Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security Center disables automatically/Redirected on search engines


16 Jul 2011   #1

MS Windows 7 Home Premium 32-bit SP1
 
 
Security Center disables automatically/Redirected on search engines

Hello. A few days ago, I started having a problem with my security center and later afterwards, Ive noticed that whenever I click on a link in a search engine such as google, I get redirected to a different site.

Whenever I try to enable the security center from Services.msc, about 30 seconds later it gets disabled by itself and a red X appears on the action center flag with a message saying to turn it back on. When I do turn it on from the action center, I get a message saying "The Windows Security Center service cant be started." Ive checked the dependencies for the security center which are DCOM Server Process Launcher, Remote Procedure Call (RPC), and Windows Management Instrumentation and they are all started and automatic.

I figure that there is malware causing this. I had Microsoft Security Essentials installed when this happened, but since the problem started, it wouldnt start up for some reason so I uninstalled it and installed Avira, Malwarebytes' Anti-malware, and Spybot Search & Destroy. I did a full system scan with those and I removed some things that were found that appeared "unknown" but I note that Spybot is the only one that does however find "Microsoft.WindowsSecurityCenter_disabled" and under that was

"(SBI $2E20C9A9) Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2".

So I fixed that and tried to enable it again but the problem still remains. Any ideas? Im lost at what to do here


My System SpecsSystem Spec
.

18 Jul 2011   #2

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Hello phillywells and welcome to the forums

Can you do the following for me please:

CKScanner

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Attach the log CKFiles.txt that has been created on your desktop with your next post

aswMBR

Please close any open work because sometimes this will cause a BSOD
Download aswMBR from here and save it to your desktop
Right click on it and select run as administrator
When it opens, click on the Scan button
When the scan completes, click on the Save log button and attach the log with your next post
If you do encounter a BSOD then try again - if the BSODs are persistant then let me know

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Malwarebytes Anti-Malware

Download and install MBAM from here
Run a full scan and attach the log with your next post for me to analyse

Tom
My System SpecsSystem Spec
18 Jul 2011   #3

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote   Quote: Originally Posted by phillywells View Post
Hello. A few days ago, I started having a problem with my security center and later afterwards, Ive noticed that whenever I click on a link in a search engine such as google, I get redirected to a different site.

Whenever I try to enable the security center from Services.msc, about 30 seconds later it gets disabled by itself and a red X appears on the action center flag with a message saying to turn it back on. When I do turn it on from the action center, I get a message saying "The Windows Security Center service cant be started." Ive checked the dependencies for the security center which are DCOM Server Process Launcher, Remote Procedure Call (RPC), and Windows Management Instrumentation and they are all started and automatic.

I figure that there is malware causing this. I had Microsoft Security Essentials installed when this happened, but since the problem started, it wouldnt start up for some reason so I uninstalled it and installed Avira, Malwarebytes' Anti-malware, and Spybot Search & Destroy. I did a full system scan with those and I removed some things that were found that appeared "unknown" but I note that Spybot is the only one that does however find "Microsoft.WindowsSecurityCenter_disabled" and under that was

"(SBI $2E20C9A9) Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2".

So I fixed that and tried to enable it again but the problem still remains. Any ideas? Im lost at what to do here
Welcome to SevenForums. Wish the circumstances were a little more pleasant.

Download, install and run MalwareBytes (link in my sig).

Let me know the results. Thanks.
My System SpecsSystem Spec
.


18 Jul 2011   #4

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

You could also try this:

http://www.sevenforums.com/tutorials...m-sweeper.html

EDIT: Sorry Karl. Didn't see it listed in your sig.
My System SpecsSystem Spec
18 Jul 2011   #5

MS Windows 7 Ultimate SP1 64-bit
 
 

Thanks for mentioning the sweeper. I had only mentioned MalwareBytes.

Let's hope that one of them comes up something.
My System SpecsSystem Spec
18 Jul 2011   #6

MS Windows 7 Home Premium 32-bit SP1
 
 

Code:
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\bestgameever\audiosurf\engine\channels\crypt.dll
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar.kfm
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar.nif
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_ac_down_atk.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_attack.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_critical.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_damage.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_die.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_normal_atk.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_normal_wide.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_run.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_stand.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_walk.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcarb_crackbip01_skill5.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill1.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill2.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill3.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill3_cast.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_attack.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_critical.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_damage.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_die.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_run.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_stand.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_walk.kf
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_ac_down_atk.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_attack.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_attack_op.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_die.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_normal_atk.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_normal_wide.nif
c:\program files\outspark\fiesta\reseffect\b_crackerlooter_curse_wide.nif
c:\program files\outspark\fiesta\reseffect\firecracker01.nif
c:\program files\outspark\fiesta\reseffect\firecracker02.nif
c:\program files\outspark\fiesta\reseffect\hfirecracker00.nif
c:\program files\outspark\fiesta\reseffect\sta_crackeracdownloof.nif
c:\program files\outspark\fiesta\reseffect\sta_crackerdiseaseloof.nif
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.conf
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.nif
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.shbd
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.shmd
c:\program files\outspark\fiesta\resmap\field\b_cracker\darkcave_water.nif
c:\program files\outspark\fiesta\resmenu\minimap\b_cracker.dds
c:\program files\outspark\fiesta\ressystem\action\b_crackerhumar.dat
c:\users\phill\music\itunes\itunes media\music\tchaikovsky\unknown album\the nutcracker (soft).m4a
c:\users\phill\music\itunes\itunes media\music\tchaikovsky\unknown album\the nutcracker.m4a
scanner sequence 3.ZZ.11.LVAPCD
----- EOF ----- 
 
aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-18 13:30:59
-----------------------------
13:30:59.241 OS Version: Windows 6.1.7601 Service Pack 1
13:30:59.241 Number of processors: 2 586 0x4802
13:30:59.241 ComputerName: PHILL-PC UserName: Phill
13:31:15.756 Initialize success
13:31:39.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-0
13:31:39.105 Disk 0 Vendor: TOSHIBA_MK6034GSX AH101D Size: 57231MB BusType: 3
13:31:39.105 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000078
13:31:39.105 Disk 1 Vendor: RICOH 01 Size: 3759MB BusType: 0
13:31:39.121 Disk 0 MBR read successfully
13:31:39.121 Disk 0 MBR scan
13:31:39.136 Disk 0 Windows 7 default MBR code
13:31:39.136 Disk 0 scanning sectors +117207040
13:31:39.230 Disk 0 scanning C:\Windows\system32\drivers
13:31:48.996 Service scanning
13:31:51.464 Disk 0 trace - called modules:
13:31:51.496 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll atiide.sys PCIIDEX.SYS atapi.sys 
13:31:51.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a97a78]
13:31:51.511 3 CLASSPNP.SYS[877a259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-0[0x859b8908]
13:31:52.027 Scan finished successfully
13:32:05.449 Disk 0 MBR has been saved successfully to "C:\Users\Phill\Desktop\MBR.dat"
13:32:05.464 The log file has been saved successfully to "C:\Users\Phill\Desktop\aswMBR.txt"
 
OTL logfile created on: 7/18/2011 1:46:15 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Phill\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.05 Mb Total Physical Memory | 226.96 Mb Available Physical Memory | 25.39% Memory free
1.87 Gb Paging File | 1.09 Gb Available in Paging File | 58.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.72 Gb Total Space | 5.45 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive D: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.66 Gb Total Space | 0.19 Gb Free Space | 5.23% Space Free | Partition Type: FAT32
Drive G: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 5.67 Gb Total Space | 0.23 Gb Free Space | 4.11% Space Free | Partition Type: FAT32
 
Computer Name: PHILL-PC | User Name: Phill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Phill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Phill\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxebcoms.exe ( )
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Phill\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (lxeb_device) -- C:\Windows\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (67329092) -- C:\Windows\system32\DRIVERS\67329092.sys (Kaspersky Lab ZAO)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (SmartDefragDriver) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (atiide) -- C:\Windows\system32\DRIVERS\atiide.sys (ATI Technologies Inc.)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook - Log In, Sign Up or Learn More
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.WeatherBlink.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phill\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phill\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011/06/21 17:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phill\AppData\Roaming\Mozilla\Extensions
[2011/06/22 13:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phill\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/01/30 20:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phill\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
 
O1 HOSTS File: ([2011/07/16 20:00:36 | 000,000,084 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.example.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Google Update] C:\Users\Phill\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemp.../SysProExe.CAB (WMI Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab...i_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 04:26:40 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/05/24 18:34:11 | 000,000,046 | RH-- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{11e68bdd-92eb-11e0-9938-000d0bc45ef3}\Shell - "" = AutoRun
O33 - MountPoints2\{11e68bdd-92eb-11e0-9938-000d0bc45ef3}\Shell\AutoRun\command - "" = G:\Installer.exe -- [2010/05/24 18:34:11 | 002,505,256 | R--- | M] ()
O33 - MountPoints2\{8900f934-12cf-11e0-ad04-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8900f934-12cf-11e0-ad04-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/07/14 04:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\Windows\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/18 13:40:12 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Phill\Desktop\OTL.exe
[2011/07/18 13:19:39 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\Phill\Desktop\aswMBR.exe
[2011/07/17 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\Phill\Incomplete
[2011/07/17 05:02:38 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/07/17 05:02:38 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/07/17 03:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/07/17 03:53:16 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\67329092.sys
[2011/07/17 03:33:19 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2011/07/17 03:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/17 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\NPE
[2011/07/17 02:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/16 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/07/15 20:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/15 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\AVG10
[2011/07/15 12:48:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/15 12:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/15 12:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/15 11:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/15 10:44:17 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Apple Computer
[2011/07/15 08:33:32 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Malwarebytes
[2011/07/15 08:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/12 21:34:16 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/12 21:34:16 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/12 21:33:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 21:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 21:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 21:33:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 21:33:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 21:33:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 21:33:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 21:33:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 21:33:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 21:32:47 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/11 08:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/02 13:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nintendo Wi-Fi USB Connector
[2011/07/02 13:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\WiFiConnector
[2011/07/02 08:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/02 08:11:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/02 08:11:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/02 08:11:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/29 14:35:11 | 000,028,672 | ---- | C] (Axis) -- C:\Windows\System32\PCWinSoftPBar.ocx
[2011/06/29 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1AVCapture
[2011/06/29 14:35:09 | 000,630,784 | ---- | C] (Axis) -- C:\Windows\System32\AxisToolBar.ocx
[2011/06/29 14:35:09 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX
[2011/06/29 14:35:09 | 000,264,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DS32.AX
[2011/06/29 14:35:09 | 000,188,416 | ---- | C] (Unreal Streaming Technologies Group.) -- C:\Windows\System32\UScreenCapture.ax
[2011/06/29 14:35:09 | 000,126,976 | ---- | C] (Ariel Systems) -- C:\Windows\System32\ArielColorCtrl.ocx
[2011/06/29 14:35:09 | 000,073,728 | ---- | C] (PCWinSoft Systems Ltd) -- C:\Windows\System32\TOverlay.ax
[2011/06/29 14:35:09 | 000,053,248 | ---- | C] (DeskShare) -- C:\Windows\System32\DSTimeStamp.ax
[2011/06/29 14:35:09 | 000,036,864 | ---- | C] (Axis) -- C:\Windows\System32\Sof2FFTPrj.ocx
[2011/06/29 14:35:09 | 000,028,672 | ---- | C] (Axis) -- C:\Windows\System32\SpecBarPrj.ocx
[2011/06/29 14:34:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\1AVCapture
[2011/06/29 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\1AVCapture
[2011/06/28 21:26:22 | 000,000,000 | ---D | C] -- C:\Taz Wanted
[2011/06/28 20:21:35 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/06/28 20:21:35 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/06/28 20:21:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/06/28 20:21:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/06/28 20:21:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/06/28 20:21:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/06/26 12:14:31 | 000,000,000 | ---D | C] -- C:\Users\Phill\FrostWire
[2011/06/26 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\FrostWire
[2011/06/26 12:14:05 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/06/26 12:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\Phill\Documents\StarCraft II
[2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/06/22 10:50:19 | 000,000,000 | -H-D | C] -- C:\Windows\System32\explorer
[2011/06/21 14:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/21 04:29:05 | 000,000,000 | ---D | C] -- C:\Users\Phill\Desktop\Starcraft_II_Wings_Of_Liberty_Proper-Razor1911
[2011/06/20 23:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2011/06/20 23:26:51 | 000,000,000 | ---D | C] -- C:\StarCraft
[2011/06/20 22:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft Shareware(ED)
[2011/06/20 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Starcraft Shareware(ED)
[2011/06/20 22:29:33 | 000,068,608 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScEdUnin.exe
[2011/06/20 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft Shareware(ED)
[2011/06/19 12:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/19 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/11 19:01:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2010/04/14 20:56:04 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe
[2010/04/14 20:56:02 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe
[2010/04/14 20:56:00 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe
[2010/04/13 20:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2009/12/09 20:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2009/12/09 20:43:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2009/12/09 20:41:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2009/12/09 20:40:12 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2009/12/09 20:37:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxebhcp.dll
[2009/12/09 20:36:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2009/12/09 20:35:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2009/12/09 20:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2009/12/09 20:35:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/18 13:40:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Phill\Desktop\OTL.exe
[2011/07/18 13:32:05 | 000,000,512 | ---- | M] () -- C:\Users\Phill\Desktop\MBR.dat
[2011/07/18 13:31:32 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/18 13:31:32 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/18 13:24:29 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/07/18 13:24:11 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/07/18 13:24:11 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\ITAX.job
[2011/07/18 13:24:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/07/18 13:24:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/07/18 13:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/18 13:23:53 | 703,107,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/18 13:19:59 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\Phill\Desktop\aswMBR.exe
[2011/07/18 13:17:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992413630-1469070986-2887152357-1001UA.job
[2011/07/18 13:10:42 | 000,459,264 | ---- | M] () -- C:\Users\Phill\Desktop\CKScanner.exe
[2011/07/18 12:00:04 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/07/18 01:17:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992413630-1469070986-2887152357-1001Core.job
[2011/07/17 17:00:00 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/07/17 11:16:26 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\67329092.sys
[2011/07/17 05:02:56 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/07/17 05:02:56 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/07/17 03:29:14 | 013,405,541 | ---- | M] () -- C:\Users\Phill\AppData\Roaming\SMRBackup200.dat
[2011/07/17 03:08:59 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/17 03:07:34 | 000,652,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/17 03:07:34 | 000,113,900 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/17 02:39:18 | 000,001,568 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/16 20:00:36 | 000,000,084 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/16 17:19:30 | 000,007,613 | ---- | M] () -- C:\Users\Phill\AppData\Local\resmon.resmoncfg
[2011/07/15 18:37:37 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/15 18:37:37 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/15 03:19:43 | 000,064,000 | RHS- | M] () -- C:\Windows\System32\dhcpsapi4.dll
[2011/07/13 18:23:01 | 001,747,101 | ---- | M] () -- C:\Users\Phill\Desktop\Sonic 2 Music Emerald Hill Zone 2-player.mp3
[2011/07/13 18:22:06 | 003,145,303 | ---- | M] () -- C:\Users\Phill\Desktop\Nte The Great - Emerald Hill Zone 2-Player Version Nte The Great Remix.mp3
[2011/07/13 00:12:14 | 000,259,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 22:45:09 | 004,023,725 | ---- | M] () -- C:\Users\Phill\Desktop\Pokemon Orchestral Arrangement National Park.mp3
[2011/07/12 21:34:16 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/12 21:34:16 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/12 21:33:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 21:33:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 21:33:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 21:33:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 21:33:43 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 21:33:43 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 21:33:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 21:33:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 21:33:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 21:32:47 | 002,334,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/11 15:11:00 | 000,134,308 | ---- | M] () -- C:\Users\Phill\Documents\fim.Mosko.Mobi.CAB
[2011/07/02 13:03:20 | 000,001,092 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
[2011/06/26 12:14:05 | 000,001,201 | ---- | M] () -- C:\Users\Phill\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/26 12:14:05 | 000,001,177 | ---- | M] () -- C:\Users\Phill\Desktop\FrostWire 4.21.8.lnk
[2011/06/26 10:49:58 | 000,073,728 | ---- | M] (PCWinSoft Systems Ltd) -- C:\Windows\System32\TOverlay.ax
[2011/06/25 22:09:34 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/22 23:02:39 | 000,001,509 | ---- | M] () -- C:\Users\Phill\Desktop\StarCraft II.lnk
[2011/06/20 23:38:03 | 000,000,945 | ---- | M] () -- C:\Users\Phill\Desktop\StarCraft.lnk
[2011/06/20 22:29:37 | 000,007,306 | ---- | M] () -- C:\Windows\scedunin.dat
[2011/06/20 22:29:34 | 000,000,967 | ---- | M] () -- C:\Windows\ScEdUnin.pif
[2011/06/20 22:29:33 | 000,068,608 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScEdUnin.exe
[2011/06/19 19:32:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/07/18 13:32:05 | 000,000,512 | ---- | C] () -- C:\Users\Phill\Desktop\MBR.dat
[2011/07/18 13:10:36 | 000,459,264 | ---- | C] () -- C:\Users\Phill\Desktop\CKScanner.exe
[2011/07/17 03:28:31 | 013,405,541 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\SMRBackup200.dat
[2011/07/17 03:07:23 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/17 02:38:40 | 000,001,568 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/16 09:43:46 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/07/15 17:54:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/15 17:54:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/15 03:19:43 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\ITAX.job
[2011/07/15 03:19:41 | 000,064,000 | RHS- | C] () -- C:\Windows\System32\dhcpsapi4.dll
[2011/07/13 18:22:54 | 001,747,101 | ---- | C] () -- C:\Users\Phill\Desktop\Sonic 2 Music Emerald Hill Zone 2-player.mp3
[2011/07/13 18:21:58 | 003,145,303 | ---- | C] () -- C:\Users\Phill\Desktop\Nte The Great - Emerald Hill Zone 2-Player Version Nte The Great Remix.mp3
[2011/07/12 22:44:59 | 004,023,725 | ---- | C] () -- C:\Users\Phill\Desktop\Pokemon Orchestral Arrangement National Park.mp3
[2011/07/11 15:10:59 | 000,134,308 | ---- | C] () -- C:\Users\Phill\Documents\fim.Mosko.Mobi.CAB
[2011/07/02 13:03:20 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk
[2011/06/29 14:35:10 | 000,008,587 | ---- | C] () -- C:\Windows\System32\msaudio.cat
[2011/06/29 14:35:09 | 000,040,960 | ---- | C] () -- C:\Windows\System32\wavdest.ax
[2011/06/29 14:35:09 | 000,008,608 | ---- | C] () -- C:\Windows\System32\mpeg4ax.cat
[2011/06/26 12:14:05 | 000,001,201 | ---- | C] () -- C:\Users\Phill\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/06/26 12:14:05 | 000,001,177 | ---- | C] () -- C:\Users\Phill\Desktop\FrostWire 4.21.8.lnk
[2011/06/22 23:02:39 | 000,001,509 | ---- | C] () -- C:\Users\Phill\Desktop\StarCraft II.lnk
[2011/06/20 23:36:22 | 000,000,945 | ---- | C] () -- C:\Users\Phill\Desktop\StarCraft.lnk
[2011/06/20 22:29:37 | 000,007,306 | ---- | C] () -- C:\Windows\scedunin.dat
[2011/06/20 22:29:33 | 000,000,967 | ---- | C] () -- C:\Windows\ScEdUnin.pif
[2011/06/10 12:33:00 | 000,000,000 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\FileOut.cns
[2011/06/10 12:33:00 | 000,000,000 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\FileIn.cns
[2011/05/21 20:35:59 | 000,162,082 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe
[2011/04/15 23:25:33 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/15 23:25:33 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/12 00:17:40 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini
[2011/03/11 19:01:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2011/02/22 21:25:40 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2011/02/15 07:46:02 | 014,135,296 | ---- | C] () -- C:\Windows\System32\common_res.dll
[2011/01/09 11:46:21 | 000,002,552 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2011/01/09 11:46:02 | 000,000,888 | ---- | C] () -- C:\Windows\INSPACE.INI
[2011/01/08 12:24:38 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/08 11:18:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/07 17:59:56 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2011/01/04 03:55:42 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/01/04 03:55:31 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/01/02 08:26:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/29 08:21:26 | 000,001,355 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/12/28 17:13:24 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/12/28 17:12:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/12/28 15:33:55 | 000,007,613 | ---- | C] () -- C:\Users\Phill\AppData\Local\resmon.resmoncfg
[2010/02/11 00:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/11/09 09:06:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2009/11/09 09:06:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2009/11/09 09:06:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2009/11/09 09:06:24 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2009/11/09 09:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2009/11/09 09:06:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2009/11/09 09:06:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2009/11/09 09:05:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2009/11/09 08:59:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2009/10/21 11:06:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2009/10/21 11:06:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,259,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,652,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,113,900 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/20 09:48:44 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lxebsmr.dll
[2009/02/20 09:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxebsm.dll
[2008/12/01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/05 03:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
 
========== LOP Check ==========
 
[2011/03/27 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\.visualvm
[2011/03/18 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\Aura4You
[2011/07/15 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\AVG10
[2011/01/01 08:25:15 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\enchant
[2011/07/17 20:10:41 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\FrostWire
[2011/07/15 06:27:50 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\IObit
[2011/05/30 00:42:41 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\Laconic Software
[2011/06/16 23:10:12 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\PCDr
[2011/07/08 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\Software Informer
[2011/07/16 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\uTorrent
[2011/07/18 13:24:11 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\ITAX.job
[2011/06/25 22:09:34 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/28 16:08:23 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/18 12:00:04 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2011/07/18 13:24:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F
< End of report >
 
OTL Extras logfile created on: 7/18/2011 1:46:15 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Phill\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.05 Mb Total Physical Memory | 226.96 Mb Available Physical Memory | 25.39% Memory free
1.87 Gb Paging File | 1.09 Gb Available in Paging File | 58.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.72 Gb Total Space | 5.45 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive D: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.66 Gb Total Space | 0.19 Gb Free Space | 5.23% Space Free | Partition Type: FAT32
Drive G: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 5.67 Gb Total Space | 0.23 Gb Free Space | 4.11% Space Free | Partition Type: FAT32
 
Computer Name: PHILL-PC | User Name: Phill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{2866B2D9-B57E-4829-A554-47DF68868F15}" = Fiesta
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3B321407-8558-4C72-86F6-C1E72AC9F8BA}" = Continuum
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = AMD VISION Engine Control Center
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{658DE1DF-D156-DD5A-800E-20C693806F65}" = Catalyst Control Center InstallProxy
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{71790311-0C42-B5BC-AF01-97BFFEF2A30B}" = ATI Catalyst Install Manager
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8EB278E8-7FDA-4ED9-A429-C87A76F95087}_is1" = 1AVCapture version 1.9.0.01
"{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC CIF Camer@
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E15E74CC-E9D1-9042-4481-BE3B573620BA}" = AMD Fuel
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Support Center" = Dell Support Center
"DMX5_is1" = DriverMax 5
"DP Animation Maker" = DP Animation Maker
"Fantastic Flame Screensaver" = Fantastic Flame Screensaver
"FormatFactory" = FormatFactory 2.60
"FrostWire" = FrostWire 4.21.8
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NoLimits Coasters full" = NoLimits Coasters 1.7 (remove only)
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"RumbleFighter" = Rumble Fighter
"Smart Defrag 2_is1" = Smart Defrag 2
"Software Informer_is1" = Software Informer 1.1
"StarCraft II" = StarCraft II
"Starcraft Shareware(ED)" = Starcraft Shareware(ED)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TinyWord2" = TinyWord 2.9.0
"Train Simulator 1.0" = Microsoft Train Simulator
"uTorrent" = µTorrent
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows Mobile Device Handbook" = HTC Touch Pro2 User Guide
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7192
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
7/18/2011 3:07:13 PM
mbam-log-2011-07-18 (15-06-57).txt
Scan type: Full scan (C:\|)
Objects scanned: 302799
Time elapsed: 1 hour(s), 10 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
My System SpecsSystem Spec
18 Jul 2011   #7

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

CKScanner log is fine
aswMBR log is fine

Delete the entry malwarebytes found. Reboot and scan again and upload a fresh malwarebytes log.

I'll go through your OTL log tomorrow, it's going to take a while and I'm very tired!

Tom
My System SpecsSystem Spec
18 Jul 2011   #8

MS Windows 7 Home Premium 32-bit SP1
 
 

ok, malwarebytes is scanning now. ill post the log afterwards. When thats done, ill try the microsoft standalone system sweeper
My System SpecsSystem Spec
18 Jul 2011   #9

MS Windows 7 Home Premium 32-bit SP1
 
 
Reports that theres no infection now, but both problems still occur.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7192
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
7/18/2011 6:19:34 PM
mbam-log-2011-07-18 (18-19-33).txt
Scan type: Full scan (C:\|)
Objects scanned: 303036
Time elapsed: 1 hour(s), 31 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
My System SpecsSystem Spec
18 Jul 2011   #10

MS Windows 7 Home Premium 32-bit SP1
 
 

trying the sweeper now
My System SpecsSystem Spec
Reply

 Security Center disables automatically/Redirected on search engines




Thread Tools



Similar help and support threads for2: Security Center disables automatically/Redirected on search engines
Thread Forum
Search Engines Should Become Government Spies, Says EU Parliament News
MS Security Center search results poisoned Security News
Firefox Search engines - icon with no text Browsers & Mail
Search Engines Browsers & Mail
Windows 7: two search engines! General Discussion
Adding Scroogle To Opera's Search Engines Browsers & Mail
Windows areo automatically disables itself Customization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:14 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33