Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search engine redirects and Windows Security Center Service

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 12th, 2011, 6:26 am

Ok, Zetsubera
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Windows\SysWow64\wow32F.dll
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 12th, 2011, 6:54 pm

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Windows\SysWow64\wow32F.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kevin
->Temp folder emptied: 16585452 bytes
->Temporary Internet Files folder emptied: 28558715 bytes
->FireFox cache emptied: 150309951 bytes
->Flash cache emptied: 6944 bytes

User: Mcx1-KEVIN-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 892806 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 669250604 bytes

Total Files Cleaned = 826.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.24.1 log created on 07122011_175257

Files\Folders moved on Reboot...
C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 12th, 2011, 7:31 pm

Let it run/surf for a while.
See if the redirects quit.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 13th, 2011, 11:10 pm

I think it might've done it! I've done an initial test of clicking a result around 50 times, and made quite a few searches and I haven't had a "goingonearth" incident yet! My Windows Security Center service won't activate, but at least I'm not having google troubles anymore. Thank you very much for sticking with me for so long.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 14th, 2011, 7:39 am

Z,
I don't know for sure if we can fix it, but if you are game for a couple more posts, we may be able to find out why the Windows Security Center service won't start.
It is undoubtedly due to some intentional damage caused by the malware.
It is fairly important because I don't think you can do any System Restore actions without it.
---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *wscsvc*
    
    :reg
    HKLM\System\CurrentControlSet\services\wscsvc  /s
    
    HKLM\System\CurrentControlSet\services\winmgmt  /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 14th, 2011, 4:23 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 16:17 on 14/07/2011 by Kevin
Administrator - Elevation successful

========== filefind ==========

Searching for "*wscsvc*"
C:\Windows\System32\wscsvc.dll --a---- 97280 bytes [23:48 13/07/2009] [01:41 14/07/2009] E8B1FE6669397D1772D8196DF0E57A9E
C:\Windows\System32\en-US\wscsvc.dll.mui --a---- 8704 bytes [07:06 21/11/2010] [07:06 21/11/2010] B8013EC8CBFC87BDF584265D98DC1001
C:\Windows\SysWOW64\en-US\wscsvc.dll.mui --a---- 8704 bytes [07:06 21/11/2010] [07:06 21/11/2010] F0A1FE51E846E5E76F75D7F40298C96D
C:\Windows\winsxs\amd64_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d469656a7d6eff9d\wscsvc.dll.mui --a---- 8704 bytes [07:06 21/11/2010] [07:06 21/11/2010] B8013EC8CBFC87BDF584265D98DC1001
C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll --a---- 97280 bytes [23:48 13/07/2009] [01:41 14/07/2009] E8B1FE6669397D1772D8196DF0E57A9E
C:\Windows\winsxs\x86_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_784ac9e6c5118e67\wscsvc.dll.mui --a---- 8704 bytes [07:06 21/11/2010] [07:06 21/11/2010] F0A1FE51E846E5E76F75D7F40298C96D
C:\Windows.old\Windows\System32\wscsvc.dll --a---- 97280 bytes [23:48 13/07/2009] [01:41 14/07/2009] E8B1FE6669397D1772D8196DF0E57A9E
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll --a---- 97280 bytes [23:48 13/07/2009] [01:41 14/07/2009] E8B1FE6669397D1772D8196DF0E57A9E

========== reg ==========

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
"Start"= 0x0000000004 (4)
"Type"= 0x0000000020 (32)
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DependOnService"="RpcSs winmgmt"
"ObjectName"="NT AUTHORITY\LocalService"
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeChangeNotifyPrivilege SeImpersonatePrivilege"
"DelayedAutoStart"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Enum]
"0"="Root\LEGACY_WSCSVC\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Security]
"Security"=01 00 14 80 c8 00 00 00 d4 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 98 00 06 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 9d 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 00 00 14 00 00 01 00 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 28 00 15 00 00 00 01 06 00 00 00 00 00 05 50 00 00 00 49 59 9d 77 91 56 e5 55 dc f4 e2 0e a7 8b eb ca 7b 42 13 56 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\winmgmt]
"DisplayName"="@%Systemroot%\system32\wbem\wmisvc.dll,-205"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="@%Systemroot%\system32\wbem\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"= 0x0000000000 (0)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="RPCSS"
"ServiceSidType"= 0x0000000001 (1)
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\winmgmt\Parameters]
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
"ServiceMain"="ServiceMain"


-= EOF =-
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 15th, 2011, 7:10 am

Conferring with my associates.
Be back.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 15th, 2011, 10:14 am

Zetsubera,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc]
    "Start"=dword:00000002
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 16th, 2011, 4:30 am

OTL logfile created on: 7/16/2011 3:54:56 AM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kevin\Desktop\Stuffs!!
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.57% Memory free
16.00 Gb Paging File | 14.02 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 742.25 Gb Free Space | 79.69% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 18:49:35 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/12 16:47:10 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/06/26 15:26:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\Stuffs!!\OTL.exe
PRC - [2011/06/22 23:00:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/09 00:24:10 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 15:26:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\Stuffs!!\OTL.exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2009/09/14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/12 16:47:10 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/09 00:24:10 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/08 06:35:38 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/08/08 06:35:38 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/08/08 06:35:38 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/08/08 06:35:38 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/01 12:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/17 22:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/17 22:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1F 59 BA 75 40 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/07/01 02:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/07/01 02:26:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 23:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/11/12 00:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2011/07/10 15:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k32841yo.default\extensions
[2011/06/01 23:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/01 16:28:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/07/01 02:13:19 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TITANIUM\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K32841YO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K32841YO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/22 23:00:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/12 04:18:14 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 03:43:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
[2011/07/12 05:57:53 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\GRETECH
[2011/07/12 05:57:53 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\GomPlayer
[2011/07/12 05:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/07/12 05:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2011/07/12 04:58:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\LogMeIn Hamachi
[2011/07/12 04:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/07/12 04:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/07/12 04:19:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Zsnes142
[2011/07/12 03:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zbattle.net
[2011/07/12 00:55:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Games for Windows - LIVE Demos
[2011/07/11 05:45:53 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\BIT.TRIP RUNNER
[2011/07/11 05:45:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/07/10 04:28:03 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Duke Nukem Forever Demo
[2011/07/10 04:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/07/10 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Downloaded Installations
[2011/07/06 18:21:01 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\tdsskiller.exe
[2011/07/05 19:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/07/05 07:16:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\kaneandlynch
[2011/07/04 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/07/04 23:30:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/07/04 23:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/07/04 15:51:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 23:52:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/07/01 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/07/01 23:32:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/01 23:02:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/07/01 22:59:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/07/01 22:56:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/07/01 20:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/01 20:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/07/01 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/07/01 20:14:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/07/01 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2011/07/01 20:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/07/01 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/07/01 20:12:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/01 20:10:26 | 000,014,136 | R--- | C] (BIOSTAR Group) -- C:\Windows\SysWow64\drivers\BIOS64.sys
[2011/07/01 20:09:10 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/01 20:09:10 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Searches
[2011/07/01 20:09:10 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/01 20:09:10 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/01 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Identities
[2011/07/01 20:09:00 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Contacts
[2011/07/01 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore
[2011/07/01 20:08:52 | 000,000,000 | --SD | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Videos
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Saved Games
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Pictures
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Music
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Links
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Favorites
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Downloads
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\My Documents
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop
[2011/07/01 20:08:52 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Temporary Internet Files
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Templates
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Start Menu
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\SendTo
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Recent
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\PrintHood
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\NetHood
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Videos
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Pictures
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Music
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\My Documents
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Local Settings
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\History
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Cookies
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Application Data
[2011/07/01 20:08:52 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Application Data
[2011/07/01 20:08:52 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\AppData
[2011/07/01 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Temp
[2011/07/01 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft
[2011/07/01 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2011/07/01 20:08:42 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/07/01 19:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/01 19:33:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/01 19:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/01 16:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/01 02:26:22 | 000,000,000 | ---D | C] -- C:\temp
[2011/07/01 02:21:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
[2011/07/01 02:16:03 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/07/01 02:15:59 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/07/01 02:15:59 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/07/01 02:15:59 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/07/01 02:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/30 05:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/06/30 05:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011/06/30 00:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Stuffs!!
[2011/06/29 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/06/28 18:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/28 18:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/25 15:15:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/24 21:45:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/24 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/17 18:23:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/16 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2011/06/16 23:03:16 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/06/16 23:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/06/16 22:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueOfLegends
[2011/06/16 04:44:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\FCEUX

========== Files - Modified Within 30 Days ==========

[2011/07/16 03:57:33 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/16 03:57:33 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/16 03:50:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/16 03:50:15 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 07:25:58 | 000,741,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/13 07:25:58 | 000,635,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/13 07:25:58 | 000,110,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/13 07:19:53 | 004,826,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 05:57:22 | 000,001,133 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/07/12 05:57:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2011/07/11 05:45:37 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/07/11 05:45:37 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/07/08 01:34:33 | 000,000,132 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/07 05:34:11 | 000,054,369 | ---- | M] () -- C:\Users\Kevin\Desktop\Untitled.wma
[2011/07/06 18:21:04 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\tdsskiller.exe
[2011/07/01 23:01:38 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/07/01 23:01:38 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/07/01 20:14:00 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011/07/01 19:33:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 16:28:39 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/01 02:26:21 | 000,001,441 | ---- | M] () -- C:\Users\Kevin\Desktop\Trend Micro Titanium Maximum Security.lnk
[2011/07/01 01:39:44 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/07/01 01:39:32 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/06/28 18:47:36 | 001,306,886 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/21 16:00:38 | 000,096,256 | ---- | M] () -- C:\Users\Kevin\Desktop\SystemLook_x64.exe
[2011/06/21 15:17:28 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 22:32:14 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/20 22:32:14 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/19 02:14:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/06/16 23:13:58 | 000,001,368 | ---- | M] () -- C:\Users\Kevin\Desktop\Ventrilo.lnk
[2011/06/16 23:05:31 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

========== Files Created - No Company Name ==========

[2011/07/12 05:57:22 | 000,001,133 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/07/12 05:57:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2011/07/07 05:34:10 | 000,054,369 | ---- | C] () -- C:\Users\Kevin\Desktop\Untitled.wma
[2011/07/04 23:37:16 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/07/01 23:01:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/01 23:01:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/01 22:58:56 | 2146,983,935 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/01 20:17:38 | 000,001,437 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/01 20:14:00 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2011/07/01 20:14:00 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011/07/01 20:12:26 | 000,006,136 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011/07/01 20:09:14 | 000,001,409 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/07/01 20:09:11 | 000,001,443 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/01 20:08:52 | 000,000,290 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/01 20:08:52 | 000,000,272 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/01 19:33:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 16:28:39 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/01 02:21:35 | 000,001,441 | ---- | C] () -- C:\Users\Kevin\Desktop\Trend Micro Titanium Maximum Security.lnk
[2011/06/28 18:47:25 | 001,306,886 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/21 16:00:37 | 000,096,256 | ---- | C] () -- C:\Users\Kevin\Desktop\SystemLook_x64.exe
[2011/06/21 15:17:28 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/19 02:14:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/06/16 23:13:58 | 000,001,368 | ---- | C] () -- C:\Users\Kevin\Desktop\Ventrilo.lnk
[2011/06/16 23:05:31 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/06/16 05:47:31 | 000,000,132 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/15 01:58:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/15 01:58:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/15 01:58:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/15 01:58:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/15 01:58:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/13 22:32:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/13 22:32:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/08 22:53:56 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/08 22:53:55 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/08 22:53:53 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/06/03 00:41:08 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/06/03 00:03:28 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/01 23:23:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/01 21:40:11 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/03 06:32:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Epson
[2011/06/03 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2011/06/16 23:14:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2011/06/09 05:04:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ScummVM
[2011/06/21 15:17:28 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/07/14 01:08:49 | 000,027,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




After the restart, it's no longer warning me about the Windows Security Center service. And I checked under Control Panel and System and Security myself and everything seems in order.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 16th, 2011, 6:34 am

Zetsubera,
Looks like you are finally good to go.
Just be careful what you click on, and stay away from P2P programs.
Good Luck!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 17th, 2011, 11:48 pm

Alright, thanks again for all the help. I'll be more wary of what I do now on so something like this doesn't happen once more.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 18th, 2011, 7:04 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 123 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware