Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked by babylon search engine

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijacked by babylon search engine

Unread postby Erikthered » September 2nd, 2012, 12:05 pm

Internet explorer home page is hijacked by the babylon serach engine. I can't change my home page.

This is a reoccurence. The problem was resolved very recently as per my previous post.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Erik The Red at 9:58:04 on 2012-09-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3839.2229 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=114874 ... 262d2f231c
uWindow Title = Internet Explorer, optimized for Bing and MSN
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
mStart Page =
mLocal Page =
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {9427041A-A8DC-4D06-9A68-93873486E957} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe --minimized
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRunOnce: [TheBflixUpdater] "C:\ProgramData\TheBflixUpdater\updater.exe" /schedule /profilepath "C:\ProgramData\TheBflixUpdater\profile.ini"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload ... ontrol.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
AppInit_DLLs: c:\progra~3\bprote~1\21419~1.7\protec~1.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {9427041A-A8DC-4D06-9A68-93873486E957} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRunOnce-x64: [TheBflixUpdater] "C:\ProgramData\TheBflixUpdater\updater.exe" /schedule /profilepath "C:\ProgramData\TheBflixUpdater\profile.ini"
AppInit_DLLs-X64: c:\progra~3\bprote~1\21419~1.7\protec~1.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-22 44808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-31 243232]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-16 185856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-11 250568]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-5 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-02 01:30:06 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Babylon
2012-09-02 01:30:06 -------- d-----w- C:\ProgramData\Babylon
2012-08-23 02:44:17 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-23 02:44:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-23 02:44:06 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-23 02:43:30 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-23 02:43:18 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-23 02:43:18 -------- d-----w- C:\Program Files\AVAST Software
2012-08-23 00:10:13 -------- d-----w- C:\Firefox
2012-08-23 00:00:08 -------- d-----w- C:\ProgramData\Ask
2012-08-22 23:59:48 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-19 16:26:50 -------- d-----w- C:\searchplugins
2012-08-19 16:15:01 -------- d-----w- C:\Users\Erik The Red\AppData\Local\assembly
2012-08-19 16:14:29 -------- d-----w- C:\Users\Erik The Red\AppData\Local\TechSmith
2012-08-15 23:26:38 956416 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 12:53:42 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-15 00:02:34 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 00:02:34 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 00:02:32 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 00:02:32 67584 ----a-w- C:\Windows\splwow64.exe
2012-08-15 00:02:32 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 00:02:31 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 00:02:29 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 00:02:29 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 00:02:29 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 00:02:27 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 23:04:10 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
2012-08-14 23:03:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-14 23:03:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-12 01:56:08 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
2012-08-12 01:56:08 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\DriverCure
2012-08-12 01:56:01 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-12 01:19:04 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-12 01:08:51 -------- d-----w- C:\Users\Erik The Red\AppData\Local\PackageAware
2012-08-07 22:00:20 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
2012-08-07 01:49:41 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Sanna
2012-08-07 01:49:00 -------- d-----w- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
2012-08-04 21:31:24 -------- d-----w- C:\Users\Erik The Red\AppData\Roaming\Dereza
.
==================== Find3M ====================
.
2012-08-30 17:00:29 1409 ----a-w- C:\Windows\QTFont.for
2012-08-23 01:28:42 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 23:59:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 14:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 9:59:10.48 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/09/2010 1:37:55 AM
System Uptime: 02/09/2012 9:53:26 AM (0 hours ago)
.
Motherboard: Acer | | Aspire X3400
Processor: AMD Athlon(tm) II X2 215 Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 495.069 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&47E29E2&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&47E29E2&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP281: 24/08/2012 10:07:18 AM - ComboFix created restore point
RP282: 29/08/2012 7:53:23 PM - Installed DirectX
RP283: 01/09/2012 7:33:08 PM - Removed BabylonObjectInstaller
.
==== Installed Programs ======================
.
.
A Kingdom for Keflings
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2 MUI
Adobe Shockwave Player 11.6
Advertising Center
Age of Castles
Ancient Rome
Animal Genius
AnswerWorks 5.0 English Runtime
avast! Free Antivirus
Aztec Tribe
Barnyard's Sherlock's Hooves
Be a King - Lost Lands
Be a King 2
Bejeweled 2 Deluxe
Bicycle Texas Hold 'em
BlackBerry App World Browser Plugin
Blackhawk Striker 2
Bob the Builder - Can-Do Carnival
Bob the Builder Can-Do-Zoo
Brain Training for Dummies
Buccaneer
Build-a-lot 2
Caillou(R) Magic Playhouse(TM)
Cannon Fodder 3
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3100 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Chloe's Dream Resort
Cinema Tycoon
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Crazy Chicken: Atlantis
Dead Hungry Diner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Didi & Ditto
Diego's Dinosaur Adventure
Diego's Safari Adventure
Dora's Ballet Adventures
Dora's World Adventure
Dora Saves the Crystal Kingdom
Dora Saves the Snow Princess
Escape Rosecliff Island
eSobi v2
Express Burn
Faerie Solitaire
FATE
FATE - The Traitor Soul
FATE - Undiscovered Realms
FATE: The Cursed King
ffdshow v1.2.4422 [2012-04-09]
Geneforge
Geneforge 5
GO Diego GO! Dinosaur Rescue
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Haali Media Splitter
Happyville - Quest for Utopia
Hidden Object Studios™ - I'll Believe You
Hotel Mogul
Hotkey Utility
Ice Cream Craze - Tycoon Takeover
Identity Card
ImagXpress
Island Defense
Java 7 Update 6
Java Auto Updater
JavaFX 2.1.1
Jewel Quest Solitaire 3
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
Lemonade Tycoon 2
Math Blaster
MediaGet2 version 2.1.716.0
MediaGet2 version 2.1.890.0
MediaShow Espresso
Medieval Battlefields
Megapolis
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
Mystery P.I. - Lost in Los Angeles
MyWinLocker
MyWinLocker Suite
Namco All-Stars: PAC-MAN
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA ForceWare Network Access Manager
Path to Success
Penguins!
Pioneer Lands
Plants vs. Zombies
Poker Pop
Poker Superstars II
Poker Superstars III
Polar Bowler
Polar Golfer
Polar Pool
Prism Video File Converter
Prison Tycoon - Alcatraz
Quicken 2009
QuickTime
Realtek High Definition Audio Driver
Roads of Rome
Roads of Rome 2
RollerCoaster Tycoon 3: Platinum
Romopolis
Royal Envoy
Royal Envoy 2 Collector's Edition
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Shredder
Space Trader
SpongeBob Diner Dash 2
SpongeBob SquarePants Typing
SpongeBob Typing
Strike Ball 3
swMSM
The Island: Castaway 2
The Legend of Sanna: Rise of a Great Colony
The Price is Right
The Promised Land
TheBflix Updater
Torchlight
Tradewinds
Tradewinds - Caravans
Tradewinds 2
Tradewinds Legends
TurboTax 2010
TurboTax 2011
UFile 2009
UFile Updater 2009
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Vampires vs. Zombies
Virtual City
Virtual City 2: Paradise Resort
Virtual Families
Virtual Villagers - A New Home
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
War in a Box: Paper Tanks
Welcome Center
Westward II - Heroes of the Frontier
WildTangent Games
WildTangent Games App (Acer Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World Class Poker with T.J. Cloutier
WWII Tank Commander
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
30/08/2012 5:38:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm
Advertisement
Register to Remove

Re: Hijacked by babylon search engine

Unread postby Cypher » September 2nd, 2012, 1:50 pm

Hi and welcome back to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


This is a reoccurence. The problem was resolved very recently as per my previous post.

You have managed to re-infect your computer since we last cleaned it.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe And select Run as administrator to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *babylon*
    
    :folderfind
    *babylon*
    
    :regfind
    babylon 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Logs/Information to Post in your Next Reply

    • OTL.txt and Extra.txt contents.
    • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 2nd, 2012, 5:36 pm

Yes, I realized when it was happening, but it was too late.

OTL logfile created on: 9/2/2012 2:55:23 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 72.92% Memory free
7.50 Gb Paging File | 5.71 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 494.97 Gb Free Space | 84.99% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 14:54:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/08/22 19:28:42 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/08/21 03:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 04:48:21 | 000,603,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswOtl.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 03:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/22 19:28:43 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 03:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 03:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 03:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 03:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 03:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 03:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=114874 ... 262d2f231c
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114874&tt=3512_6&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{F9B63DE7-E6B5-4044-8FC0-B2F866AC60BA}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=005D51E8-287D-47C7-A0D1-53BBD70E79CA&apn_sauid=95A5F70D-FBBE-4721-982B-BF02A93A37A4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\22\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/18 07:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=114874 ... 262d2f231c
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\npbrowserext.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: ADDICT-THING = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjfaocdehinfikepdomohlnignamhgeg\1.0_0\
CHR - Extension: Google Search = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ADDICT-THING = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\depcobcnjnleknjlaojccndbimmafchf\1.0_0\
CHR - Extension: Web Assistant = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\
CHR - Extension: NCH EN = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.15.10_0\
CHR - Extension: avast! WebRep = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: AVG Safe Search = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/17 14:51:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 14:54:34 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/09/02 09:56:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Erik The Red\Desktop\dds.scr
[2012/09/01 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Babylon
[2012/09/01 19:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/29 20:50:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\Documents\st
[2012/08/22 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/22 20:44:24 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/22 20:44:24 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/22 20:44:17 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/22 20:44:16 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/22 20:44:13 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/22 20:44:06 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/22 20:44:05 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/22 20:43:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/22 20:43:29 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/22 20:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/22 20:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/22 19:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/22 18:10:13 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/08/22 18:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/08/22 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/22 17:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/08/19 11:36:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/19 10:26:50 | 000,000,000 | ---D | C] -- C:\searchplugins
[2012/08/19 10:26:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/19 10:15:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\Documents\Snagit
[2012/08/19 10:15:01 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\assembly
[2012/08/19 10:14:29 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\TechSmith
[2012/08/19 10:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/08/19 10:05:39 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\Desktop\searchplugins
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza

========== Files - Modified Within 30 Days ==========

[2012/09/02 14:55:40 | 000,165,376 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/09/02 14:54:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/09/02 14:54:07 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/09/02 14:54:06 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/09/02 14:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 14:53:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/02 14:53:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/02 14:53:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 10:01:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 10:01:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 09:56:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Erik The Red\Desktop\dds.scr
[2012/09/02 09:54:33 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/09/02 09:53:48 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/09/02 09:53:36 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 19:30:13 | 000,002,249 | ---- | M] () -- C:\user.js
[2012/08/30 11:00:29 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2012/08/29 20:49:37 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/08/23 07:29:21 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/22 20:44:26 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/22 20:44:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/22 19:29:09 | 000,002,247 | ---- | M] () -- C:\Users\Erik The Red\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 03:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 03:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 03:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 03:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 03:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 03:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 03:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 03:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 03:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/19 10:06:26 | 000,006,008 | ---- | M] () -- C:\Users\Erik The Red\Documents\Fixit50388.reg
[2012/08/17 14:51:18 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/15 17:34:58 | 000,429,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2012/09/02 14:55:40 | 000,165,376 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/22 20:44:26 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/22 20:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/22 19:29:09 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/22 19:29:09 | 000,002,247 | ---- | C] () -- C:\Users\Erik The Red\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/19 10:06:21 | 000,006,008 | ---- | C] () -- C:\Users\Erik The Red\Documents\Fixit50388.reg
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/09/01 19:30:06 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Babylon
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/09/02 09:53:48 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/02 14:54:06 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/09/02 14:54:07 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 2nd, 2012, 5:37 pm

OTL Extras logfile created on: 9/2/2012 2:55:23 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 72.92% Memory free
7.50 Gb Paging File | 5.71 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 494.97 Gb Free Space | 84.99% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{3CAE8346-666A-4CA9-86C7-44378EDDB69A}C:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BE03BCE6-DA38-4F83-A0E8-F6C52690FC29}C:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9620dc5e-6e3e-48eb-b41b-fd46944de0ef" = War in a Box: Paper Tanks
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-a952f68e-b479-4cd6-94ad-d623cde5c66c" = Buccaneer
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-ad0aa1cc-d86b-437e-9ed9-9d5b6846850c" = Space Trader
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2012 6:16:22 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x112c Faulting application start time: 0x01cd780d995c8da0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 2e5f98b0-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:16:32 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x388 Faulting application start time: 0x01cd780ef2bd9b40 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 34720260-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:17:03 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0xeb0 Faulting application start time: 0x01cd780ef2c5d8a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 46db9a10-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:17:34 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x112c Faulting application start time: 0x01cd780f0a49be60 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 59201d90-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:20:10 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x13f4 Faulting application start time: 0x01cd780f0a4be140 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: b6204060-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:21:47 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x88c Faulting application start time: 0x01cd780f1d0a4fb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: efb639b0-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:13:47 PM | Computer Name = ErikTheRed-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.17006 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1718 Start
Time: 01cd7827a5b01350 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: f1c35ae1-e41a-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:14:32 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x1330 Faulting application start time: 0x01cd7827cba861c0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 12067ad0-e41b-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:23:38 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x2d4 Faulting application start time: 0x01cd782906b22980 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 57a993f0-e41c-11e1-98c1-00262d2f231c

Error - 8/13/2012 10:24:34 PM | Computer Name = ErikTheRed-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a8 Start
Time: 01cd78a98310e0de Termination Time: 231 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 12/29/2011 4:14:09 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 4:50:14 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 5:38:13 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 5:50:14 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 6:14:19 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 6:37:22 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 8:01:12 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 10:01:25 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 11:01:21 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/30/2011 12:01:18 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 2nd, 2012, 5:38 pm

OTL Extras logfile created on: 9/2/2012 2:55:23 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 72.92% Memory free
7.50 Gb Paging File | 5.71 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 494.97 Gb Free Space | 84.99% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{3CAE8346-666A-4CA9-86C7-44378EDDB69A}C:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BE03BCE6-DA38-4F83-A0E8-F6C52690FC29}C:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9620dc5e-6e3e-48eb-b41b-fd46944de0ef" = War in a Box: Paper Tanks
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-a952f68e-b479-4cd6-94ad-d623cde5c66c" = Buccaneer
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-ad0aa1cc-d86b-437e-9ed9-9d5b6846850c" = Space Trader
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2012 6:16:22 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x112c Faulting application start time: 0x01cd780d995c8da0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 2e5f98b0-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:16:32 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x388 Faulting application start time: 0x01cd780ef2bd9b40 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 34720260-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:17:03 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0xeb0 Faulting application start time: 0x01cd780ef2c5d8a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 46db9a10-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:17:34 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x112c Faulting application start time: 0x01cd780f0a49be60 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 59201d90-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:20:10 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x13f4 Faulting application start time: 0x01cd780f0a4be140 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: b6204060-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:21:47 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x88c Faulting application start time: 0x01cd780f1d0a4fb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: efb639b0-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:13:47 PM | Computer Name = ErikTheRed-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.17006 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1718 Start
Time: 01cd7827a5b01350 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: f1c35ae1-e41a-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:14:32 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x1330 Faulting application start time: 0x01cd7827cba861c0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 12067ad0-e41b-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:23:38 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x2d4 Faulting application start time: 0x01cd782906b22980 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 57a993f0-e41c-11e1-98c1-00262d2f231c

Error - 8/13/2012 10:24:34 PM | Computer Name = ErikTheRed-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a8 Start
Time: 01cd78a98310e0de Termination Time: 231 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 12/29/2011 4:14:09 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 4:50:14 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 5:38:13 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 5:50:14 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 6:14:19 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 6:37:22 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 8:01:12 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 10:01:25 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 11:01:21 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/30/2011 12:01:18 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 2nd, 2012, 5:39 pm

OTL Extras logfile created on: 9/2/2012 2:55:23 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 72.92% Memory free
7.50 Gb Paging File | 5.71 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 494.97 Gb Free Space | 84.99% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175E8DFE-D42B-42D6-A5C5-634CF167B774}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C6A9BC0-429D-4953-85EF-D0A063E22C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{29B83E95-EFB5-4675-8E56-FF4534C32A1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A47B780-61BD-4384-820B-505373D1F84E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7C33F9-8868-4F2F-8F60-8BF77C7AA66E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D79A55B-E2D4-4062-8826-0E070284AE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5619D711-A62F-43E5-90C6-1225CAC1C3E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57248FD7-1F4B-46C5-9553-9F06F1B656B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{64796BB1-7D67-44F9-934A-7D9FB62FF62E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BB207E-01C3-4E21-9F70-20D99673857B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82C9D9B6-DBAB-427A-B017-0CD4700317F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C6DEFCD-AE48-492D-84C8-3CA2C2BF5CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97456DA6-07C8-4F70-9B1E-E8953CCC2B37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD78807-D801-46D0-9C74-51BE8622B1A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B382B080-1A2D-4BEC-8D86-FC3D07878512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B86B8E7C-332A-4876-BEDE-D36A1B5C17CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC972EFF-239F-4A78-81CD-CDEBBB260642}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0FE30C4-37EA-41EF-B8CF-3695111DB616}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF70E666-067B-46B2-8125-287E7983742A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7B7271D-E90A-4561-BB7F-5DAF50D9C277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB31A678-63BB-44C1-A797-D11AFD69A885}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEF5F761-CC7E-4AEE-97D8-0EC69509FD84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F98447C3-A851-459E-B876-917F368EF0D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB28D4AA-EEEA-48FA-A1F9-4BB9DD714658}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC520AEE-15B4-485A-B0C0-08B0AF27C7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FC92D637-6EAC-47D0-A364-3F51A13B8041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8CF5A-195D-4523-BD07-3E01151BB32D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09E0DA11-06D7-4D0D-9BA7-BC9DDAB9AEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{15DA65C9-F0F9-4245-B125-3EADB469240C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{18297C61-6F99-4BB7-97C5-DF157BAAF7EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C093C0-0CD5-465D-AFCE-8B233D5D1023}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{2B0E5013-0290-4839-92F5-937DE41C7587}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E1A5378-A2D9-4430-878D-041D2CB9CC8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A60528-0BEE-4AB5-B67D-346640D93F10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36B1E237-0FCB-4B7D-A1EE-A24A5BC33783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C7CC311-6D06-4D58-9B2D-DD49986BAE02}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46315C8E-7D03-4F16-9C38-C547F0C89299}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{4986DA02-7A5C-4C58-9373-A03E6A2C07B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FF21D5F-3DF7-469E-A4C2-56EDDBC20D2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50F842BD-319E-4EEA-AD94-DB9176F5F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{526275EB-3130-4BD9-969B-15F43B2BC50B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{53E5F7D1-D91B-4132-AD04-F025DECD064D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5527E7C4-9287-49CC-B94F-96B2A29F686D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66032EE3-57B9-4A4A-A984-C225C2664087}" = protocol=6 | dir=out | app=system |
"{66E8B0A4-EFFC-4527-ADE5-B1A1EFBDDE10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E2CBDCA-FA9F-46A2-A214-89B3A4D6F215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{704CE9D8-3BDE-4451-90C5-BC699F546A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80862855-1DFA-4510-B51F-2E65CD79E13A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{8164F120-AEB5-4075-8476-D278484E61FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{885E8F97-B457-4320-8D70-99435C2253D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A755EE8-5C54-4EDE-94E7-03F336BB2612}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{931918C6-94D5-45F1-B65D-748F71AFF838}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{975BA30E-FECE-4CC1-B2CA-A6106587B4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C9C2BC4-68B5-4B7C-BF93-DA4DCB5DAB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AB664AD4-D4A8-4012-99B1-2F4D4FDF6C6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8027EB8-09E4-4521-956E-F3A822307216}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{BAE34499-C164-4854-9211-8C8260227AD8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9C9702D-5237-4FB7-A0C7-78C4E338C393}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAB21B26-38A4-4CDF-8506-AED39BCBD33F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF11B5AE-DC7E-4B30-9084-92720CFCE61F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{E0BFFD44-6722-4344-93B8-C4AA4803E480}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9C11EEE-5BB7-40AC-9454-ED1F8AFFB0F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{ECEC95BD-6A42-4BC6-975D-53246BEAE52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE008324-4F3E-440E-8EB5-97CC3B3F8DBC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F22A7C3E-44B6-46AA-A89D-3843A6A325C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FB862F03-AEBD-46E7-B501-E1E9EAD6F312}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{3CAE8346-666A-4CA9-86C7-44378EDDB69A}C:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe |
"TCP Query User{61D76D1F-EC5F-4531-82E1-BA198E329853}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{ACC94CE4-CF1D-4905-B359-2479AE93BB1F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C459A7A8-2F88-4CF7-A335-AD29F01F27B2}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{2175B32D-730E-4586-9797-91A29827066B}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BE03BCE6-DA38-4F83-A0E8-F6C52690FC29}C:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wildtangent games\games\spacetrader\spacetrader.exe |
"UDP Query User{BF03B11D-E3F4-41CA-A50A-F4FF5D636DDB}C:\users\erik the red\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\erik the red\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C63EC496-3E29-4720-8749-E3084A2FDD03}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F3AEB27-51AE-4F18-9943-BB8F096F712E}" = TheBflix Updater
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8935d570-6487-44e5-bf10-6ed54b88c11d}" = Nero 9 Essentials
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.716.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AF92749E-BC99-47e0-8968-D4420896A64A}" = Quicken 2009
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6797F11-4A7D-45F5-8A20-72E9CCD83538}" = UFile Updater 2009
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D36F4DCA-B6D5-403A-B69D-2439D59FC9A7}" = UFile 2009
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Caillou(R) Magic Playhouse(TM)" = Caillou(R) Magic Playhouse(TM)
"Canon MG3100 series On-screen Manual" = Canon MG3100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Didi & Ditto" = Didi & Ditto
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Math Blaster" = Math Blaster
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Prism" = Prism Video File Converter
"QuickTime" = QuickTime
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-031b97cb-e43c-482a-ae45-e87ef70b83d5" = WWII Tank Commander
"WTA-069b90cd-ef30-4a69-9f7e-794c445c8535" = Prison Tycoon - Alcatraz
"WTA-0dbe009e-fa54-45a8-9339-2999aed0179f" = Dora Saves the Crystal Kingdom
"WTA-1127e64e-430c-42ed-971f-a2f20855e48f" = Diego's Dinosaur Adventure
"WTA-12ad7f97-4be9-4aa8-a126-819fc46cc9e6" = Governor of Poker 2 Premium Edition
"WTA-1ce4e0a2-d05c-42a4-bb23-bbf93b8f2c94" = Path to Success
"WTA-1da868c0-3f18-442a-94a3-6527c3541e30" = Westward II - Heroes of the Frontier
"WTA-1f6fd667-1c39-4b9e-893f-a30eace62049" = SpongeBob Typing
"WTA-22977754-04c8-449c-94b3-ebf3575ccfd7" = Hidden Object Studios™ - I'll Believe You
"WTA-2c41918a-dbc5-482b-b696-457e113b2221" = SpongeBob Diner Dash 2
"WTA-376f7495-b33b-4bfd-b6b4-7360bc7d5dcc" = Chloe's Dream Resort
"WTA-37cdfc19-2c69-481b-8319-1d1362984dd6" = Brain Training for Dummies
"WTA-3e850f67-bbed-44ee-a988-ce6791f98312" = Romopolis
"WTA-424a0d4b-ffd3-4c75-b296-ac0ca6925e7d" = Virtual City
"WTA-43e2d92c-eb81-4106-a232-ba3b9c2b82a2" = Age of Castles
"WTA-4a35c6b9-609c-41f7-b42c-136c5f86925b" = Diego's Safari Adventure
"WTA-4a670ddc-03a5-4d3e-a5ec-47d979d0c4c4" = Cannon Fodder 3
"WTA-4b99c24a-04e9-47b2-ad89-2e6e9e56edcf" = Dora Saves the Snow Princess
"WTA-4f9e0bd6-61cb-4ce7-83da-edc2f388cf35" = Vampires vs. Zombies
"WTA-52f60c17-ef9d-4604-82d9-3f6dbf5c7152" = Be a King - Lost Lands
"WTA-5795f6ec-d25d-4690-80fa-fef4a1f85db6" = Poker Pop
"WTA-5cbe04b3-7a2c-4a77-b967-5da8bc2b2ae5" = Dora's Ballet Adventures
"WTA-5dd01be7-4451-46f3-a4b4-5f9714ad915b" = Hotel Mogul
"WTA-5ddf6751-092c-47cc-b100-05b23ead6396" = Pioneer Lands
"WTA-5fb87072-6f77-41d3-b15e-7f7a7560d915" = Island Defense
"WTA-6202cd36-1ee6-4897-af70-0368b10db3a5" = Animal Genius
"WTA-66605bbf-8968-40e7-97ff-1b5d6ef43c74" = Lemonade Tycoon 2
"WTA-6802b15f-cf83-43b0-807a-b7908ea28f46" = Virtual City 2: Paradise Resort
"WTA-6988af40-a4f8-48f1-b704-d5c34cdcbc47" = Cinema Tycoon
"WTA-6b4dea22-18e1-452a-a889-39c271a872f9" = Tradewinds - Caravans
"WTA-6c980fd6-7774-45f7-bbbf-c47cf5b79505" = Bob the Builder - Can-Do Carnival
"WTA-70deeedb-2375-4c6a-97d7-2dc1c6ab22c7" = Bicycle Texas Hold 'em
"WTA-7213b00e-d529-45b4-b3d9-525b9015a873" = Medieval Battlefields
"WTA-737c7fd7-bbf3-4ca0-97d1-dd5b407ebda4" = Aztec Tribe
"WTA-74a177f0-05d2-47ca-8b15-a01e51fec9be" = FATE
"WTA-7aaa4a47-e195-4631-ba06-2e393cdcf482" = Roads of Rome 2
"WTA-7b2346a5-aa0d-4768-bdec-afc6ecbebacd" = GO Diego GO! Dinosaur Rescue
"WTA-7d588e65-0b8e-48d9-993b-43c62987e218" = Tradewinds
"WTA-7e0ef5d4-23d1-4e73-ae43-2a85dea0fd1f" = Crazy Chicken: Atlantis
"WTA-7f577d05-a031-481b-846c-80af3f9cc2c6" = Dead Hungry Diner
"WTA-82a3107a-e8f7-4ee1-8db6-782e698967da" = Royal Envoy
"WTA-83669025-3b39-4446-aeee-ab6638a5b665" = The Promised Land
"WTA-87b72bba-595b-48c9-b703-1b99ba9f318b" = Strike Ball 3
"WTA-87f370e7-1180-4a21-9313-ac29613e6e14" = Be a King 2
"WTA-88abb04f-b436-4a8c-a0fc-b8686fbfadd8" = Polar Pool
"WTA-8da2686e-3bbd-440f-825b-33785fec7824" = The Legend of Sanna: Rise of a Great Colony
"WTA-9054be30-83af-468c-b910-1f7d38095e8d" = Ice Cream Craze - Tycoon Takeover
"WTA-90a041c1-017d-489f-afa3-e7ac30ab2200" = Torchlight
"WTA-92238218-d319-4fdb-b04a-2d5cc8d7a49e" = Tradewinds Legends
"WTA-94d3da32-0879-4790-86fd-3ea29d31d0fc" = Poker Superstars III
"WTA-95188105-f942-482f-987a-eb5aa1ffb2dd" = Happyville - Quest for Utopia
"WTA-9620dc5e-6e3e-48eb-b41b-fd46944de0ef" = War in a Box: Paper Tanks
"WTA-9d579ee8-9a1b-4781-ad59-443e547454fe" = Dora's World Adventure
"WTA-9eb8a197-80c4-433f-8ebe-3c69892016d6" = FATE - Undiscovered Realms
"WTA-a6d4201b-b44f-4e45-96a5-1faaef49307c" = Megapolis
"WTA-a7123ce7-9a41-49ea-8f82-f1147cff2bae" = Geneforge
"WTA-a952f68e-b479-4cd6-94ad-d623cde5c66c" = Buccaneer
"WTA-ab4a45c7-70f4-4883-b372-fb6d377501c5" = A Kingdom for Keflings
"WTA-ad0aa1cc-d86b-437e-9ed9-9d5b6846850c" = Space Trader
"WTA-b279e20f-78d7-4e4b-8b7c-add1aba74c69" = FATE: The Cursed King
"WTA-b777cfe8-8c67-437a-ba67-43cf3f0df6a4" = World Class Poker with T.J. Cloutier
"WTA-bd3a88d1-7777-42fc-8c37-b5004432cb8a" = Namco All-Stars: PAC-MAN
"WTA-c51c364b-04c8-4dc7-8acd-48969b38c154" = Geneforge 5
"WTA-ceb68ccb-eca0-4877-842e-eaf83bd6fd41" = Ancient Rome
"WTA-d5bd3841-9f63-451f-bcc2-58383e4d59ca" = RollerCoaster Tycoon 3: Platinum
"WTA-d9b6a693-d69d-41a7-9563-c0044b570781" = Barnyard's Sherlock's Hooves
"WTA-e8242818-aaca-41b6-9602-4bc7169b3a10" = The Island: Castaway 2
"WTA-ec4b9615-52a0-48e5-9bcf-911af66d3e0e" = Royal Envoy 2 Collector's Edition
"WTA-f28920e4-df7a-4138-9f13-c4d59075b4d8" = Tradewinds 2
"WTA-f3ecbf39-909d-4f99-85fd-83268c07908e" = Roads of Rome
"WTA-f9461172-f6a0-4489-b5ca-29b309a71b88" = Poker Superstars II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2012 6:16:22 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x112c Faulting application start time: 0x01cd780d995c8da0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 2e5f98b0-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:16:32 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x388 Faulting application start time: 0x01cd780ef2bd9b40 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 34720260-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:17:03 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0xeb0 Faulting application start time: 0x01cd780ef2c5d8a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 46db9a10-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:17:34 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x112c Faulting application start time: 0x01cd780f0a49be60 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 59201d90-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:20:10 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x13f4 Faulting application start time: 0x01cd780f0a4be140 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: b6204060-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 6:21:47 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x88c Faulting application start time: 0x01cd780f1d0a4fb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: efb639b0-e402-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:13:47 PM | Computer Name = ErikTheRed-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.17006 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1718 Start
Time: 01cd7827a5b01350 Termination Time: 9 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: f1c35ae1-e41a-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:14:32 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.17006,
time stamp: 0x4f90d722 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x1330 Faulting application start time: 0x01cd7827cba861c0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 12067ad0-e41b-11e1-bdb2-00262d2f231c

Error - 8/11/2012 9:23:38 PM | Computer Name = ErikTheRed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: AVG Secure Search_toolbar.dll, version:
11.1.0.12, time stamp: 0x4fbdfd40 Exception code: 0xc0000409 Fault offset: 0x00119e28
Faulting
process id: 0x2d4 Faulting application start time: 0x01cd782906b22980 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Report
Id: 57a993f0-e41c-11e1-98c1-00262d2f231c

Error - 8/13/2012 10:24:34 PM | Computer Name = ErikTheRed-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a8 Start
Time: 01cd78a98310e0de Termination Time: 231 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 12/29/2011 4:14:09 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 4:50:14 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 5:38:13 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 5:50:14 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 6:14:19 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 6:37:22 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 8:01:12 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 10:01:25 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/29/2011 11:01:21 PM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =

Error - 12/30/2011 12:01:18 AM | Computer Name = ErikTheRed-PC | Source = bowser | ID = 8003
Description =


< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 2nd, 2012, 5:43 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:41 on 02/09/2012 by Erik The Red
Administrator - Elevation successful

========== filefind ==========

Searching for "*babylon*"
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJBPJJYP\search_babylon_com[1].htm --a---- 5704 bytes [02:01 02/09/2012] [02:01 02/09/2012] 73D776777690599B7B6CBD37C11FF90D
C:\Users\Erik The Red\AppData\Local\Temp\MyBabylonTB.exe --a---- 867480 bytes [01:30 02/09/2012] [01:30 02/09/2012] 0F871F3D13B8736D0FE59983ADAB5E81

========== folderfind ==========

Searching for "*babylon*"
C:\ProgramData\Babylon d------ [01:30 02/09/2012]
C:\ProgramData\WildTangent\Acer Game Console\UI\htdocs2\Common\product\babylonia d------ [22:25 31/03/2010]
C:\Users\All Users\Babylon d------ [01:30 02/09/2012]
C:\Users\All Users\WildTangent\Acer Game Console\UI\htdocs2\Common\product\babylonia d------ [22:25 31/03/2010]
C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar d------ [01:30 02/09/2012]
C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar d------ [01:30 02/09/2012]
C:\Users\Erik The Red\AppData\Roaming\Babylon d------ [01:30 02/09/2012]

========== regfind ==========

Searching for "babylon "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]

-= EOF =-
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Cypher » September 3rd, 2012, 5:15 am

Hi,
Do the following then let me know if you're still having problems.

We need to run an OTL Fix

  • Right-click OTL.exe And select Run as administrator to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint] 
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    E - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=114874 ... 262d2f231c
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114874&tt=3512_6&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
    IE - HKCU\..\SearchScopes\{F9B63DE7-E6B5-4044-8FC0-B2F866AC60BA}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=005D51E8-287D-47C7-A0D1-53BBD70E79CA&apn_sauid=95A5F70D-FBBE-4721-982B-BF02A93A37A4
    CHR - homepage: http://search.babylon.com/?affID=114874 ... 262d2f231c
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
    O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
    
    :files
    C:\Users\Erik The Red\AppData\Roaming\Babylon
    C:\ProgramData\Babylon
    C:\ProgramData\Ask
    C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJBPJJYP\search_babylon_com[1].htm
    C:\Users\Erik The Red\AppData\Local\Temp\MyBabylonTB.exe
    C:\Users\All Users\Babylon 
    C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar 
    C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Right-click SystemLook.exe And select Run as administrator to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *babylon*
    
    :folderfind
    *babylon*
    
    :regfind
    babylon 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Logs/Information to Post in your Next Reply

    • OTL fix log.
    • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 3rd, 2012, 9:59 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9B63DE7-E6B5-4044-8FC0-B2F866AC60BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9B63DE7-E6B5-4044-8FC0-B2F866AC60BA}\ not found.
Use Chrome's Settings page to change the HomePage.
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Extension64.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client\ deleted successfully.
========== FILES ==========
C:\Users\Erik The Red\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJBPJJYP\search_babylon_com[1].htm not found.
C:\Users\Erik The Red\AppData\Local\Temp\MyBabylonTB.exe moved successfully.
File\Folder C:\Users\All Users\Babylon not found.
C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.6.9.12 folder moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar folder moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Erik The Red\Desktop\cmd.bat deleted successfully.
C:\Users\Erik The Red\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Erik The Red
->Temp folder emptied: 7538873 bytes
->Temporary Internet Files folder emptied: 52298686 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8070340 bytes
->Flash cache emptied: 774 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 689387 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 165888 bytes

Total Files Cleaned = 66.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09032012_075252

Files\Folders moved on Reboot...
C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\~DF7BB420961E41ECD5.TMP not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\~DF88B8D4335B7FAC0B.TMP not found!
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{81D786C6-8FAA-493D-AA44-0DFA16A6498A}.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 3rd, 2012, 10:03 am

SystemLook 30.07.11 by jpshortstuff
Log created at 08:00 on 03/09/2012 by Erik The Red
Administrator - Elevation successful

========== filefind ==========

Searching for "*babylon*"
C:\_OTL\MovedFiles\09032012_075252\C_Users\Erik The Red\AppData\Local\Temp\MyBabylonTB.exe --a---- 867480 bytes [01:30 02/09/2012] [01:30 02/09/2012] 0F871F3D13B8736D0FE59983ADAB5E81

========== folderfind ==========

Searching for "*babylon*"
C:\ProgramData\WildTangent\Acer Game Console\UI\htdocs2\Common\product\babylonia d------ [22:25 31/03/2010]
C:\Users\All Users\WildTangent\Acer Game Console\UI\htdocs2\Common\product\babylonia d------ [22:25 31/03/2010]
C:\_OTL\MovedFiles\09032012_075252\C_ProgramData\Babylon d------ [01:30 02/09/2012]
C:\_OTL\MovedFiles\09032012_075252\C_Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar d------ [01:30 02/09/2012]
C:\_OTL\MovedFiles\09032012_075252\C_Users\Erik The Red\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar d------ [01:30 02/09/2012]
C:\_OTL\MovedFiles\09032012_075252\C_Users\Erik The Red\AppData\Roaming\Babylon d------ [01:30 02/09/2012]

========== regfind ==========

Searching for "babylon "
No data found.

-= EOF =-
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 3rd, 2012, 10:07 am

Thanks for your help again. System update: Still have webpage issue. I've noticed that a box has popped up a couple of time asking if I would let Justcheck madke changes to my computer. I chose no.

Cheers,
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Cypher » September 3rd, 2012, 10:21 am

Hi,
Thanks for your help again.

You're welcome.
I've noticed that a box has popped up a couple of time asking if I would let Justcheck madke changes to my computer. I chose no.

As far as i know, Justcheck belongs to the Java update manager, has the babylon problem been resolved?
Let me know in your next reply.


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 3rd, 2012, 11:07 am

Problem has not been resolved yet.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hijacked by babylon search engine

Unread postby Cypher » September 3rd, 2012, 12:05 pm

Ok, post the ESET log when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hijacked by babylon search engine

Unread postby Erikthered » September 3rd, 2012, 1:27 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


This is all the log shows.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 101 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware