 16:58:20 | 000,034,764 | ---- | C] () -- C:\Users\Mitch\AppData\Local\dt.dat
[2012/06/11 16:16:54 | 000,171,232 | ---- | C] () -- C:\Users\Mitch\Desktop\Reel Big Fish New Album Teaser -Candy Coated Fury- Out Summer 2012.mp3.sfk
[2012/06/11 16:16:25 | 001,987,186 | ---- | C] () -- C:\Users\Mitch\Desktop\Reel Big Fish New Album Teaser -Candy Coated Fury- Out Summer 2012.mp3
[2012/06/11 14:11:11 | 000,256,000 | ---- | C] () -- C:\Users\Mitch\Desktop\EnchantmentCalculator.exe
[2012/06/09 01:55:03 | 000,144,136 | ---- | C] () -- C:\Users\Mitch\Desktop\Spazzmatica Polka.mp3.sfk
[2012/06/09 01:52:28 | 003,844,039 | ---- | C] () -- C:\Users\Mitch\Desktop\Spazzmatica Polka.mp3
[2012/06/08 00:05:02 | 078,878,720 | ---- | C] () -- C:\Users\Mitch\Desktop\uhc7.tar
[2012/06/07 15:10:26 | 000,320,450 | ---- | C] () -- C:\Users\Mitch\Desktop\12w23b.png
[2012/06/07 14:45:50 | 214,111,257 | ---- | C] () -- C:\Users\Mitch\Desktop\12w23b.wmv
[2012/06/07 14:39:23 | 000,049,904 | ---- | C] () -- C:\Users\Mitch\Desktop\12w23b.veg.bak
[2012/06/07 14:39:23 | 000,049,904 | ---- | C] () -- C:\Users\Mitch\Desktop\12w23b.veg
[2012/06/05 21:45:48 | 000,066,375 | ---- | C] () -- C:\Users\Mitch\Desktop\youdied.png
[2012/06/05 21:38:54 | 000,036,450 | ---- | C] () -- C:\Users\Mitch\Desktop\vechs.png
[2012/06/05 15:40:42 | 000,541,867 | ---- | C] () -- C:\Users\Mitch\Desktop\megapumpkinTHUMB.png
[2012/06/05 15:38:48 | 000,305,029 | ---- | C] () -- C:\Users\Mitch\Desktop\fiery-kaboom-red-abstract-31000.jpg
[2012/06/05 15:32:37 | 315,672,109 | ---- | C] () -- C:\Users\Mitch\Desktop\megapumpkins.wmv
[2012/06/05 15:27:15 | 000,016,568 | ---- | C] () -- C:\Users\Mitch\Desktop\megapumpkins.veg.bak
[2012/06/05 15:27:15 | 000,016,448 | ---- | C] () -- C:\Users\Mitch\Desktop\megapumpkins.veg
[2012/06/04 17:32:36 | 000,318,344 | ---- | C] () -- C:\Users\Mitch\Desktop\Big Rock.mp3.sfk
[2012/06/04 17:16:43 | 000,529,756 | ---- | C] () -- C:\Users\Mitch\Desktop\xMM7u.png
[2012/06/04 16:52:32 | 000,031,919 | ---- | C] () -- C:\Users\Mitch\Documents\ooh.wma
[2012/06/02 00:40:40 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/05/31 14:11:01 | 000,793,041 | ---- | C] () -- C:\Users\Mitch\Desktop\12w22athumb.png
[2012/05/28 21:31:51 | 012,736,803 | ---- | C] () -- C:\Users\Mitch\Desktop\Super Hostile 01 - Sea of Flame II v3.0.zip
[2012/05/27 20:44:59 | 000,064,728 | ---- | C] () -- C:\Users\Mitch\Desktop\infernomines.veg
[2012/05/27 20:31:47 | 010,728,189 | ---- | C] () -- C:\Users\Mitch\Desktop\Redletter.mp3
[2012/05/27 20:28:26 | 000,001,330 | ---- | C] () -- C:\Users\Mitch\Desktop\q20067skin.png
[2012/05/27 20:26:02 | 000,000,895 | ---- | C] () -- C:\Users\Mitch\Desktop\Vechs1skin.png
[2012/05/25 20:24:36 | 003,969,772 | ---- | C] () -- C:\Users\Mitch\Desktop\Chase Pulse Faster.mp3
[2012/05/25 20:24:15 | 005,847,232 | ---- | C] () -- C:\Users\Mitch\Desktop\Zombie Chase.mp3
[2012/05/24 13:37:31 | 000,018,168 | ---- | C] () -- C:\Users\Mitch\Desktop\snaptemplate.veg
[2012/05/20 19:01:13 | 009,597,251 | ---- | C] () -- C:\Users\Mitch\Desktop\The Whip Theme (Extended Version).mp3
[2012/05/20 19:00:10 | 009,027,702 | ---- | C] () -- C:\Users\Mitch\Desktop\El Magicia.mp3
[2012/05/20 15:56:19 | 005,651,748 | ---- | C] () -- C:\Users\Mitch\Desktop\Big Rock.mp3
[2012/05/19 21:24:44 | 008,025,984 | ---- | C] () -- C:\Users\Mitch\Desktop\Batty McFaddin.mp3
[2012/05/13 18:17:43 | 001,167,481 | ---- | C] () -- C:\Users\Mitch\Desktop\Picture1.png
[2012/05/13 18:05:46 | 000,085,349 | ---- | C] () -- C:\Users\Mitch\Desktop\Untitled.png
[2012/05/13 18:02:06 | 000,037,044 | ---- | C] () -- C:\Users\Mitch\Desktop\banner3d1.png
[2011/11/03 12:09:00 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/26 09:39:24 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2011/02/10 17:10:51 | 000,766,158 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2012/06/11 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\.minecraft
[2012/04/10 13:25:55 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\.Nitrous
[2012/04/10 14:22:38 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\AVG2012
[2012/05/10 20:40:53 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Babylon
[2012/04/12 15:26:02 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Gyazo
[2012/04/15 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Minecraft Skin Viewer
[2012/04/17 22:58:41 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Notepad++
[2012/06/02 00:40:42 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\PandoraRecovery
[2012/04/11 09:05:01 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\PCDr
[2012/04/10 14:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Publish Providers
[2012/05/10 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Sony
[2012/04/19 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Sony Creative Software Inc
[2012/04/22 02:07:37 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\SYSTEMAX Software Development
[2012/06/12 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\uTorrent
[2012/06/12 16:52:12 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 06:08:49 | 000,008,842 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/12 17:20:01 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/03/29 16:46:30 | 000,000,026 | ---- | M] () -- C:\AF_BENCHMARKS.XML
[2012/06/12 16:53:29 | 2109,894,655 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 23:50:18 | 000,022,064 | RH-- | M] () -- C:\mfg.sdr
[2012/06/12 16:53:27 | 4244,852,735 | -HS- | M] () -- C:\pagefile.sys
[2012/05/10 20:41:02 | 000,000,237 | ---- | M] () -- C:\user.js
< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/10 12:36:45 | 000,000,221 | -HS- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/06/11 14:11:09 | 000,256,000 | ---- | M] () -- C:\Users\Mitch\Desktop\EnchantmentCalculator.exe
[2012/03/25 18:59:54 | 000,300,032 | ---- | M] () -- C:\Users\Mitch\Desktop\Minecraft Skin Viewer.exe
[2012/06/12 17:30:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2012/05/10 22:44:20 | 206,616,360 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Mitch\Desktop\vegaspro100e_64bit.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Extras.txt
OTL Extras logfile created on: 12/06/2012 17:32:08 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mitch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
7.95 Gb Total Physical Memory | 5.53 Gb Available Physical Memory | 69.54% Memory free
15.90 Gb Paging File | 13.15 Gb Available in Paging File | 82.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 730.32 Gb Total Space | 608.38 Gb Free Space | 83.30% Space Free | Partition Type: NTFS
Drive D: | 750.00 Mb Total Space | 529.89 Mb Free Space | 70.65% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 83.58 Gb Free Space | 41.79% Space Free | Partition Type: NTFS
Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078BF31F-774F-4C3B-8469-20A11B440F32}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{07F75DDC-50CC-4A19-831D-255D7144E04D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{157A176F-FA01-471A-997D-C114120741BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{15F91DC6-DB4E-4310-9030-43E5FC5417B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B17DCEF-C6E3-4F36-B0BB-B18C25327D76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{565DD11B-D066-47C0-836D-465ED36BA1DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F1CEBCA-1C48-47D2-A3FF-A2D0D200DA0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{707435A2-4895-4E59-9163-8BB3ED0EC54D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73947DAE-EF87-4330-97D0-5CC101356BA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89DCEBB5-6378-4D09-9B94-A02AAAD6CFAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{89FEDCF9-7EE9-4ABE-A8D8-408BABFD2227}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9561DF69-7C61-435D-9E00-3A638A2049B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9AB0FA04-6E25-4C67-8BBD-0BF940F50ECF}" = rport=138 | protocol=17 | dir=out | app=system |
"{A2F2CB96-6B2A-4750-B00E-ADE5A8F40AEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{B57752B5-285E-4AFD-AA65-0BF162F423F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{C32E02B4-20D4-4794-B4CC-40E3659A4BE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C81CB17E-6944-4671-A6B7-5780E212E434}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA420204-BBA4-408C-BD1D-C4E1549A0D52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDE26161-F1EE-4A04-94DE-0F97BB557B8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F04F1F33-C5A3-4521-9639-601516EE5CB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{F52B4071-E163-4DDD-A985-5D073F20EE77}" = lport=139 | protocol=6 | dir=in | app=system |
"{F73B5F1E-740D-4B69-88B0-8204F23A6D74}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06954E22-8B18-430D-BFD7-8EE16117C802}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11355DF9-39B8-498A-85E3-8AE47CF476A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1B96E554-11DE-4EC4-B1D2-21AE8DB691EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22DD70E6-79CD-4110-89A2-A62204F52A3D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{234DF222-992E-43BB-88F3-A1CBD91A25FB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3BFC0897-B842-4081-AF35-69C64E407CC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E2FBF68-1380-4C35-A808-3780EFE3642A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3ECEB61A-B95C-4C05-97CD-6F80CD74AEC6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{464F6B6C-91FD-4897-BC93-FA0420C54C38}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{474F4FBE-DA17-43B9-BDF1-A38D9FE0C79F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{490CE6C5-9F63-46B2-858F-F52F0394D131}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4BA01464-82D8-4042-A5E9-A8DEB20C9183}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{53620F69-CFBD-40CA-A920-2A8B0E677F45}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5CE53974-2265-4468-BD57-82DAD293BB90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{63C30AE9-5A43-4BC9-A7ED-32FCCF1662A1}" = protocol=6 | dir=out | app=system |
"{800F9FB8-2377-40C1-9C5D-44EFE1BB8F09}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8A09010E-CAD1-4E11-8263-32A3CB4552DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8BB2338E-658A-4CCE-A0B8-4E7417D9BF51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BDC3AF8-A1B0-49A6-92E2-807FE039D221}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{92158E71-B8FB-4661-AFBC-B913C8A45B2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{93AF6A8A-F6D6-4EAF-8726-73DC93E53580}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B0C94F2-3B7A-491D-9A34-6DE814892DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B425E24-C337-493D-9D12-595D1C14AF9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8D2CFBB-3621-4526-82A2-D016EF76D563}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3A8D89-B10C-413B-A0D1-F785B99C0D4B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF7768FA-AE95-4FAB-8B7B-991FC622C5FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B17DE5D1-214D-4E01-AC23-6F47F29145C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B66C91FD-BBD8-42B7-BFC0-EDA4D0FC095A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9F2679A-0BE9-4820-89DB-51670D831EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BFE5FFF0-5BC8-4BBA-B3D3-E617F6AEC2E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3617553-2B2A-478B-AEAA-54AEDAF1B6BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFDB9AC2-A856-45E4-9686-080EB76FF2AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1454013-BBF1-4E72-A14D-CF7D2C425435}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DDAB46E1-8437-48EC-B71C-D5C992C342EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E09A15FD-EEFF-4C37-9B71-A1662845690C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EF41B09C-9AFA-4618-9CA2-2BE0C478803A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F020B0F2-8433-409B-8204-C1461FE5EDBB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F21AEC18-8327-4AED-ACF3-21C02B7E52D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F488C638-82BA-4682-BA3E-964C2D796F64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F8A57703-BBBE-43D8-AC77-573F00FFA529}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FD1173D5-1F75-41A8-A004-1A4A219DCFF1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0E317C4F-66A9-4771-860C-6DF4716F3DD4}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{3494185A-CF69-4831-A401-9A0BB48092BF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9A7894B7-48CB-4F89-9AB1-214A16F76023}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9AD2756A-1991-43E0-A8C9-ED4D51B94B81}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{18A82168-F4D6-4462-9509-5D9111AFCC63}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{73C6736F-F0C6-457C-BD48-087FF50E4190}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{872AF812-C4D4-4011-B64C-91B6B77070BA}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{8C96E439-47C7-4361-9261-7290F6F4D04D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = AlienAutopsy
"{2078180F-0C60-11E0-8A9C-0013D3D69929}" = MSVCRT Redists
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java 7 Update 1 (64-bit)
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B884E7A1-DFF2-4538-9965-03E9C46F6094}" = Command Center
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AlienAutopsy" = AlienAutopsy
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java 7 Update 3
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 2.8.2
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B26E49E2-9521-4677-95CB-63B117D84BD8}" = Gun Metal
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DivX Setup" = DivX Setup
"Dxtory2.0_is1" = Dxtory 2.0.108
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"InstallShield_{B884E7A1-DFF2-4538-9965-03E9C46F6094}" = Command Center
"Language File Editor" = Language File Editor
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PaintToolSAI" = PaintTool SAI Ver.1
"PandoraRecovery" = PandoraRecovery (Remove Only)
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"WinRAR archiver" = WinRAR archiver
"xuggle-xuggler" = xuggle-xuggler
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/05/2012 07:06:02 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8673
Error - 11/05/2012 07:06:03 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/05/2012 07:06:03 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9765
Error - 11/05/2012 07:06:03 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9765
Error - 11/05/2012 07:06:04 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/05/2012 07:06:04 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10888
Error - 11/05/2012 07:06:04 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10888
Error - 11/05/2012 10:46:51 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/05/2012 10:46:51 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13257620
Error - 11/05/2012 10:46:51 | Computer Name = Mitch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13257620
[ System Events ]
Error - 10/05/2012 08:21:31 | Computer Name = Mitch-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.
Error - 10/05/2012 08:21:33 | Computer Name = Mitch-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.
Error - 11/05/2012 03:02:45 | Computer Name = Mitch-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 14/05/2012 00:24:57 | Computer Name = Mitch-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 14/05/2012 20:25:09 | Computer Name = Mitch-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 15/05/2012 20:03:18 | Computer Name = Mitch-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 16/05/2012 16:07:39 | Computer Name = Mitch-PC | Source = bowser | ID = 8003
Description =
Error - 22/05/2012 17:55:03 | Computer Name = Mitch-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:53:15 on ?22/?05/?2012 was unexpected.
Error - 24/05/2012 20:50:37 | Computer Name = Mitch-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 25/05/2012 06:21:38 | Computer Name = Mitch-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{B54019E1-16BA-4E20-A8FB-9BCDE7237B62}
because another computer on the network has the same name. The server could not
start.
< End of report >