Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hjacked by Search.gboxapp.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 11th, 2012, 10:25 pm

My search engine keeps redirecting me to Search.gboxapp.com.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Erik The Red at 20:27:20 on 2012-08-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3839.2015 [GMT -6:00]
.
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbarsvc.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=114022&ba ... 262d2f231c
uWindow Title = Internet Explorer, optimized for Bing and MSN
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
mStart Page = hxxp://search.gboxapp.com/
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {22d1a59e-b36d-4802-addb-f09161eb2085} - C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pSrcAs.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ADDICT-THING Class: {61a96b3d-03b9-eb2a-32c3-61f8736d503a} - C:\ProgramData\ADDICT-THING\bhoclass.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: {D85A2E39-5B10-F687-D989-AE0CB300BD19} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Search Assistant BHO: {e88879cd-ed17-420c-8b09-cb9b3c1fa379} - C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pSrcAs.dll
BHO: Toolbar BHO: {fdeae01b-b015-4d75-a122-6250c871e77b} - C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: MindDabble: {30ea28da-b2b8-4555-a80e-310d546d5f3d} - C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB: {9427041A-A8DC-4D06-9A68-93873486E957} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe --minimized
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [MindDabble Search Scope Monitor] "C:\PROGRA~2\MINDDA~2\bar\1.bin\4psrchmn.exe" /m=2 /w /h
mRun: [MindDabble_4p Browser Plugin Loader] C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbrmon.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRunOnce: [TheBflixUpdater] "C:\ProgramData\TheBflixUpdater\updater.exe" /schedule /profilepath "C:\ProgramData\TheBflixUpdater\profile.ini"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload ... ontrol.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
AppInit_DLLs: c:\progra~3\bprote~1\21419~1.7\protec~1.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: ADDICT-THING Class: {61A96B3D-03B9-EB2A-32C3-61F8736D503A} - C:\ProgramData\ADDICT-THING\bhoclass.dll
BHO-X64: ADDICT-THING - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {D85A2E39-5B10-F687-D989-AE0CB300BD19} - No File
BHO-X64: TheBflix - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Search Assistant BHO: {e88879cd-ed17-420c-8b09-cb9b3c1fa379} - C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pSrcAs.dll
BHO-X64: Toolbar BHO: {fdeae01b-b015-4d75-a122-6250c871e77b} - C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbar.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: MindDabble: {30ea28da-b2b8-4555-a80e-310d546d5f3d} - C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
TB-X64: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB-X64: {9427041A-A8DC-4D06-9A68-93873486E957} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [MindDabble Search Scope Monitor] "C:\PROGRA~2\MINDDA~2\bar\1.bin\4psrchmn.exe" /m=2 /w /h
mRun-x64: [MindDabble_4p Browser Plugin Loader] C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbrmon.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRunOnce-x64: [TheBflixUpdater] "C:\ProgramData\TheBflixUpdater\updater.exe" /schedule /profilepath "C:\ProgramData\TheBflixUpdater\profile.ini"
AppInit_DLLs-X64: c:\progra~3\bprote~1\21419~1.7\protec~1.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 bProtector;bProtector;C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe [2012-6-29 1677304]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MindDabble_4pService;MindDabbleService;C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbarsvc.exe [2012-3-18 42504]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-31 243232]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-16 185856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-11 250056]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-5 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-12 01:56:08 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
2012-08-12 01:56:08 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\DriverCure
2012-08-12 01:56:04 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-08-12 01:56:01 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-12 01:56:01 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-08-12 01:19:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-12 01:08:51 -------- d-----w- C:\Users\Erik The Red\AppData\Local\PackageAware
2012-08-09 17:26:22 -------- d--h--w- C:\Windows\msdownld.tmp
2012-08-07 22:00:20 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
2012-08-07 01:49:41 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Sanna
2012-08-07 01:49:00 -------- d-----w- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
2012-08-04 21:31:24 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Dereza
2012-07-30 23:41:33 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
2012-07-15 23:39:28 -------- d-----w- C:\ProgramData\Phenomedia
2012-07-15 19:21:30 -------- d-----w- C:\Program Files (x86)\GUMF0BB.tmp
.
==================== Find3M ====================
.
2012-08-12 01:24:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 02:54:43 1409 ----a-w- C:\Windows\QTFont.for
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:27:54.41 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/09/2010 1:37:55 AM
System Uptime: 11/08/2012 7:17:35 PM (1 hours ago)
.
Motherboard: Acer | | Aspire X3400
Processor: AMD Athlon(tm) II X2 215 Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 486.912 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&47E29E2&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&47E29E2&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP266: 11/07/2012 5:38:57 PM - Windows Update
RP267: 04/08/2012 3:26:18 PM - Installed DirectX
RP268: 09/08/2012 11:26:34 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
.
A Kingdom for Keflings
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2 MUI
Adobe Shockwave Player 11.6
Advertising Center
Age of Castles
Ancient Rome
Animal Genius
AnswerWorks 5.0 English Runtime
µTorrent
Aztec Tribe
Barnyard's Sherlock's Hooves
Be a King - Lost Lands
Be a King 2
Bejeweled 2 Deluxe
Bicycle Texas Hold 'em
BlackBerry App World Browser Plugin
Blackhawk Striker 2
Bob the Builder - Can-Do Carnival
Bob the Builder Can-Do-Zoo
bProtector for Windows
Brain Training for Dummies
Build-a-lot 2
Caillou(R) Magic Playhouse(TM)
Cannon Fodder 3
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3100 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Chloe's Dream Resort
Cinema Tycoon
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Crazy Chicken: Atlantis
Dead Hungry Diner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Didi & Ditto
Diego's Dinosaur Adventure
Diego's Safari Adventure
Dora's Ballet Adventures
Dora's World Adventure
Dora Saves the Crystal Kingdom
Dora Saves the Snow Princess
Escape Rosecliff Island
eSobi v2
Express Burn
Faerie Solitaire
FATE
FATE - The Traitor Soul
FATE - Undiscovered Realms
FATE: The Cursed King
ffdshow v1.2.4422 [2012-04-09]
Geneforge
Geneforge 5
GO Diego GO! Dinosaur Rescue
Google Chrome
Google Earth Plug-in
Google Update Helper
Governor of Poker 2 Premium Edition
Haali Media Splitter
Happyville - Quest for Utopia
Hidden Object Studios™ - I'll Believe You
Hotel Mogul
Hotkey Utility
Ice Cream Craze - Tycoon Takeover
Identity Card
ImagXpress
Island Defense
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Jewel Quest Solitaire 3
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
Lemonade Tycoon 2
Math Blaster
MediaGet2 version 2.1.716.0
MediaGet2 version 2.1.890.0
MediaShow Espresso
Medieval Battlefields
Megapolis
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MindDabble Toolbar
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
Mystery P.I. - Lost in Los Angeles
MyWinLocker
MyWinLocker Suite
Namco All-Stars: PAC-MAN
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA ForceWare Network Access Manager
Path to Success
Penguins!
Pioneer Lands
Plants vs. Zombies
Poker Pop
Poker Superstars II
Poker Superstars III
Polar Bowler
Polar Golfer
Polar Pool
Prism Video File Converter
Prison Tycoon - Alcatraz
Quicken 2009
QuickTime
Realtek High Definition Audio Driver
Roads of Rome
Roads of Rome 2
RollerCoaster Tycoon 3: Platinum
Romopolis
Royal Envoy
Royal Envoy 2 Collector's Edition
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shredder
SpeedyPC Pro
SpongeBob Diner Dash 2
SpongeBob SquarePants Typing
SpongeBob Typing
SProtector
Strike Ball 3
swMSM
The Island: Castaway 2
The Legend of Sanna: Rise of a Great Colony
The Price is Right
The Promised Land
TheBflix Updater
Torchlight
Tradewinds
Tradewinds - Caravans
Tradewinds 2
Tradewinds Legends
TurboTax 2010
TurboTax 2011
UFile 2009
UFile Updater 2009
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Vampires vs. Zombies
Virtual City
Virtual City 2: Paradise Resort
Virtual Families
Virtual Villagers - A New Home
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Welcome Center
Westward II - Heroes of the Frontier
WildTangent Games
WildTangent Games App (Acer Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World Class Poker with T.J. Cloutier
WWII Tank Commander
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/08/2012 8:02:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MICHELLE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8DF20E62-8D88-4DE8-A56A-68E2790470BA}. The master browser is stopping or an election is being forced.
07/08/2012 7:59:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
05/08/2012 12:49:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm
Advertisement
Register to Remove

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 14th, 2012, 1:07 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
µTorrent
J2SE Runtime Environment 5.0

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 14th, 2012, 7:13 pm

Thanks for your help. Here's the malware removal log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Erik The Red :: ERIKTHERED-PC [administrator]

Protection: Enabled

14/08/2012 5:05:29 PM
mbam-log-2012-08-14 (17-05-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204018
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon.exe (PUP.MyWebSearch) -> 3564 -> Delete on reboot.

Memory Modules Detected: 6
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pieovr.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Delete on reboot.

Registry Keys Detected: 42
HKLM\SYSTEM\CurrentControlSet\Services\MindDabble_4pService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{22d1a59e-b36d-4802-addb-f09161eb2085} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{e88879cd-ed17-420c-8b09-cb9b3c1fa379} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E88879CD-ED17-420C-8B09-CB9B3C1FA379} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E88879CD-ED17-420C-8B09-CB9B3C1FA379} (PUP.MyWebSearch) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E88879CD-ED17-420C-8B09-CB9B3C1FA379} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8e78b5b1-a7ec-4a48-b40c-d5177157aee3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ed8418c3-0d0a-4748-a013-1aa6b79c1ea5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{279AEB4A-EAD4-497C-A433-42CA925BD496} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{61A96B3D-03B9-EB2A-32C3-61F8736D503A} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61A96B3D-03B9-EB2A-32C3-61F8736D503A} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61A96B3D-03B9-EB2A-32C3-61F8736D503A} (PUP.DownloadnSave) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61A96B3D-03B9-EB2A-32C3-61F8736D503A} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\CLSID\{30ea28da-b2b8-4555-a80e-310d546d5f3d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30EA28DA-B2B8-4555-A80E-310D546D5F3D} (PUP.MyWebSearch) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30EA28DA-B2B8-4555-A80E-310D546D5F3D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MindDabble_4pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{fdeae01b-b015-4d75-a122-6250c871e77b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDEAE01B-B015-4D75-A122-6250C871E77B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDEAE01B-B015-4D75-A122-6250C871E77B} (PUP.MyWebSearch) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDEAE01B-B015-4D75-A122-6250C871E77B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D85A2E39-5B10-F687-D989-AE0CB300BD19} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D85A2E39-5B10-F687-D989-AE0CB300BD19} (PUP.BFlix) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D85A2E39-5B10-F687-D989-AE0CB300BD19} (PUP.BFlix) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MindDabble_4p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbrmon.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{22D1A59E-B36D-4802-ADDB-F09161EB2085} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MindDabble Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MINDDA~2\bar\1.bin\4psrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30EA28DA-B2B8-4555-A80E-310D546D5F3D} (PUP.MyWebSearch) -> Data: Ú(ê0¸²UE¨1
Tm_= -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{30EA28DA-B2B8-4555-A80E-310D546D5F3D} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 16
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pauxstb.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pdlghk.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pieovr.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Delete on reboot.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\pdocdfodkciedpifdocfnobcmbofacpp.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

(end)
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 14th, 2012, 7:32 pm

OTL logfile created on: 8/14/2012 5:14:27 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/08/11 19:19:04 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/18 14:05:14 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe
PRC - [2012/03/18 14:05:14 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/29 16:15:38 | 000,140,800 | ---- | M] () -- C:\ProgramData\ADDICT-THING\bhoclass.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/11 19:24:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A0ECB0A-D561-435F-8BC9-F072754EA447}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
IE - HKCU\..\SearchScopes\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension [2012/06/29 16:21:40 | 000,000,000 | ---D | M]

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/02 16:35:25 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2012/07/16 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/07/15 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Phenomedia
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/14 16:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/14 16:38:06 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/13 21:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 21:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 18:19:12 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/06/29 16:21:43 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Babylon
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 8/14/2012 5:14:28 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6732AF9F-D00C-4F7F-8B31-2676F651F1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8215948F-F3D4-416B-B11A-16BF339DC799}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED1627B1-F2B4-40FE-8B3F-AE57B0A0702D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F986FF90-5988-4871-AF4A-2E7C7CCB9CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SProtector" = SProtector
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 11:51:02 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 2:10:08 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/2/2012 2:10:55 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 8:45:01 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x200 Faulting application start time: 0x01cd58b4fc4de7b0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 52074700-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:45:07 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0xcec Faulting application start time: 0x01cd58b515c930a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 55b47080-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:47:49 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x13ac Faulting application start time: 0x01cd58b54db5bfb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: b5fbcf10-c4a8-11e1-8ea9-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Faulting module name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Exception code: 0xc000001d Fault offset: 0x00021be7 Faulting process
id: 0x11f4 Faulting application start time: 0x01cd5a3c25a880b0 Faulting application
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Faulting module
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Report Id: 63fc30a0-c62f-11e1-a726-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program WildTangent Games App - PatchHelper because of this error. Program:
WildTangent Games App - PatchHelper File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: 00000000 Disk type: 0

Error - 7/7/2012 11:33:18 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/7/2012 11:33:54 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/15/2011 8:21:17 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:12:41 PM on ?14/?12/?2011 was unexpected.

Error - 12/15/2011 8:56:07 PM | Computer Name = ErikTheRed-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 1:40:10 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:51:26 PM on ?17/?12/?2011 was unexpected.

Error - 12/22/2011 12:16:35 AM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/23/2011 9:21:33 PM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/24/2011 11:05:28 AM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:12:00 PM on ?23/?12/?2011 was unexpected.

Error - 12/24/2011 11:21:14 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/24/2011 3:33:31 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/27/2011 2:36:49 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/28/2011 12:02:55 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 14th, 2012, 7:33 pm

OTL logfile created on: 8/14/2012 5:14:27 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/08/11 19:19:04 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/18 14:05:14 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe
PRC - [2012/03/18 14:05:14 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/29 16:15:38 | 000,140,800 | ---- | M] () -- C:\ProgramData\ADDICT-THING\bhoclass.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/11 19:24:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A0ECB0A-D561-435F-8BC9-F072754EA447}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
IE - HKCU\..\SearchScopes\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension [2012/06/29 16:21:40 | 000,000,000 | ---D | M]

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/02 16:35:25 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2012/07/16 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/07/15 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Phenomedia
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/14 16:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/14 16:38:06 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/13 21:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 21:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 18:19:12 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/06/29 16:21:43 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Babylon
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 8/14/2012 5:14:28 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6732AF9F-D00C-4F7F-8B31-2676F651F1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8215948F-F3D4-416B-B11A-16BF339DC799}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED1627B1-F2B4-40FE-8B3F-AE57B0A0702D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F986FF90-5988-4871-AF4A-2E7C7CCB9CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SProtector" = SProtector
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 11:51:02 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 2:10:08 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/2/2012 2:10:55 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 8:45:01 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x200 Faulting application start time: 0x01cd58b4fc4de7b0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 52074700-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:45:07 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0xcec Faulting application start time: 0x01cd58b515c930a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 55b47080-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:47:49 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x13ac Faulting application start time: 0x01cd58b54db5bfb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: b5fbcf10-c4a8-11e1-8ea9-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Faulting module name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Exception code: 0xc000001d Fault offset: 0x00021be7 Faulting process
id: 0x11f4 Faulting application start time: 0x01cd5a3c25a880b0 Faulting application
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Faulting module
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Report Id: 63fc30a0-c62f-11e1-a726-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program WildTangent Games App - PatchHelper because of this error. Program:
WildTangent Games App - PatchHelper File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: 00000000 Disk type: 0

Error - 7/7/2012 11:33:18 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/7/2012 11:33:54 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/15/2011 8:21:17 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:12:41 PM on ?14/?12/?2011 was unexpected.

Error - 12/15/2011 8:56:07 PM | Computer Name = ErikTheRed-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 1:40:10 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:51:26 PM on ?17/?12/?2011 was unexpected.

Error - 12/22/2011 12:16:35 AM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/23/2011 9:21:33 PM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/24/2011 11:05:28 AM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:12:00 PM on ?23/?12/?2011 was unexpected.

Error - 12/24/2011 11:21:14 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/24/2011 3:33:31 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/27/2011 2:36:49 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/28/2011 12:02:55 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 14th, 2012, 7:33 pm

OTL logfile created on: 8/14/2012 5:14:27 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/08/11 19:19:04 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/18 14:05:14 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe
PRC - [2012/03/18 14:05:14 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/29 16:15:38 | 000,140,800 | ---- | M] () -- C:\ProgramData\ADDICT-THING\bhoclass.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/11 19:24:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A0ECB0A-D561-435F-8BC9-F072754EA447}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
IE - HKCU\..\SearchScopes\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension [2012/06/29 16:21:40 | 000,000,000 | ---D | M]

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/02 16:35:25 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2012/07/16 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/07/15 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Phenomedia
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/14 16:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/14 16:38:06 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/13 21:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 21:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 18:19:12 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/06/29 16:21:43 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Babylon
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 8/14/2012 5:14:28 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6732AF9F-D00C-4F7F-8B31-2676F651F1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8215948F-F3D4-416B-B11A-16BF339DC799}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED1627B1-F2B4-40FE-8B3F-AE57B0A0702D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F986FF90-5988-4871-AF4A-2E7C7CCB9CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SProtector" = SProtector
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 11:51:02 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 2:10:08 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/2/2012 2:10:55 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 8:45:01 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x200 Faulting application start time: 0x01cd58b4fc4de7b0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 52074700-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:45:07 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0xcec Faulting application start time: 0x01cd58b515c930a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 55b47080-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:47:49 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x13ac Faulting application start time: 0x01cd58b54db5bfb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: b5fbcf10-c4a8-11e1-8ea9-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Faulting module name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Exception code: 0xc000001d Fault offset: 0x00021be7 Faulting process
id: 0x11f4 Faulting application start time: 0x01cd5a3c25a880b0 Faulting application
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Faulting module
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Report Id: 63fc30a0-c62f-11e1-a726-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program WildTangent Games App - PatchHelper because of this error. Program:
WildTangent Games App - PatchHelper File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: 00000000 Disk type: 0

Error - 7/7/2012 11:33:18 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/7/2012 11:33:54 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/15/2011 8:21:17 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:12:41 PM on ?14/?12/?2011 was unexpected.

Error - 12/15/2011 8:56:07 PM | Computer Name = ErikTheRed-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 1:40:10 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:51:26 PM on ?17/?12/?2011 was unexpected.

Error - 12/22/2011 12:16:35 AM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/23/2011 9:21:33 PM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/24/2011 11:05:28 AM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:12:00 PM on ?23/?12/?2011 was unexpected.

Error - 12/24/2011 11:21:14 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/24/2011 3:33:31 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/27/2011 2:36:49 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/28/2011 12:02:55 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 14th, 2012, 7:33 pm

OTL logfile created on: 8/14/2012 5:14:27 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/08/11 19:19:04 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/18 14:05:14 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe
PRC - [2012/03/18 14:05:14 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/29 16:15:38 | 000,140,800 | ---- | M] () -- C:\ProgramData\ADDICT-THING\bhoclass.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/11 19:24:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A0ECB0A-D561-435F-8BC9-F072754EA447}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
IE - HKCU\..\SearchScopes\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension [2012/06/29 16:21:40 | 000,000,000 | ---D | M]

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/02 16:35:25 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2012/07/16 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/07/15 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Phenomedia
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/14 16:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/14 16:38:06 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/13 21:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 21:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 18:19:12 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/06/29 16:21:43 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Babylon
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/14 16:38:13 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/12 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/14 16:54:29 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/14 16:54:30 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/14 16:54:29 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 8/14/2012 5:14:28 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 58.50% Memory free
7.50 Gb Paging File | 5.56 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 486.45 Gb Free Space | 83.53% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6732AF9F-D00C-4F7F-8B31-2676F651F1D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8215948F-F3D4-416B-B11A-16BF339DC799}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED1627B1-F2B4-40FE-8B3F-AE57B0A0702D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F986FF90-5988-4871-AF4A-2E7C7CCB9CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SProtector" = SProtector
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 11:51:02 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 2:10:08 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/2/2012 2:10:55 PM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/2/2012 8:45:01 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x200 Faulting application start time: 0x01cd58b4fc4de7b0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 52074700-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:45:07 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0xcec Faulting application start time: 0x01cd58b515c930a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: 55b47080-c4a8-11e1-8ea9-00262d2f231c

Error - 7/2/2012 8:47:49 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: bhoclass.dll, version: 1.0.0.1, time
stamp: 0x4f79fd40 Exception code: 0xc0000005 Fault offset: 0x000055e6 Faulting process
id: 0x13ac Faulting application start time: 0x01cd58b54db5bfb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\ADDICT-THING\bhoclass.dll Report Id: b5fbcf10-c4a8-11e1-8ea9-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Faulting module name: PatchHelper.exe, version: 4.0.20.47, time
stamp: 0x4fcd2e6c Exception code: 0xc000001d Fault offset: 0x00021be7 Faulting process
id: 0x11f4 Faulting application start time: 0x01cd5a3c25a880b0 Faulting application
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Faulting module
path: c:\program files (x86)\wildtangent games\app\PatchHelper.exe Report Id: 63fc30a0-c62f-11e1-a726-00262d2f231c

Error - 7/4/2012 7:24:25 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program WildTangent Games App - PatchHelper because of this error. Program:
WildTangent Games App - PatchHelper File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: 00000000 Disk type: 0

Error - 7/7/2012 11:33:18 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/7/2012 11:33:54 AM | Computer Name = ErikTheRed-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/15/2011 8:21:17 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:12:41 PM on ?14/?12/?2011 was unexpected.

Error - 12/15/2011 8:56:07 PM | Computer Name = ErikTheRed-PC | Source = DCOM | ID = 10010
Description =

Error - 12/18/2011 1:40:10 PM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:51:26 PM on ?17/?12/?2011 was unexpected.

Error - 12/22/2011 12:16:35 AM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/23/2011 9:21:33 PM | Computer Name = ErikTheRed-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/24/2011 11:05:28 AM | Computer Name = ErikTheRed-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:12:00 PM on ?23/?12/?2011 was unexpected.

Error - 12/24/2011 11:21:14 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/24/2011 3:33:31 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/27/2011 2:36:49 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/28/2011 12:02:55 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 15th, 2012, 6:14 am

Hi,
Please continue with the instructions below.

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
    IE - HKLM\..\URLSearchHook: - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
    IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=947f0f7d00000000000000262d2f231c&tlver=1.4.23.10&affID=19591
    IE - HKCU\..\SearchScopes\{9A0ECB0A-D561-435F-8BC9-F072754EA447}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
    IE - HKCU\..\SearchScopes\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668
    IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2011/07/02 16:35:25 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No CLSID value found.
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    
    :files
    C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe
    C:\ProgramData\ADDICT-THING\bhoclass.dll
    C:\Users\Erik The Red\AppData\Roaming\Babylon
    C:\ProgramData\bProtectorForWindows
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *babylon*
    
    :folderfind
    *babylon*
    
    :Regfind
    *babylon*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 15th, 2012, 9:02 am

Unable to do a system restore at the moment. Under Proetection setting's it is taking a long time to find available drives. I will continue to wait and try and then get back to you later today.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 15th, 2012, 11:03 am

Ok, just let me know if you are unable to create a new restore point.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 15th, 2012, 7:09 pm

Unable to complete a system restore point
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 15th, 2012, 7:12 pm

Ok. Restore point was successfully created for my c:
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 15th, 2012, 7:38 pm

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9427041a-a8dc-4d06-9a68-93873486e957} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A0ECB0A-D561-435F-8BC9-F072754EA447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A0ECB0A-D561-435F-8BC9-F072754EA447}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F92C2FF-AA04-47FB-8FDB-2C289DFFE7E4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}\ not found.
C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP folder deleted successfully.
C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Program Files (x86)\GUMF0BB.tmp\searchplugins folder deleted successfully.
C:\Program Files (x86)\GUMF0BB.tmp folder deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbarsvc.exe not found.
File\Folder C:\ProgramData\ADDICT-THING\bhoclass.dll not found.
C:\Users\Erik The Red\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.1.419.7\traking_settings folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\searchplugins folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\content folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components folder moved successfully.
C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.1.419.7 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Erik The Red\Desktop\cmd.bat deleted successfully.
C:\Users\Erik The Red\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Erik The Red
->Temp folder emptied: 1707737562 bytes
->Temporary Internet Files folder emptied: 296061174 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 49613279 bytes
->Flash cache emptied: 587 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 403779750 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36062958 bytes
RecycleBin emptied: 1904155326 bytes

Total Files Cleaned = 4,194.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08152012_171416

Files\Folders moved on Reboot...
C:\ProgramData\bProtectorForWindows\2.1.419.7\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.1.419.7 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.1.419.7 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZO4QCG0N\%7Carena-bsfn%7Carena-investor%7Carena-globeinvestor%7Carena-mywatchlist%7Ccp0-n%7Cops-tdwatchlist%7Cnc-%7Ckw-%7Cpos-text3%7Csz-5x5%7Ctile-4%7C;ord=8135343964158204[1].htm not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZO4QCG0N\estmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=ldbd;sz=728x90,960x90;tile=1;!c=tla;ord=35016959201936876[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\0=n;mode=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=2;ord=493630400543056[1].js not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\=mywatchlist;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;arena=mywatchlist;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=2585465197059394[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\b=n;adpg=globeinvestor;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;cp0=n;ops=n;nc=;kw=;pos=lugts;sz=310x56,330x60,234x60;tile=2;ord=2102738904842364[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\de=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=493630400543056[1].js not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\estmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=ldbd;sz=728x90,960x90;tile=1;!c=tla;ord=04323531707768952[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\n;mode=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=2;ord=23482260988339476[1].js not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\rena=investmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=t1;sz=120x240;tile=2;!c=tla;ord=04323531707768952[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\stmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=nc;kw=n;pos=video;sz=576x324;tile=4;!c=tla;ord=35016959201936876[1].asx not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=box2;sz=300x250,300x252;tile=3;ord=493630400543056[1].js not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=23482260988339476[1].js not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=n;pv0=n;mode=bn;loc=sec;pgsb=n;adpg=business;pp0=business;arena=bsfn;arena=rob;arena=business;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=9212442383444079[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=n;pv1=n;pv0=n;mode=bn;loc=sec;pgsb=n;adpg=business;pp0=business;arena=bsfn;arena=rob;arena=business;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=2;ord=9212442383444079[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\bn;loc=sec;pgsb=n;adpg=globeinvestor;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=3;ord=5618915030405203[1] not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C182M1S4\estor;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;cp0=n;ops=n;nc=tradebar;kw=;pos=tradebox;sz=300x250;tile=7;!c=ootb;!c=tla;ord=5618915030405203[1].htm not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C182M1S4\rena=investmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=t1;sz=120x240;tile=2;!c=tla;ord=35016959201936876[1] not found!
C:\Users\Erik The Red\AppData\Local\Temp\Low\REG9CE8.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\Low\REGCAB7.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\Low\~DF6868A6C84B3AAF6F.TMP moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\Low\~DF7DB497CBFEDA2596.TMP moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{170F81BE-12CA-4627-B9F9-C8F73D0B8F63}.tmp not found!
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3DC971FF-2D34-4EE0-8B9A-CF9C6CD2E347}.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48B054CD-C4CB-492E-9E5D-3CCD27CA11CB}.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D3262D89-E5EB-4551-971D-C409ED7727F4}.tmp moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F666BB44-8A0A-45D5-AB80-B683FB8AFD8C}.tmp not found!

PendingFileRenameOperations files...
File C:\ProgramData\bProtectorForWindows\2.1.419.7 not found!
File C:\ProgramData\bProtectorForWindows not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZO4QCG0N\%7Carena-bsfn%7Carena-investor%7Carena-globeinvestor%7Carena-mywatchlist%7Ccp0-n%7Cops-tdwatchlist%7Cnc-%7Ckw-%7Cpos-text3%7Csz-5x5%7Ctile-4%7C;ord=8135343964158204[1].htm not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZO4QCG0N\estmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=ldbd;sz=728x90,960x90;tile=1;!c=tla;ord=35016959201936876[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\0=n;mode=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=2;ord=493630400543056[1].js not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\=mywatchlist;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;arena=mywatchlist;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=2585465197059394[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\b=n;adpg=globeinvestor;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;cp0=n;ops=n;nc=;kw=;pos=lugts;sz=310x56,330x60,234x60;tile=2;ord=2102738904842364[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\de=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=493630400543056[1].js not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\estmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=ldbd;sz=728x90,960x90;tile=1;!c=tla;ord=04323531707768952[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\n;mode=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=2;ord=23482260988339476[1].js not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\rena=investmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=t1;sz=120x240;tile=2;!c=tla;ord=04323531707768952[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P6AJQVKN\stmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=nc;kw=n;pos=video;sz=576x324;tile=4;!c=tla;ord=35016959201936876[1].asx not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=box2;sz=300x250,300x252;tile=3;ord=493630400543056[1].js not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=bn;loc=sec;pgsb=n;adpg=homepage;pp1=pubroot;pp0=;arena=gnrl;arena=gam;rgwl=n;rgpc=n;rbx=1;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=23482260988339476[1].js not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=n;pv0=n;mode=bn;loc=sec;pgsb=n;adpg=business;pp0=business;arena=bsfn;arena=rob;arena=business;cp0=n;ops=n;nc=;kw=;pos=ldbd;sz=728x90,960x90;tile=1;ord=9212442383444079[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\=n;pv1=n;pv0=n;mode=bn;loc=sec;pgsb=n;adpg=business;pp0=business;arena=bsfn;arena=rob;arena=business;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=2;ord=9212442383444079[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L71036P1\bn;loc=sec;pgsb=n;adpg=globeinvestor;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;cp0=n;ops=n;nc=;kw=;pos=boxr;sz=300x250;tile=3;ord=5618915030405203[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C182M1S4\estor;pp0=globeinvestor;arena=bsfn;arena=investor;arena=globeinvestor;cp0=n;ops=n;nc=tradebar;kw=;pos=tradebox;sz=300x250;tile=7;!c=ootb;!c=tla;ord=5618915030405203[1].htm not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C182M1S4\rena=investmentideas;arena=letstalkinvesting;arena=video;arena=rob;arena=business;cp0=globeinvestor;ops=n;nc=;kw=n;pos=t1;sz=120x240;tile=2;!c=tla;ord=35016959201936876[1] not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\REG9CE8.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\REGCAB7.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\~DF6868A6C84B3AAF6F.TMP not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\~DF7DB497CBFEDA2596.TMP not found!
File C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{170F81BE-12CA-4627-B9F9-C8F73D0B8F63}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3DC971FF-2D34-4EE0-8B9A-CF9C6CD2E347}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48B054CD-C4CB-492E-9E5D-3CCD27CA11CB}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D3262D89-E5EB-4551-971D-C409ED7727F4}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F666BB44-8A0A-45D5-AB80-B683FB8AFD8C}.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 15th, 2012, 7:44 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 17:41 on 15/08/2012 by Erik The Red
Administrator - Elevation successful

========== filefind ==========

Searching for "*babylon*"
C:\Users\Erik The Red\AppData\Local\Babylon\Setup\Babylon.dat --a---- 11205 bytes [22:21 29/06/2012] [13:42 01/12/2011] 8E6B33A7F03E2693A614002587A35DDD
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\babylon48.png --a---- 4192 bytes [02:10 12/07/2011] [02:10 12/07/2011] 0E8BB681B8F657F854D7DA0CE51B463C
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll --a---- 169472 bytes [02:10 12/07/2011] [02:10 12/07/2011] 407D9FA22631B1585438BBD74DC15D0A
C:\_OTL\MovedFiles\08152012_171416\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml --a---- 2423 bytes [09:02 22/03/2011] [22:35 02/07/2011] 90694BF74F3EEACFA647022E2AF5F1CB

========== folderfind ==========

Searching for "*babylon*"
C:\ProgramData\Babylon d------ [22:21 29/06/2012]
C:\ProgramData\WildTangent\Acer Game Console\UI\htdocs2\Common\product\babylonia d------ [22:25 31/03/2010]
C:\Users\All Users\Babylon d------ [22:21 29/06/2012]
C:\Users\All Users\WildTangent\Acer Game Console\UI\htdocs2\Common\product\babylonia d------ [22:25 31/03/2010]
C:\Users\Erik The Red\AppData\Local\Babylon d------ [22:21 29/06/2012]
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar d------ [22:38 02/07/2011]
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar\BabylonToolbar d------ [22:38 02/07/2011]
C:\_OTL\MovedFiles\08152012_171416\C_Users\Erik The Red\AppData\Roaming\Babylon d------ [22:21 29/06/2012]

========== Regfind ==========

Searching for "*babylon*"
No data found.

-= EOF =-
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 16th, 2012, 5:04 am

Hi,

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
c:\Program Files (x86)\SProtector\sprotector.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :files
    C:\Users\Erik The Red\AppData\Local\Babylon\Setup\Babylon.dat 
    C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\babylon48.png
    C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
    C:\ProgramData\Babylon
    C:\Users\All Users\Babylon 
    C:\Users\Erik The Red\AppData\Local\Babylon
    C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • Virustotal or jotti results.
  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 76 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware