Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search engine redirects and Windows Security Center Service

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 27th, 2011, 3:25 pm

========== Files - Modified Within 30 Days ==========

[2011/07/01 23:01:38 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/07/01 23:01:38 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/07/01 20:14:00 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011/06/26 15:40:00 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/06/26 15:35:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/06/26 15:28:28 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 15:28:28 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 15:26:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/06/26 15:25:02 | 000,000,050 | ---- | M] () -- C:\Users\Kevin\Desktop\FixScv.bat
[2011/06/26 15:21:18 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\IRELCTRJSF.job
[2011/06/26 15:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 15:21:11 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 15:15:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/21 15:17:28 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 22:32:14 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/20 22:32:14 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/19 02:14:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/06/16 23:13:58 | 000,001,368 | ---- | M] () -- C:\Users\Kevin\Desktop\Ventrilo.lnk
[2011/06/16 23:05:31 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/06/16 06:27:55 | 000,000,132 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/16 03:30:24 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\dds.scr
[2011/06/16 02:31:44 | 000,001,942 | ---- | M] () -- C:\Users\Kevin\Desktop\Savestatesuggestions.rtf
[2011/06/16 01:13:16 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/16 00:58:15 | 000,002,975 | ---- | M] () -- C:\Users\Kevin\Desktop\HiJackThis.lnk
[2011/06/15 02:32:32 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kevin\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/15 02:27:41 | 004,826,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 02:19:03 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/15 02:19:03 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/15 02:19:03 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/15 02:03:18 | 000,001,578 | ---- | M] () -- C:\Users\Kevin\Desktop\Out Of Order - Shortcut.lnk
[2011/06/12 06:37:11 | 000,001,718 | ---- | M] () -- C:\Users\Kevin\Desktop\Photoshop.lnk
[2011/06/12 04:18:14 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/12 02:56:36 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 04:12:11 | 000,001,437 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/11 04:05:44 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/11 04:05:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/11 04:05:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/11 04:05:43 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/11 04:05:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/11 04:05:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/11 04:05:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/11 04:05:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/11 04:05:43 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/11 04:05:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/11 04:05:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/11 04:05:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/11 04:05:42 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/11 04:05:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/11 04:05:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/11 04:05:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/11 04:05:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/11 04:05:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/11 04:05:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/11 04:05:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/11 04:05:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/11 04:05:42 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/11 04:05:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/11 04:05:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/11 04:05:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/11 04:05:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/11 04:05:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/11 04:05:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/11 04:05:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/11 04:05:40 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/11 04:05:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/11 04:05:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/11 04:05:40 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/11 04:05:40 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/11 04:05:40 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/11 04:05:38 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/11 04:05:38 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/11 04:05:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/11 04:05:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/11 04:05:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/11 04:05:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/11 04:05:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/11 04:05:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/11 04:05:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/11 04:05:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/11 04:05:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/11 04:05:36 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/11 04:05:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/11 04:05:36 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/11 04:05:36 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/11 04:05:36 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/11 04:05:36 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/11 04:05:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/11 04:05:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/11 04:05:36 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/11 04:05:35 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/11 04:05:35 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/11 04:05:35 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/11 04:05:35 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/11 04:05:35 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/11 04:05:35 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/11 04:05:35 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/11 04:05:35 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/11 04:05:35 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/11 04:05:35 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/11 04:05:35 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/11 04:05:35 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/11 04:05:35 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/11 04:05:35 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/11 04:05:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/11 04:05:35 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/11 04:05:35 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/10 22:34:25 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/10 20:17:28 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro AntiVirus plus AntiSpyware.lnk
[2011/06/10 19:40:29 | 000,166,400 | RHS- | M] () -- C:\Windows\SysWow64\wow32F.dll
[2011/06/09 00:24:10 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/08 22:54:37 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/06/08 22:54:37 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/06/08 22:53:53 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2011/06/08 18:44:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/06 00:35:49 | 000,001,945 | ---- | M] () -- C:\Users\Kevin\Desktop\FMLECmd - SCFH.lnk
[2011/06/03 04:50:29 | 000,001,899 | ---- | M] () -- C:\Users\Kevin\Desktop\FlashMediaLiveEncoder - Shortcut.lnk
[2011/06/03 04:31:40 | 000,001,193 | ---- | M] () -- C:\Users\Kevin\Desktop\SCFH - Shortcut.lnk
[2011/06/03 00:44:49 | 000,000,088 | ---- | M] () -- C:\Windows\ENX420.ini
[2011/06/03 00:41:27 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/06/03 00:03:33 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/03 00:02:43 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/06/02 16:46:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/02 04:38:03 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/02 00:29:16 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/06/02 00:29:16 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/06/02 00:29:16 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/06/02 00:29:16 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/06/01 23:23:56 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/06/01 23:22:40 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/01 21:07:58 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/07/01 23:01:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/01 23:01:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/01 22:58:56 | 2146,983,935 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/01 20:17:38 | 000,001,437 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/01 20:14:00 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2011/07/01 20:14:00 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2011/07/01 20:12:26 | 000,006,136 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011/07/01 20:09:14 | 000,001,409 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/07/01 20:09:11 | 000,001,443 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/01 20:08:52 | 000,000,290 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/01 20:08:52 | 000,000,272 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/26 15:25:02 | 000,000,050 | ---- | C] () -- C:\Users\Kevin\Desktop\FixScv.bat
[2011/06/25 15:15:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/21 15:17:28 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/19 02:14:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/06/16 23:13:58 | 000,001,368 | ---- | C] () -- C:\Users\Kevin\Desktop\Ventrilo.lnk
[2011/06/16 23:05:31 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/06/16 05:47:31 | 000,000,132 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/16 00:58:15 | 000,002,975 | ---- | C] () -- C:\Users\Kevin\Desktop\HiJackThis.lnk
[2011/06/15 05:01:09 | 000,001,942 | ---- | C] () -- C:\Users\Kevin\Desktop\Savestatesuggestions.rtf
[2011/06/15 02:03:18 | 000,001,578 | ---- | C] () -- C:\Users\Kevin\Desktop\Out Of Order - Shortcut.lnk
[2011/06/15 01:58:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/15 01:58:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/15 01:58:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/15 01:58:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/15 01:58:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/13 22:32:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/13 22:32:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/12 06:37:11 | 000,001,718 | ---- | C] () -- C:\Users\Kevin\Desktop\Photoshop.lnk
[2011/06/12 04:37:19 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/06/12 04:36:29 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/12 04:34:13 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/12 04:33:47 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/12 04:31:56 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/12 04:31:48 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/12 04:31:07 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/11 04:05:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/11 04:05:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/10 20:17:28 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro AntiVirus plus AntiSpyware.lnk
[2011/06/10 19:40:30 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\IRELCTRJSF.job
[2011/06/10 19:40:29 | 000,166,400 | RHS- | C] () -- C:\Windows\SysWow64\wow32F.dll
[2011/06/10 04:07:09 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/06/08 22:54:37 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/06/08 22:53:56 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/08 22:53:55 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/08 22:53:53 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/06/08 18:44:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/08 18:44:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/06 00:33:20 | 000,001,945 | ---- | C] () -- C:\Users\Kevin\Desktop\FMLECmd - SCFH.lnk
[2011/06/03 04:50:29 | 000,001,899 | ---- | C] () -- C:\Users\Kevin\Desktop\FlashMediaLiveEncoder - Shortcut.lnk
[2011/06/03 04:31:40 | 000,001,193 | ---- | C] () -- C:\Users\Kevin\Desktop\SCFH - Shortcut.lnk
[2011/06/03 00:41:27 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/06/03 00:41:08 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/06/03 00:03:28 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/02 23:56:06 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/06/02 16:46:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/01 23:23:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/01 23:22:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/01 21:40:11 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/01 21:07:58 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/03 06:32:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Epson
[2011/06/03 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2011/06/16 23:14:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2011/06/15 01:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RegistryCleanerFree
[2011/06/09 05:04:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ScummVM
[2011/06/21 15:17:28 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/26 15:21:18 | 000,000,302 | -HS- | M] () -- C:\Windows\Tasks\IRELCTRJSF.job
[2009/07/14 01:08:49 | 000,017,370 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am
Advertisement
Register to Remove

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 27th, 2011, 3:25 pm

And this is the Extras.txt:



OTL Extras logfile created on: 6/26/2011 3:34:22 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kevin\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.32% Memory free
16.00 Gb Paging File | 14.67 Gb Available in Paging File | 91.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.22 Gb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2174007007-1400663677-772615396-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1391FE4A-783A-4C6D-82CB-BB6AE49DD321}" = XSplit
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 1.5.0
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Out Of Order" = Out Of Order
"ScummVM_is1" = ScummVM Git
"StarCraft II" = StarCraft II
"Steam App 1250" = Killing Floor
"Steam App 12810" = Overlord II
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra: Overture
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 34440" = Sid Meier's Civilization IV
"Steam App 34450" = Sid Meier's Civilization IV: Warlords
"Steam App 34460" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 34470" = Sid Meier's Civilization IV: Colonization
"Steam App 37400" = Time Gentlemen, Please!
"Steam App 37420" = Ben There, Dan That!
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 630" = Alien Swarm
"Steam App 63200" = Monday Night Combat
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 99900" = Spiral Knights

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 27th, 2011, 4:42 pm

Zetsubera,
You evidently have some system services that are not running.
Did you tell Game Booster to put things back to Normal before you removed it?

Also, your system shows some files/folders dated July 1, 2011, which hasn't happened yet.
Is there anything you can tell me about that?

Having both Game Booster from IOBit, and Punkbuster running on a 64-bit machine may be an invitation to some system problems, even after they are "gone".

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 28th, 2011, 1:25 am

I do believe I set it so Game Booster would set things back to normal when I uninstalled it.

My time and date are as they should be, so I don't know why the files would be shown as updated in 7/1/2011. Investigating the license file, all it really does is state the terms of agreement with the use of the Operating System. So, I'm unsure as to why it would update.

So, what would you suggest I do?
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 28th, 2011, 6:11 am

I don't know that it's anything serious.
At the moment, I don't see any malware on your system.
How is it running?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » June 28th, 2011, 3:18 pm

I still get the "goingonearth" address when clicking on google search results, just not nearly as often as it used to. And my Windows Security Center still does not activate. :(
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » June 29th, 2011, 7:47 am

Zetsubera,
I want you to download a new copy of Game Booster.
After it's installed, please choose to shut down all the processes listed by Game Booster.
Be sure it finishes whatever it does.
Reboot the machine, then start Game Booster again and tell it to switch back to Normal mode.
Be sure it finishes whatever it does, then Reboot once again, and Uninstall Game Booster.
Since the changes made by Game Booster are unpublished, this is probably the only chance we have to recover the system to most of its original settings.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 1st, 2011, 7:21 am

Well, I did what you said and nothing really changed. The program doesn't seem to actually shut down processes. And it will disengage Boost Mode whenever it's not being used or when the PC is shut down.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 1st, 2011, 7:44 am

Z,
Download this file and save it to your desktop.
http://download.bleepingcomputer.com/reg/FixNCR.reg
Right click on the file, and choose "run as administrator"
Allow it to merge with the registry.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Then please run Update Malwarebytes Anti-malware and have it run a full scan.
When it finishes, please post the log it produces.
If you lose track of the log, you can click the Logs tab on Malwarebytes, and double click the latest scan log.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 2nd, 2011, 12:50 am

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7000

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/1/2011 10:09:25 PM
mbam-log-2011-07-01 (22-09-24).txt

Scan type: Full scan (C:\|)
Objects scanned: 423575
Time elapsed: 2 hour(s), 22 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 2nd, 2011, 5:13 am

I don't see sign of any further infections.
How is the computer behaving?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 3rd, 2011, 5:13 am

I still get the "goingtoearth" every so often. Not nearly as often as it used to.
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 3rd, 2011, 10:44 am

Zetsubera,
This is usually related to mywebsearch. Let's see if any leftovers show:
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *mywebsearch*
    
    :folderfind
    *mywebsearch*
    
    :Regfind
    mywebsearch
    goingonearth
    thewebtimes
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search engine redirects and Windows Security Center Serv

Unread postby Zetsubera » July 3rd, 2011, 3:40 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 15:33 on 03/07/2011 by Kevin
Administrator - Elevation successful

========== filefind ==========

Searching for "*mywebsearch*"
No files found.

========== folderfind ==========

Searching for "*mywebsearch*"
No folders found.

========== Regfind ==========

Searching for "mywebsearch"
No data found.

Searching for "goingonearth"
No data found.

Searching for "thewebtimes"
No data found.

-= EOF =-


:(
Zetsubera
Regular Member
 
Posts: 30
Joined: June 16th, 2011, 3:23 am

Re: Search engine redirects and Windows Security Center Serv

Unread postby askey127 » July 4th, 2011, 7:28 am

Z,
That's a good result.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Users\Kevin\AppData\Roaming\RegistryCleanerFree
    C:\ProgramData\RegistryCleanerFree
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------
Please download MiniToolBox and run it.
(Right-click and "run as administrator")
Check ONLY the following in the list:
  • Flush DNS
  • Report IE Proxy Settings
Click GO and post the result (Result.txt).
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware