Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search engine redirects and Windows Security Center Service

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search engine redirects and Windows Security Center Service

Unread postby Zetsubera » June 16th, 2011, 4:06 am

I'm always redirected to another, unrelated site whenever I attempt to click on a result from any search engine. I have attempted to use MalwareBytes, Spybot, Adaware to no avail. I've attempted Combofix, but had to stop it when it was deleting strange files like my Steam.exe. When I click on a search result, I can make out that it goes to something called "thewebtimes.net" or "goingonearth.com" before I'm sent to another site or my no script directs me back to my search engine.

Also, whenever I attempt to start up my Windows Security Center Service, I get an error message reading "The Windows Security Center Service cannot be started."

I also have a Hijackthis log. Thanks for the help.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kevin at 3:31:30 on 2011-06-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5809 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [EPSON3A51C4 (Epson Stylus NX420)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S50C7.tmp" /EF "HKCU"
uRun: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S5DF1.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{8F47CAD1-7B91-4F96-BC54-17BC47C618E6} : DhcpNameServer = 192.168.1.1 71.242.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k32841yo.default\
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-7-1 14136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-5-25 2151128]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-2 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-10 17152]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-6-10 917768]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-02 03:52:34 -------- d-----w- C:\Windows\Panther
2011-07-02 03:34:20 -------- d-----w- C:\Windows.old
2011-07-02 02:56:55 -------- d-sh--w- C:\found.000
2011-07-02 00:13:31 414632 ------w- C:\Windows\difxapi.dll
2011-07-02 00:13:31 -------- d-----w- C:\Program Files (x86)\VIA
2011-07-02 00:12:26 704000 ----a-w- C:\Windows\System32\cohelper.dll
2011-07-02 00:12:26 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-07-02 00:12:00 -------- d-sh--w- C:\Windows\Installer
2011-07-02 00:11:10 645736 ----a-w- C:\Windows\System32\NVUNINST.EXE
2011-07-02 00:10:26 14136 ----a-r- C:\Windows\SysWow64\drivers\BIOS64.sys
2011-06-16 04:58:15 388096 ----a-r- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-16 04:58:15 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-15 06:54:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-15 06:54:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-15 06:35:10 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2011-06-15 06:34:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-15 05:58:43 208896 ----a-w- C:\Windows\MBR.exe
2011-06-15 05:58:42 98816 ----a-w- C:\Windows\sed.exe
2011-06-15 05:58:42 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-15 05:58:42 256512 ----a-w- C:\Windows\PEV.exe
2011-06-15 05:58:31 -------- d-s---w- C:\ComboFix
2011-06-15 05:52:41 -------- d-----w- C:\Users\Kevin\AppData\Roaming\RegistryCleanerFree
2011-06-15 05:52:41 -------- d-----w- C:\ProgramData\RegistryCleanerFree
2011-06-12 08:38:41 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-06-11 06:52:14 42576 ----a-w- C:\Windows\System32\drivers\tmpreflt.sys
2011-06-11 06:52:14 309840 ----a-w- C:\Windows\System32\drivers\tmxpflt.sys
2011-06-11 06:52:14 1988176 ----a-w- C:\Windows\System32\drivers\vsapint.sys
2011-06-11 04:06:34 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-06-11 02:34:25 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-06-11 02:31:09 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-06-11 02:31:05 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-06-11 00:26:02 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2011-06-11 00:17:18 -------- d-----w- C:\ProgramData\Trend Micro
2011-06-11 00:15:35 -------- d-----w- C:\Program Files\Trend Micro
2011-06-10 23:40:29 166400 --sha-r- C:\Windows\SysWow64\wow32F.dll
2011-06-10 18:58:56 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{25E3767F-E8BA-4C37-8507-0124C1EB884F}\mpengine.dll
2011-06-10 07:48:41 -------- d-----w- C:\ProgramData\IObit
2011-06-10 07:48:40 -------- d-----w- C:\Program Files (x86)\IObit
2011-06-10 07:18:41 -------- d-----w- C:\Users\Kevin\AppData\Local\My Games
2011-06-09 19:10:24 -------- d-----w- C:\Program Files\Games
2011-06-09 09:04:45 -------- d-----w- C:\Users\Kevin\AppData\Roaming\ScummVM
2011-06-09 09:04:39 -------- d-----w- C:\Program Files (x86)\ScummVM
2011-06-09 04:24:02 -------- d-----w- C:\Users\Kevin\AppData\Local\PunkBuster
2011-06-09 02:53:56 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-06-09 02:53:55 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-06-09 02:41:55 -------- d-----w- C:\Program Files (x86)\Activision
2011-06-03 08:54:05 -------- d-----w- C:\Windows\System32\appmgmt
2011-06-03 04:43:04 -------- d-----w- C:\Program Files\Common Files\EPSON
2011-06-03 04:42:26 118784 ----a-w- C:\Windows\System32\E_ILMGCA.DLL
2011-06-03 04:42:25 88064 ----a-w- C:\Windows\System32\E_IBCBGCA.DLL
2011-06-03 04:42:21 -------- d-----w- C:\ProgramData\EPSON
2011-06-03 04:42:02 -------- d-----w- C:\Program Files (x86)\Epson Software
2011-06-03 04:41:27 464384 ----a-w- C:\Windows\System32\esxw2ud.dll
2011-06-03 04:41:27 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2011-06-03 04:41:27 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2011-06-03 04:41:26 -------- d-----w- C:\Program Files (x86)\epson
2011-06-03 04:03:31 -------- d-----w- C:\Program Files\Ventrilo
2011-06-03 04:03:00 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-06-03 03:56:06 -------- d-----w- C:\Program Files (x86)\StarCraft II
2011-06-02 20:44:58 -------- d-----w- C:\Users\Kevin\AppData\Local\Adobe
2011-06-02 08:43:30 -------- d-----w- C:\Users\Kevin\AppData\Roaming\NVIDIA
2011-06-02 08:32:11 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-06-02 08:32:04 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-06-02 08:30:06 -------- d-----w- C:\NVIDIA
2011-06-02 08:03:45 -------- d-----w- C:\Users\Kevin\AppData\Local\4A Games
2011-06-02 04:29:16 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-06-02 04:29:16 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-06-02 04:29:16 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-06-02 04:29:16 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-06-02 04:29:16 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-06-02 03:23:48 -------- d-----w- C:\ProgramData\Skype Extras
2011-06-02 03:22:40 -------- d-----r- C:\Program Files (x86)\Skype
2011-06-02 03:12:29 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-06-02 03:12:29 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-06-02 02:33:39 -------- d-----w- C:\ProgramData\SplitMediaLabs
2011-06-02 02:19:48 855 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin
2011-06-02 02:19:48 855 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin
2011-06-02 01:45:31 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-06-02 01:19:09 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-02 01:18:55 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-02 01:18:44 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-02 01:18:41 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-02 01:08:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 01:07:51 -------- d-----w- C:\Program Files (x86)\Steam
2011-06-02 01:07:51 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 3:32:43.35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/1/2011 8:08:44 PM
System Uptime: 6/16/2011 1:11:27 AM (2 hours ago)
.
Motherboard: BIOSTAR Group | | N68S3B
Processor: AMD Phenom(tm) II X4 810 Processor | CPU 1 | 1898/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 815.622 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.0.1)
Alien Swarm
Amnesia: The Dark Descent
BitTorrent
Call of Duty(R) 4 - Modern Warfare(TM)
Counter-Strike: Source
Day of Defeat: Source
Epson Event Manager
EPSON Scan
Game Booster
HiJackThis
Killing Floor
Metro 2033
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 4.0.1 (x86 en-US)
MSI Afterburner 1.5.0
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Out Of Order
PDF Settings CS5
Penumbra: Overture
Penumbra: Requiem
Platform
Red Faction: Guerrilla
S.T.A.L.K.E.R.: Shadow of Chernobyl
ScummVM Git
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization IV: Colonization
Sid Meier's Civilization IV: Warlords
Skype Toolbars
Skype™ 5.3
Spybot - Search & Destroy
Star Wars: Knights of the Old Republic
StarCraft II
Steam
Team Fortress 2
Thief: Deadly Shadows
Titan Quest
Titan Quest: Immortal Throne
VIA Platform Device Manager
XSplit
.
==== Event Viewer Messages From Past Week ========
.
7/1/2011 11:02:42 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
6/15/2011 2:13:14 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/15/2011 2:13:02 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/15/2011 10:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am
Advertisement
Register to Remove

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 21st, 2011, 10:55 am

Zetsubera,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program BitTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Ad-Aware
BitTorrent
Spybot - Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    wscsvc
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 21st, 2011, 4:03 pm

I've successfully uninstalled Spybot, Ad-Aware, and BitTorrent.

Systemlook file:


SystemLook 04.09.10 by jpshortstuff
Log created at 16:01 on 21/06/2011 by Kevin
Administrator - Elevation successful

========== regfind ==========

Searching for "wscsvc"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNetworkRestricted"="DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNetworkRestricted"="AudioSrv BthHFSrv LmHosts wscsvc WPCSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Enum]
"0"="Root\LEGACY_WSCSVC\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Parameters]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc\Enum]
"0"="Root\LEGACY_WSCSVC\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc\Parameters]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum]
"0"="Root\LEGACY_WSCSVC\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\38\52C64B7E]
"@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"
[HKEY_USERS\S-1-5-21-2174007007-1400663677-772615396-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\38\52C64B7E]
"@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"

-= EOF =-
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 23rd, 2011, 7:49 am

Zetsubera,
Sorry for the delay.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 24th, 2011, 6:37 pm

It's understandable, thanks again. The scan lies about the % completed, I was on 99% for around an hour XD. But, it eventually finished. Got a few threats, too.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=52825aa52b34d5439241b23d65f4bded
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-24 10:08:15
# local_time=2011-06-24 06:08:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 267868 267868 0 0
# compatibility_mode=5893 16776574 100 94 286991 60484377 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=325192
# found=5
# cleaned=0
# scan_time=12368
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\1\F9\05E92d01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\3\1E\C93F4d01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\4\DE\0E661d01 JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\D\CA\BAEC0d01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kevin\Downloads\RegistryCleanerFree-2.2.7.8.Setup.exe a variant of Win32/Adware.RealRegistryCleaner application (unable to clean) 00000000000000000000000000000000 I



Thanks again.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 24th, 2011, 8:42 pm

Zetsubera,
Let's remove the items found:
------------------------------------------------------------
Please download OTM and save to your Desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista or Win7, right-click on the file and choose Run As Administrator).
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:processes
explorer.exe

:files
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\1\F9\05E92d01
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\3\1E\C93F4d01
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\4\DE\0E661d01
C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\D\CA\BAEC0d01
C:\Users\Kevin\Downloads\RegistryCleanerFree-2.2.7.8.Setup.exe

:commands
[purity]
[start explorer]
[emptytemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot. Please copy and paste the contents in your reply.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 24th, 2011, 10:23 pm

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\1\F9\05E92d01 not found.
File/Folder C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\3\1E\C93F4d01 not found.
File/Folder C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\4\DE\0E661d01 not found.
File/Folder C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\k32841yo.default\Cache\D\CA\BAEC0d01 not found.
File/Folder C:\Users\Kevin\Downloads\RegistryCleanerFree-2.2.7.8.Setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kevin
->Temp folder emptied: 34889 bytes
->Temporary Internet Files folder emptied: 1333417 bytes
->FireFox cache emptied: 753584133 bytes
->Flash cache emptied: 30557 bytes

User: Mcx1-KEVIN-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 100808 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19435827 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 739.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06242011_215642

Files moved on Reboot...
C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




It doesn't look like it found the files, but I checked for the registry cleaner file in the Downloads folder, and that's gone. So, maybe it did actually find them??
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 25th, 2011, 7:06 am

Zetsubera,
OTM found the files and appears to have removed them.
------------------------------------------------
Game Booster changes some system settings and shuts off some services in its attempt to improve gaming performance.
It is most likely responsible for some of the behavior you are seeing.
Game Booster is published by a company with a very questionable history.

Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Game Booster

Take extra care in answering questions posed by any Uninstaller.
I have no idea whether the program will automatically return any of your settings to normal.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 25th, 2011, 3:26 pm

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6949

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/25/2011 3:24:29 PM
mbam-log-2011-06-25 (15-24-29).txt

Scan type: Quick scan
Objects scanned: 184238
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 25th, 2011, 4:21 pm

Zetsubera,
That's certainly a good result as far as detectable infections are concerned.
------------------------------------------------------------
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista or Win7, right-click on the file and choose Run As Administrator).
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:processes
explorer.exe

:files
C:\Program Files (x86)\BitTorrent
C:\Program Files (x86)\IObit
C:\ProgramData\IObit

:commands
[start explorer]
[emptytemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot. Please copy and paste the contents in your reply.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.

As I mentioned, any other misbehavior is likely related to settings made by Game Booster.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 25th, 2011, 10:50 pm

Oh yeah, I completely forgot to mention that I've successfully uninstalled Gamebooster in my last post.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Program Files (x86)\BitTorrent not found.
C:\Program Files (x86)\IObit\Game Booster\Update folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Downloadpath folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\ProgramData\IObit\Game Booster\Essentials folder moved successfully.
C:\ProgramData\IObit\Game Booster\BackLnk folder moved successfully.
C:\ProgramData\IObit\Game Booster folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kevin
->Temp folder emptied: 136300 bytes
->Temporary Internet Files folder emptied: 1500086 bytes
->FireFox cache emptied: 82544452 bytes
->Flash cache emptied: 1512 bytes

User: Mcx1-KEVIN-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06252011_224111

Files moved on Reboot...
C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


After the reboot, I tried a google search of "wikipedia". Clicked a result, first time got through, did it again and got the "goingonearth" address then my Noscript sent me to Google. And my Windows toolbar still notifies me of my Windows Security Center still being off and I'm still unable to switch it back on. :(
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 26th, 2011, 6:38 am

Zetsubera,
--------------------------------------------
Open Notepad, paste the following code box contents into the text.
Code: Select all
sc start wscsvc
sc config wscsvc start= automatic


Use Notepad's File, Save As to save it to your desktop as File type All Files (not as text file or it won't work), and file name FixSvc.bat
Exit Notepad.
Right click FixSvc.bat and choose "Run as administrator"
A Command window will flash on and off.
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
Click GO and post the result (Result.txt).
---------------------------------------------
Delete OTM.exe from your desktop. You won't need it again.
Run a Scan with OTL
  • Download OTL to your desktop.
  • You can also download OTL from HERE
  • Right click the the icon to run it and choose "Run as administrator".. Make sure all other windows are closed to let it run uninterrupted.
  • Click Scan All Users.
  • Also click Include 64-bit Scans since your Windows is 64-bit.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
The Extras.txt file will only show up the very first time you run OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 26th, 2011, 9:28 pm

The OTL report, alone, ends up being 8,000 characters more than the limit, should I instead submit it as an attachment?
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 27th, 2011, 7:32 am

Either that, or copy half of it at a time, and split it into two separate posts.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 27th, 2011, 3:24 pm

OTL logfile created on: 6/26/2011 3:34:22 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kevin\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.32% Memory free
16.00 Gb Paging File | 14.67 Gb Available in Paging File | 91.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.22 Gb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 15:26:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
PRC - [2011/06/09 00:24:10 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 15:26:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/10 04:09:46 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/09/24 17:53:24 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/09/24 17:53:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/24 21:55:04 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/09 00:24:10 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/30 13:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 13:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 13:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/09/24 17:54:10 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/01 12:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/17 22:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/06/17 22:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 EA F2 21 91 31 CC 01 [binary data]
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2174007007-1400663677-772615396-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 23:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/11/12 00:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2011/06/26 15:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k32841yo.default\extensions
[2011/06/26 15:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k32841yo.default\extensions\staged
[2011/06/01 23:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/01 23:22:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/22 23:00:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K32841YO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K32841YO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/22 23:00:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/12 04:18:14 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2174007007-1400663677-772615396-1001..\Run: [EPSON NX420 Series] File not found
O4 - HKU\S-1-5-21-2174007007-1400663677-772615396-1001..\Run: [EPSON3A51C4 (Epson Stylus NX420)] File not found
O4 - HKU\S-1-5-21-2174007007-1400663677-772615396-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2174007007-1400663677-772615396-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2174007007-1400663677-772615396-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2174007007-1400663677-772615396-1004..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 23:52:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/07/01 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/07/01 23:32:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/01 23:02:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/07/01 22:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/07/01 22:56:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/07/01 20:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/01 20:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/07/01 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/07/01 20:14:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/07/01 20:13:31 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2011/07/01 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2011/07/01 20:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/07/01 20:12:26 | 000,704,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll
[2011/07/01 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/07/01 20:12:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/01 20:11:10 | 000,645,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2011/07/01 20:10:26 | 000,014,136 | R--- | C] (BIOSTAR Group) -- C:\Windows\SysWow64\drivers\BIOS64.sys
[2011/07/01 20:09:10 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/01 20:09:10 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Searches
[2011/07/01 20:09:10 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/01 20:09:10 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/01 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Identities
[2011/07/01 20:09:00 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Contacts
[2011/07/01 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore
[2011/07/01 20:08:52 | 000,000,000 | --SD | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Videos
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Saved Games
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Pictures
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Music
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Links
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Favorites
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Downloads
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\My Documents
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Temporary Internet Files
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Templates
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Start Menu
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\SendTo
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Recent
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\PrintHood
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\NetHood
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Videos
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Pictures
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Music
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\My Documents
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Local Settings
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\History
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Cookies
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Application Data
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Application Data
[2011/07/01 20:08:52 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\AppData
[2011/07/01 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Temp
[2011/07/01 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft
[2011/07/01 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2011/07/01 20:08:42 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/06/26 15:26:31 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/06/25 15:15:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/25 15:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 15:15:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/25 15:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/24 21:45:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/24 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/17 18:23:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/16 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2011/06/16 23:05:30 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/06/16 23:05:30 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/06/16 23:05:29 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/06/16 23:03:16 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/06/16 23:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/06/16 22:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueOfLegends
[2011/06/16 04:44:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\FCEUX
[2011/06/16 03:30:22 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\dds.scr
[2011/06/16 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/16 00:58:15 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/15 02:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/15 02:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/15 02:35:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2011/06/15 02:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/15 02:32:28 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kevin\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/15 02:23:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/15 02:23:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/15 02:23:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/15 02:23:15 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/15 02:23:15 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/15 02:23:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/15 02:23:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/15 02:23:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/15 01:58:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/15 01:58:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/15 01:58:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/15 01:58:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/15 01:58:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/15 01:57:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/15 01:52:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\RegistryCleanerFree
[2011/06/15 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RegistryCleanerFree
[2011/06/14 22:40:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/06/14 22:40:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/06/14 22:40:14 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/12 05:12:13 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Documents\Scanned Documents
[2011/06/12 05:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Fax
[2011/06/12 04:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/06/12 04:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/12 04:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/12 04:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/06/11 22:24:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\SavestateChallenge
[2011/06/11 04:05:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/11 04:05:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/11 04:05:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/11 04:05:43 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/11 04:05:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/11 04:05:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/11 04:05:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/11 04:05:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/11 04:05:43 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/11 04:05:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/11 04:05:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/11 04:05:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/11 04:05:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/11 04:05:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/11 04:05:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/11 04:05:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/11 04:05:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/11 04:05:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/11 04:05:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/11 04:05:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/11 04:05:42 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/11 04:05:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/11 04:05:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/11 04:05:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/11 04:05:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/11 04:05:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/11 04:05:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/11 04:05:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/11 04:05:40 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/11 04:05:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/11 04:05:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/11 04:05:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/11 04:05:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/11 04:05:40 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/11 04:05:38 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/11 04:05:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/11 04:05:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/11 04:05:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/11 04:05:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/11 04:05:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/11 04:05:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/11 04:05:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/11 04:05:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/11 04:05:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/11 04:05:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/11 04:05:36 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/11 04:05:36 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/11 04:05:36 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/11 04:05:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/11 04:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/11 04:05:36 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/11 04:05:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/11 04:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/11 04:05:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/11 04:05:35 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/11 04:05:35 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/11 04:05:35 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/11 04:05:35 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/11 04:05:35 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/11 04:05:35 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/11 04:05:35 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/11 04:05:35 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/11 04:05:35 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/11 04:05:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/11 04:05:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/11 04:05:35 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/11 04:05:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/11 04:05:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/11 04:05:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/11 04:05:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/11 02:52:14 | 001,988,176 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\vsapint.sys
[2011/06/11 02:52:14 | 000,309,840 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2011/06/11 02:52:14 | 000,042,576 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2011/06/10 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\DummyFolder
[2011/06/10 22:34:25 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/10 22:31:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/06/10 22:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/06/10 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/06/10 20:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/06/10 20:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011/06/10 20:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro AntiVirus plus AntiSpyware
[2011/06/10 20:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/06/10 20:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/10 03:18:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\My Games
[2011/06/09 15:14:09 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Trilby's notes
[2011/06/09 15:13:42 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\TheMarionette
[2011/06/09 15:11:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Out Of Order
[2011/06/09 15:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Out Of Order
[2011/06/09 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2011/06/09 05:04:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ScummVM
[2011/06/09 05:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2011/06/09 05:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScummVM
[2011/06/09 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\PunkBuster
[2011/06/08 22:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/06/08 22:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2011/06/08 18:41:15 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\AdobeUM
[2011/06/08 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\VirtuaNES
[2011/06/07 04:01:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\DS
[2011/06/05 22:31:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2011/06/05 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\ZSNES
[2011/06/04 04:14:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Games
[2011/06/03 19:31:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Activision
[2011/06/03 19:31:05 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/06/03 19:31:05 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/06/03 19:31:05 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/06/03 19:31:05 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/06/03 19:31:05 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/06/03 19:31:05 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/06/03 19:31:05 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/06/03 19:31:05 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/06/03 19:31:04 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/06/03 19:31:04 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/06/03 19:31:04 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/06/03 19:31:04 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/06/03 19:31:04 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/06/03 19:31:04 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/06/03 19:31:04 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/06/03 19:31:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/06/03 06:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Epson
[2011/06/03 04:54:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011/06/03 04:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/06/03 00:44:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2011/06/03 00:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/06/03 00:42:26 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGCA.DLL
[2011/06/03 00:42:25 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGCA.DLL
[2011/06/03 00:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/06/03 00:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011/06/03 00:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/06/03 00:41:27 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2011/06/03 00:41:27 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011/06/03 00:41:27 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2011/06/03 00:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/06/03 00:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/06/03 00:05:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Ventrilo
[2011/06/03 00:03:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/06/03 00:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/06/03 00:03:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/06/03 00:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/06/02 23:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/06/02 23:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2011/06/02 16:44:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Adobe
[2011/06/02 07:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/02 04:45:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\4A Games
[2011/06/02 04:43:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\NVIDIA
[2011/06/02 04:32:11 | 000,739,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/06/02 04:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/06/02 04:31:44 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/06/02 04:31:44 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/06/02 04:31:44 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/06/02 04:31:44 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/06/02 04:31:44 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/06/02 04:31:44 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/06/02 04:31:44 | 006,555,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/06/02 04:31:44 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/06/02 04:31:44 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/06/02 04:31:44 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/06/02 04:31:44 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/06/02 04:31:44 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/06/02 04:31:44 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011/06/02 04:31:44 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011/06/02 04:31:44 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/06/02 04:31:44 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/06/02 04:31:44 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011/06/02 04:30:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/06/02 04:17:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\wallpapers
[2011/06/02 04:03:45 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\4A Games
[2011/06/02 04:02:29 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/06/02 04:02:29 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/06/02 04:02:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/06/02 04:02:29 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/06/02 04:02:29 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/06/02 04:02:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/06/02 04:02:29 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/06/02 04:02:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/06/02 04:02:28 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/06/02 04:02:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/06/02 04:02:28 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/06/02 04:02:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/06/02 04:02:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/06/02 04:02:28 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/06/02 04:02:27 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/06/02 04:02:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/06/02 04:02:27 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/06/02 04:02:27 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/06/02 04:02:27 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/06/02 04:02:27 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/06/02 04:02:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/06/02 04:02:27 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/06/02 04:02:27 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/06/02 04:02:27 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/06/02 04:02:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/06/02 04:02:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/06/02 04:02:27 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/06/02 04:02:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/06/02 04:02:26 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/06/02 04:02:26 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/06/02 04:02:26 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/06/02 04:02:26 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/06/02 04:02:26 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/06/02 04:02:26 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/06/02 04:02:26 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/06/02 04:02:26 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/06/02 04:02:26 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/06/02 04:02:26 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/06/02 04:02:26 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/06/02 04:02:26 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/06/02 04:02:26 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/06/02 04:02:26 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/06/02 04:02:26 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/06/02 04:02:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/06/02 04:02:26 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/06/02 04:02:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/06/02 04:02:25 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/06/02 04:02:25 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/06/02 04:02:25 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/06/02 04:02:25 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/06/02 04:02:25 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/06/02 04:02:25 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/06/02 04:02:25 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/06/02 04:02:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/06/02 04:02:25 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/06/02 04:02:25 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/06/02 04:02:25 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/06/02 04:02:25 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/06/02 04:02:25 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/06/02 04:02:25 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/06/02 04:02:25 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/06/02 04:02:25 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/06/02 04:02:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/06/02 04:02:24 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/06/02 04:02:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/06/02 04:02:24 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/06/02 04:02:24 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/06/02 04:02:24 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/06/02 04:02:24 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/06/02 04:02:24 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/06/02 04:02:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/06/02 04:02:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/06/02 04:02:24 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/06/02 04:02:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/06/02 04:02:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/06/02 04:02:23 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/06/02 04:02:23 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/06/02 04:02:23 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/06/02 04:02:23 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/06/02 04:02:23 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/06/02 04:02:23 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/06/02 04:02:23 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/06/02 04:02:23 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/06/02 04:02:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/06/02 04:02:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/06/02 04:02:23 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/06/02 04:02:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/06/02 04:02:22 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/06/02 04:02:22 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/06/02 04:02:22 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/06/02 04:02:22 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/06/02 04:02:22 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/06/02 04:02:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/06/02 04:02:22 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/06/02 04:02:22 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/06/02 04:02:21 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/06/02 04:02:21 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/06/02 04:02:21 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/06/02 04:02:21 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/06/02 04:02:21 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/06/02 04:02:21 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/06/02 04:02:21 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/06/02 04:02:21 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/06/02 04:02:21 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/06/02 04:02:21 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/06/02 04:02:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/06/02 04:02:21 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/06/02 04:02:21 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/06/02 04:02:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/06/02 04:02:21 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/06/02 04:02:21 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/06/02 04:02:21 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/06/02 04:02:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/06/02 04:02:20 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/06/02 04:02:20 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/06/02 04:02:20 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/06/02 04:02:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/06/02 04:02:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/06/02 04:02:20 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/06/02 04:02:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/06/02 04:02:20 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/06/02 04:02:20 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/06/02 04:02:20 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/06/02 04:02:20 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/06/02 04:02:20 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/06/02 04:02:20 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/06/02 04:02:20 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/06/02 04:02:19 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/06/02 04:02:19 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/06/02 04:02:19 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/06/02 04:02:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/06/02 04:02:19 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/06/02 04:02:19 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/06/02 04:02:19 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/06/02 04:02:19 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/06/02 04:02:19 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/06/02 04:02:19 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/06/02 04:02:19 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/06/02 04:02:19 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/06/02 04:02:19 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/06/02 04:02:19 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/06/02 04:02:19 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/06/02 04:02:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/06/02 04:02:19 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/06/02 04:02:19 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/06/02 04:02:17 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/06/02 04:02:17 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/06/02 04:02:17 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/06/02 04:02:17 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/06/02 04:02:17 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/06/02 04:02:17 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/06/02 04:02:17 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/06/02 04:02:17 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/06/02 04:02:17 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/06/02 04:02:17 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/06/02 04:02:16 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/06/02 04:02:16 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/06/02 04:02:16 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/06/02 04:02:16 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/06/02 04:02:16 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/06/02 04:02:16 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/06/02 04:02:16 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/06/02 04:02:16 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/06/02 00:29:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Penumbra Overture
[2011/06/02 00:29:16 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/06/02 00:29:16 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/06/02 00:29:16 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/06/02 00:29:16 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/06/02 00:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/06/02 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\WinRAR
[2011/06/02 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/02 00:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/02 00:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/01 23:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\skypePM
[2011/06/01 23:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/06/01 23:23:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Skype
[2011/06/01 23:22:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/06/01 23:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/01 23:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/06/01 23:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/06/01 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\StarCraft II
[2011/06/01 23:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/01 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/01 22:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011/06/01 21:47:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Music
[2011/06/01 21:44:24 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/01 21:44:23 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/06/01 21:44:23 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/06/01 21:44:23 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/06/01 21:44:23 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/06/01 21:44:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/06/01 21:44:14 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/06/01 21:44:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/06/01 21:44:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/06/01 21:44:11 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/06/01 21:44:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/06/01 21:44:11 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/06/01 21:44:11 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/06/01 21:44:11 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/06/01 21:44:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/06/01 21:44:11 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/06/01 21:44:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/06/01 21:44:11 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/06/01 21:44:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/06/01 21:44:09 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/06/01 21:44:09 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/06/01 21:44:09 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/06/01 21:44:06 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/06/01 21:44:06 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/06/01 21:44:06 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/06/01 21:44:06 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/06/01 21:44:01 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/06/01 21:44:01 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/06/01 21:44:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/06/01 21:44:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/06/01 21:44:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/06/01 21:44:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/06/01 21:43:56 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/06/01 21:43:56 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/06/01 21:43:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/06/01 21:43:53 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/06/01 21:43:53 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/06/01 21:43:53 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/06/01 21:43:52 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/06/01 21:43:52 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/06/01 21:43:52 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/06/01 21:43:52 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/06/01 21:43:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/06/01 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2011/06/01 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2011/06/01 21:08:38 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/01 21:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/01 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/06/01 21:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/06/01 21:07:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware