Thứ Năm, 18 tháng 8, 2016

Security Center disables automatically/Redirected on search engines part 1


phillywells

Hello. A few days ago, I started having a problem with my security center and later afterwards, Ive noticed that whenever I click on a link in a search engine such as google, I get redirected to a different site.

Whenever I try to enable the security center from Services.msc, about 30 seconds later it gets disabled by itself and a red X appears on the action center flag with a message saying to turn it back on. When I do turn it on from the action center, I get a message saying "The Windows Security Center service cant be started." Ive checked the dependencies for the security center which are DCOM Server Process Launcher, Remote Procedure Call (RPC), and Windows Management Instrumentation and they are all started and automatic.

I figure that there is malware causing this. I had Microsoft Security Essentials installed when this happened, but since the problem started, it wouldnt start up for some reason so I uninstalled it and installed Avira, Malwarebytes' Anti-malware, and Spybot Search & Destroy. I did a full system scan with those and I removed some things that were found that appeared "unknown" but I note that Spybot is the only one that does however find "Microsoft.WindowsSecurityCenter_disabled" and under that was

"(SBI $2E20C9A9) Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2".

So I fixed that and tried to enable it again but the problem still remains. Any ideas? Im lost at what to do here



tom982

Hello phillywells and welcome to the forums

Can you do the following for me please:

CKScanner

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Attach the log CKFiles.txt that has been created on your desktop with your next post

aswMBR

Please close any open work because sometimes this will cause a BSOD
Download aswMBR from here and save it to your desktop
Right click on it and select run as administrator
When it opens, click on the Scan button
When the scan completes, click on the Save log button and attach the log with your next post
If you do encounter a BSOD then try again - if the BSODs are persistant then let me know

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Malwarebytes Anti-Malware

Download and install MBAM from here
Run a full scan and attach the log with your next post for me to analyse

Tom

karlsnooks

Quote�� Quote: Originally Posted by phillywells View Post
Hello. A few days ago, I started having a problem with my security center and later afterwards, Ive noticed that whenever I click on a link in a search engine such as google, I get redirected to a different site.

Whenever I try to enable the security center from Services.msc, about 30 seconds later it gets disabled by itself and a red X appears on the action center flag with a message saying to turn it back on. When I do turn it on from the action center, I get a message saying "The Windows Security Center service cant be started." Ive checked the dependencies for the security center which are DCOM Server Process Launcher, Remote Procedure Call (RPC), and Windows Management Instrumentation and they are all started and automatic.

I figure that there is malware causing this. I had Microsoft Security Essentials installed when this happened, but since the problem started, it wouldnt start up for some reason so I uninstalled it and installed Avira, Malwarebytes' Anti-malware, and Spybot Search & Destroy. I did a full system scan with those and I removed some things that were found that appeared "unknown" but I note that Spybot is the only one that does however find "Microsoft.WindowsSecurityCenter_disabled" and under that was

"(SBI $2E20C9A9) Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2".

So I fixed that and tried to enable it again but the problem still remains. Any ideas? Im lost at what to do here
Welcome to SevenForums. Wish the circumstances were a little more pleasant.

Download, install and run MalwareBytes (link in my sig).

Let me know the results. Thanks.

marsmimar

You could also try this:

http://www.sevenforums.com/tutorials...m-sweeper.html

EDIT: Sorry Karl. Didn't see it listed in your sig.

karlsnooks

Thanks for mentioning the sweeper. I had only mentioned MalwareBytes.

Let's hope that one of them comes up something.

phillywells

Code:
  CKScanner - Additional Security Risks - These are not necessarily bad c:\program files\bestgameever\audiosurf\engine\channels\crypt.dll c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar.kfm c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar.nif c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_ac_down_atk.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_attack.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_critical.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_damage.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_die.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_normal_atk.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_normal_wide.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_run.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_stand.kf c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_walk.kf c:\program files\outspark\fiesta\reschar\kingcrab\emperorcarb_crackbip01_skill5.kf c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill1.kf c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill2.kf c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill3.kf c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill3_cast.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_attack.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_critical.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_damage.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_die.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_run.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_stand.kf c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_walk.kf c:\program files\outspark\fiesta\reseffect\b_crackerhumar_ac_down_atk.nif c:\program files\outspark\fiesta\reseffect\b_crackerhumar_attack.nif c:\program files\outspark\fiesta\reseffect\b_crackerhumar_attack_op.nif c:\program files\outspark\fiesta\reseffect\b_crackerhumar_die.nif c:\program files\outspark\fiesta\reseffect\b_crackerhumar_normal_atk.nif c:\program files\outspark\fiesta\reseffect\b_crackerhumar_normal_wide.nif c:\program files\outspark\fiesta\reseffect\b_crackerlooter_curse_wide.nif c:\program files\outspark\fiesta\reseffect\firecracker01.nif c:\program files\outspark\fiesta\reseffect\firecracker02.nif c:\program files\outspark\fiesta\reseffect\hfirecracker00.nif c:\program files\outspark\fiesta\reseffect\sta_crackeracdownloof.nif c:\program files\outspark\fiesta\reseffect\sta_crackerdiseaseloof.nif c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.conf c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.nif c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.shbd c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.shmd c:\program files\outspark\fiesta\resmap\field\b_cracker\darkcave_water.nif c:\program files\outspark\fiesta\resmenu\minimap\b_cracker.dds c:\program files\outspark\fiesta\ressystem\action\b_crackerhumar.dat c:\users\phill\music\itunes\itunes media\music\tchaikovsky\unknown album\the nutcracker (soft).m4a c:\users\phill\music\itunes\itunes media\music\tchaikovsky\unknown album\the nutcracker.m4a scanner sequence 3.ZZ.11.LVAPCD ----- EOF -----    aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software Run date: 2011-07-18 13:30:59 ----------------------------- 13:30:59.241 OS Version: Windows 6.1.7601 Service Pack 1 13:30:59.241 Number of processors: 2 586 0x4802 13:30:59.241 ComputerName: PHILL-PC UserName: Phill 13:31:15.756 Initialize success 13:31:39.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-0 13:31:39.105 Disk 0 Vendor: TOSHIBA_MK6034GSX AH101D Size: 57231MB BusType: 3 13:31:39.105 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000078 13:31:39.105 Disk 1 Vendor: RICOH 01 Size: 3759MB BusType: 0 13:31:39.121 Disk 0 MBR read successfully 13:31:39.121 Disk 0 MBR scan 13:31:39.136 Disk 0 Windows 7 default MBR code 13:31:39.136 Disk 0 scanning sectors +117207040 13:31:39.230 Disk 0 scanning C:\Windows\system32\drivers 13:31:48.996 Service scanning 13:31:51.464 Disk 0 trace - called modules: 13:31:51.496 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll atiide.sys PCIIDEX.SYS atapi.sys  13:31:51.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a97a78] 13:31:51.511 3 CLASSPNP.SYS[877a259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-0[0x859b8908] 13:31:52.027 Scan finished successfully 13:32:05.449 Disk 0 MBR has been saved successfully to "C:\Users\Phill\Desktop\MBR.dat" 13:32:05.464 The log file has been saved successfully to "C:\Users\Phill\Desktop\aswMBR.txt"   OTL logfile created on: 7/18/2011 1:46:15 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Phill\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy   894.05 Mb Total Physical Memory | 226.96 Mb Available Physical Memory | 25.39% Memory free 1.87 Gb Paging File | 1.09 Gb Available in Paging File | 58.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]   %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.72 Gb Total Space | 5.45 Gb Free Space | 9.79% Space Free | Partition Type: NTFS Drive D: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 3.66 Gb Total Space | 0.19 Gb Free Space | 5.23% Space Free | Partition Type: FAT32 Drive G: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 5.67 Gb Total Space | 0.23 Gb Free Space | 4.11% Space Free | Partition Type: FAT32   Computer Name: PHILL-PC | User Name: Phill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days   ========== Processes (SafeList) ==========   PRC - C:\Users\Phill\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Phill\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit) PRC - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit) PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\lxebcoms.exe ( ) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()     ========== Modules (SafeList) ==========   MOD - C:\Users\Phill\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)     ========== Win32 Services (SafeList) ==========   SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (lxeb_device) -- C:\Windows\System32\lxebcoms.exe ( ) SRV - (lxebCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)     ========== Driver Services (SafeList) ==========   DRV - (67329092) -- C:\Windows\system32\DRIVERS\67329092.sys (Kaspersky Lab ZAO) DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (SmartDefragDriver) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys () DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (atiide) -- C:\Windows\system32\DRIVERS\atiide.sys (ATI Technologies Inc.) DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)     ========== Standard Registry (All) ==========     ========== Internet Explorer ==========   IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com   IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook - Log In, Sign Up or Learn More IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local   FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@ei.WeatherBlink.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phill\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phill\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)     [2011/06/21 17:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phill\AppData\Roaming\Mozilla\Extensions [2011/06/22 13:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phill\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/01/30 20:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phill\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org   O1 HOSTS File: ([2011/07/16 20:00:36 | 000,000,084 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.example.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit) O4 - HKCU..\Run: [Google Update] C:\Users\Phill\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemp.../SysProExe.CAB (WMI Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab...i_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/07/14 04:26:40 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2010/05/24 18:34:11 | 000,000,046 | RH-- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{11e68bdd-92eb-11e0-9938-000d0bc45ef3}\Shell - "" = AutoRun O33 - MountPoints2\{11e68bdd-92eb-11e0-9938-000d0bc45ef3}\Shell\AutoRun\command - "" = G:\Installer.exe -- [2010/05/24 18:34:11 | 002,505,256 | R--- | M] () O33 - MountPoints2\{8900f934-12cf-11e0-ad04-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8900f934-12cf-11e0-ad04-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/07/14 04:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\Windows\System32\SmartDefragBootTime.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found   ========== Files/Folders - Created Within 30 Days ==========   [2011/07/18 13:40:12 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Phill\Desktop\OTL.exe [2011/07/18 13:19:39 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Users\Phill\Desktop\aswMBR.exe [2011/07/17 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\Phill\Incomplete [2011/07/17 05:02:38 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2011/07/17 05:02:38 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys [2011/07/17 03:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011/07/17 03:53:16 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\67329092.sys [2011/07/17 03:33:19 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe [2011/07/17 03:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011/07/17 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\NPE [2011/07/17 02:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011/07/16 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2011/07/15 20:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/07/15 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\AVG10 [2011/07/15 12:48:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011/07/15 12:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2011/07/15 12:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/07/15 11:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/07/15 10:44:17 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Apple Computer [2011/07/15 08:33:32 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Malwarebytes [2011/07/15 08:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/12 21:34:16 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011/07/12 21:34:16 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/07/12 21:33:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011/07/12 21:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011/07/12 21:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011/07/12 21:33:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011/07/12 21:33:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011/07/12 21:33:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011/07/12 21:33:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011/07/12 21:33:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/07/12 21:33:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011/07/12 21:32:47 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/07/11 08:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/07/02 13:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nintendo Wi-Fi USB Connector [2011/07/02 13:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\WiFiConnector [2011/07/02 08:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/07/02 08:11:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/07/02 08:11:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/07/02 08:11:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/06/29 14:35:11 | 000,028,672 | ---- | C] (Axis) -- C:\Windows\System32\PCWinSoftPBar.ocx [2011/06/29 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1AVCapture [2011/06/29 14:35:09 | 000,630,784 | ---- | C] (Axis) -- C:\Windows\System32\AxisToolBar.ocx [2011/06/29 14:35:09 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX [2011/06/29 14:35:09 | 000,264,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DS32.AX [2011/06/29 14:35:09 | 000,188,416 | ---- | C] (Unreal Streaming Technologies Group.) -- C:\Windows\System32\UScreenCapture.ax [2011/06/29 14:35:09 | 000,126,976 | ---- | C] (Ariel Systems) -- C:\Windows\System32\ArielColorCtrl.ocx [2011/06/29 14:35:09 | 000,073,728 | ---- | C] (PCWinSoft Systems Ltd) -- C:\Windows\System32\TOverlay.ax [2011/06/29 14:35:09 | 000,053,248 | ---- | C] (DeskShare) -- C:\Windows\System32\DSTimeStamp.ax [2011/06/29 14:35:09 | 000,036,864 | ---- | C] (Axis) -- C:\Windows\System32\Sof2FFTPrj.ocx [2011/06/29 14:35:09 | 000,028,672 | ---- | C] (Axis) -- C:\Windows\System32\SpecBarPrj.ocx [2011/06/29 14:34:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\1AVCapture [2011/06/29 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\1AVCapture [2011/06/28 21:26:22 | 000,000,000 | ---D | C] -- C:\Taz Wanted [2011/06/28 20:21:35 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011/06/28 20:21:35 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011/06/28 20:21:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011/06/28 20:21:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011/06/28 20:21:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011/06/28 20:21:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011/06/26 12:14:31 | 000,000,000 | ---D | C] -- C:\Users\Phill\FrostWire [2011/06/26 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\FrostWire [2011/06/26 12:14:05 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire [2011/06/26 12:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire [2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\Phill\Documents\StarCraft II [2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II [2011/06/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2011/06/22 10:50:19 | 000,000,000 | -H-D | C] -- C:\Windows\System32\explorer [2011/06/21 14:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2011/06/21 04:29:05 | 000,000,000 | ---D | C] -- C:\Users\Phill\Desktop\Starcraft_II_Wings_Of_Liberty_Proper-Razor1911 [2011/06/20 23:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft [2011/06/20 23:26:51 | 000,000,000 | ---D | C] -- C:\StarCraft [2011/06/20 22:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft Shareware(ED) [2011/06/20 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Starcraft Shareware(ED) [2011/06/20 22:29:33 | 000,068,608 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScEdUnin.exe [2011/06/20 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft Shareware(ED) [2011/06/19 12:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011/06/19 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011/03/11 19:01:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll [2010/04/14 20:56:04 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe [2010/04/14 20:56:02 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe [2010/04/14 20:56:00 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe [2010/04/13 20:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll [2009/12/09 20:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll [2009/12/09 20:43:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll [2009/12/09 20:41:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll [2009/12/09 20:40:12 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll [2009/12/09 20:37:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxebhcp.dll [2009/12/09 20:36:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll [2009/12/09 20:35:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll [2009/12/09 20:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll [2009/12/09 20:35:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]   ========== Files - Modified Within 30 Days ==========   [2011/07/18 13:40:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Phill\Desktop\OTL.exe [2011/07/18 13:32:05 | 000,000,512 | ---- | M] () -- C:\Users\Phill\Desktop\MBR.dat [2011/07/18 13:31:32 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/18 13:31:32 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/18 13:24:29 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011/07/18 13:24:11 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2011/07/18 13:24:11 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\ITAX.job [2011/07/18 13:24:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2011/07/18 13:24:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011/07/18 13:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/18 13:23:53 | 703,107,072 | -HS- | M] () -- C:\hiberfil.sys [2011/07/18 13:19:59 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Users\Phill\Desktop\aswMBR.exe [2011/07/18 13:17:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992413630-1469070986-2887152357-1001UA.job [2011/07/18 13:10:42 | 000,459,264 | ---- | M] () -- C:\Users\Phill\Desktop\CKScanner.exe [2011/07/18 12:00:04 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job [2011/07/18 01:17:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2992413630-1469070986-2887152357-1001Core.job [2011/07/17 17:00:00 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2011/07/17 11:16:26 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\67329092.sys [2011/07/17 05:02:56 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2011/07/17 05:02:56 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys [2011/07/17 03:29:14 | 013,405,541 | ---- | M] () -- C:\Users\Phill\AppData\Roaming\SMRBackup200.dat [2011/07/17 03:08:59 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/07/17 03:07:34 | 000,652,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/07/17 03:07:34 | 000,113,900 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/07/17 02:39:18 | 000,001,568 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2011/07/16 20:00:36 | 000,000,084 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/07/16 17:19:30 | 000,007,613 | ---- | M] () -- C:\Users\Phill\AppData\Local\resmon.resmoncfg [2011/07/15 18:37:37 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2011/07/15 18:37:37 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011/07/15 03:19:43 | 000,064,000 | RHS- | M] () -- C:\Windows\System32\dhcpsapi4.dll [2011/07/13 18:23:01 | 001,747,101 | ---- | M] () -- C:\Users\Phill\Desktop\Sonic 2 Music Emerald Hill Zone 2-player.mp3 [2011/07/13 18:22:06 | 003,145,303 | ---- | M] () -- C:\Users\Phill\Desktop\Nte The Great - Emerald Hill Zone 2-Player Version Nte The Great Remix.mp3 [2011/07/13 00:12:14 | 000,259,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/07/12 22:45:09 | 004,023,725 | ---- | M] () -- C:\Users\Phill\Desktop\Pokemon Orchestral Arrangement National Park.mp3 [2011/07/12 21:34:16 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011/07/12 21:34:16 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/07/12 21:33:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011/07/12 21:33:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011/07/12 21:33:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011/07/12 21:33:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011/07/12 21:33:43 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011/07/12 21:33:43 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011/07/12 21:33:43 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011/07/12 21:33:43 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011/07/12 21:33:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011/07/12 21:33:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/07/12 21:33:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011/07/12 21:32:47 | 002,334,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/07/11 15:11:00 | 000,134,308 | ---- | M] () -- C:\Users\Phill\Documents\fim.Mosko.Mobi.CAB [2011/07/02 13:03:20 | 000,001,092 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk [2011/06/26 12:14:05 | 000,001,201 | ---- | M] () -- C:\Users\Phill\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk [2011/06/26 12:14:05 | 000,001,177 | ---- | M] () -- C:\Users\Phill\Desktop\FrostWire 4.21.8.lnk [2011/06/26 10:49:58 | 000,073,728 | ---- | M] (PCWinSoft Systems Ltd) -- C:\Windows\System32\TOverlay.ax [2011/06/25 22:09:34 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011/06/22 23:02:39 | 000,001,509 | ---- | M] () -- C:\Users\Phill\Desktop\StarCraft II.lnk [2011/06/20 23:38:03 | 000,000,945 | ---- | M] () -- C:\Users\Phill\Desktop\StarCraft.lnk [2011/06/20 22:29:37 | 000,007,306 | ---- | M] () -- C:\Windows\scedunin.dat [2011/06/20 22:29:34 | 000,000,967 | ---- | M] () -- C:\Windows\ScEdUnin.pif [2011/06/20 22:29:33 | 000,068,608 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScEdUnin.exe [2011/06/19 19:32:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]   ========== Files Created - No Company Name ==========   [2011/07/18 13:32:05 | 000,000,512 | ---- | C] () -- C:\Users\Phill\Desktop\MBR.dat [2011/07/18 13:10:36 | 000,459,264 | ---- | C] () -- C:\Users\Phill\Desktop\CKScanner.exe [2011/07/17 03:28:31 | 013,405,541 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\SMRBackup200.dat [2011/07/17 03:07:23 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/07/17 02:38:40 | 000,001,568 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2011/07/16 09:43:46 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2011/07/15 17:54:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2011/07/15 17:54:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011/07/15 03:19:43 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\ITAX.job [2011/07/15 03:19:41 | 000,064,000 | RHS- | C] () -- C:\Windows\System32\dhcpsapi4.dll [2011/07/13 18:22:54 | 001,747,101 | ---- | C] () -- C:\Users\Phill\Desktop\Sonic 2 Music Emerald Hill Zone 2-player.mp3 [2011/07/13 18:21:58 | 003,145,303 | ---- | C] () -- C:\Users\Phill\Desktop\Nte The Great - Emerald Hill Zone 2-Player Version Nte The Great Remix.mp3 [2011/07/12 22:44:59 | 004,023,725 | ---- | C] () -- C:\Users\Phill\Desktop\Pokemon Orchestral Arrangement National Park.mp3 [2011/07/11 15:10:59 | 000,134,308 | ---- | C] () -- C:\Users\Phill\Documents\fim.Mosko.Mobi.CAB [2011/07/02 13:03:20 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Run Registration Tool.lnk [2011/06/29 14:35:10 | 000,008,587 | ---- | C] () -- C:\Windows\System32\msaudio.cat [2011/06/29 14:35:09 | 000,040,960 | ---- | C] () -- C:\Windows\System32\wavdest.ax [2011/06/29 14:35:09 | 000,008,608 | ---- | C] () -- C:\Windows\System32\mpeg4ax.cat [2011/06/26 12:14:05 | 000,001,201 | ---- | C] () -- C:\Users\Phill\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk [2011/06/26 12:14:05 | 000,001,177 | ---- | C] () -- C:\Users\Phill\Desktop\FrostWire 4.21.8.lnk [2011/06/22 23:02:39 | 000,001,509 | ---- | C] () -- C:\Users\Phill\Desktop\StarCraft II.lnk [2011/06/20 23:36:22 | 000,000,945 | ---- | C] () -- C:\Users\Phill\Desktop\StarCraft.lnk [2011/06/20 22:29:37 | 000,007,306 | ---- | C] () -- C:\Windows\scedunin.dat [2011/06/20 22:29:33 | 000,000,967 | ---- | C] () -- C:\Windows\ScEdUnin.pif [2011/06/10 12:33:00 | 000,000,000 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\FileOut.cns [2011/06/10 12:33:00 | 000,000,000 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\FileIn.cns [2011/05/21 20:35:59 | 000,162,082 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe [2011/04/15 23:25:33 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/04/15 23:25:33 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011/03/12 00:17:40 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini [2011/03/11 19:01:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll [2011/02/22 21:25:40 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe [2011/02/15 07:46:02 | 014,135,296 | ---- | C] () -- C:\Windows\System32\common_res.dll [2011/01/09 11:46:21 | 000,002,552 | ---- | C] () -- C:\Windows\WAVEMIX.INI [2011/01/09 11:46:02 | 000,000,888 | ---- | C] () -- C:\Windows\INSPACE.INI [2011/01/08 12:24:38 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011/01/08 11:18:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/07 17:59:56 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe [2011/01/04 03:55:42 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll [2011/01/04 03:55:31 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll [2011/01/02 08:26:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/12/29 08:21:26 | 000,001,355 | ---- | C] () -- C:\Windows\kaillera.ini [2010/12/28 17:13:24 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2010/12/28 17:12:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe [2010/12/28 15:33:55 | 000,007,613 | ---- | C] () -- C:\Users\Phill\AppData\Local\resmon.resmoncfg [2010/02/11 00:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009/11/09 09:06:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll [2009/11/09 09:06:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll [2009/11/09 09:06:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll [2009/11/09 09:06:24 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll [2009/11/09 09:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll [2009/11/09 09:06:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll [2009/11/09 09:06:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll [2009/11/09 09:05:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll [2009/11/09 08:59:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll [2009/10/21 11:06:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll [2009/10/21 11:06:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 23:33:53 | 000,259,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 21:05:48 | 000,652,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 21:05:48 | 000,113,900 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009/02/20 09:48:44 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lxebsmr.dll [2009/02/20 09:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxebsm.dll [2008/12/01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/03/05 03:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI   ========== LOP Check ==========   [2011/03/27 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\.visualvm [2011/03/18 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\Aura4You [2011/07/15 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\AVG10 [2011/01/01 08:25:15 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\enchant [2011/07/17 20:10:41 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\FrostWire [2011/07/15 06:27:50 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\IObit [2011/05/30 00:42:41 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\Laconic Software [2011/06/16 23:10:12 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\PCDr [2011/07/08 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\Software Informer [2011/07/16 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\Phill\AppData\Roaming\uTorrent [2011/07/18 13:24:11 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\ITAX.job [2011/06/25 22:09:34 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2011/05/28 16:08:23 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/07/18 12:00:04 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job [2011/07/18 13:24:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job   ========== Purity Check ==========       ========== Alternate Data Streams ==========   @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:EEDA5B17 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F < End of report >   OTL Extras logfile created on: 7/18/2011 1:46:15 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Phill\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy   894.05 Mb Total Physical Memory | 226.96 Mb Available Physical Memory | 25.39% Memory free 1.87 Gb Paging File | 1.09 Gb Available in Paging File | 58.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]   %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.72 Gb Total Space | 5.45 Gb Free Space | 9.79% Space Free | Partition Type: NTFS Drive D: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 3.66 Gb Total Space | 0.19 Gb Free Space | 5.23% Space Free | Partition Type: FAT32 Drive G: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 5.67 Gb Total Space | 0.23 Gb Free Space | 4.11% Space Free | Partition Type: FAT32   Computer Name: PHILL-PC | User Name: Phill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days   ========== Extra Registry (SafeList) ==========     ========== File Associations ==========   [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)   [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found   ========== Shell Spawning ==========   [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)   ========== Security Center Settings ==========   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0   ========== Firewall Settings ==========   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1   ========== Authorized Applications List ==========     ========== HKEY_LOCAL_MACHINE Uninstall List ==========   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26 "{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility "{2866B2D9-B57E-4829-A554-47DF68868F15}" = Fiesta "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All "{3B321407-8558-4C72-86F6-C1E72AC9F8BA}" = Continuum "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype� 5.3 "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian "{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = AMD VISION Engine Control Center "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian "{658DE1DF-D156-DD5A-800E-20C693806F65}" = Catalyst Control Center InstallProxy "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light "{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French "{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista "{71790311-0C42-B5BC-AF01-97BFFEF2A30B}" = ATI Catalyst Install Manager "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8EB278E8-7FDA-4ED9-A429-C87A76F95087}_is1" = 1AVCapture version 1.9.0.01 "{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New "{9A6F4E4F-9FAB-78A2-020B-3DAED3B2E0E1}" = AMD Fuel "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC CIF Camer@ "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static "{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta "{E15E74CC-E9D1-9042-4481-BE3B573620BA}" = AMD Fuel "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard "{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "Dell Support Center" = Dell Support Center "DMX5_is1" = DriverMax 5 "DP Animation Maker" = DP Animation Maker "Fantastic Flame Screensaver" = Fantastic Flame Screensaver "FormatFactory" = FormatFactory 2.60 "FrostWire" = FrostWire 4.21.8 "Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "NoLimits Coasters full" = NoLimits Coasters 1.7 (remove only) "OGPlanet Game Launcher US" = OGPlanet Game Launcher "RumbleFighter" = Rumble Fighter "Smart Defrag 2_is1" = Smart Defrag 2 "Software Informer_is1" = Software Informer 1.1 "StarCraft II" = StarCraft II "Starcraft Shareware(ED)" = Starcraft Shareware(ED) "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TinyWord2" = TinyWord 2.9.0 "Train Simulator 1.0" = Microsoft Train Simulator "uTorrent" = �Torrent "WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool "Windows Mobile Device Handbook" = HTC Touch Pro2 User Guide "WinRAR archiver" = WinRAR 4.01 (32-bit) "Yahoo! Software Update" = Yahoo! Software Update   ========== HKEY_CURRENT_USER Uninstall List ==========   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome   ========== Last 10 Event Log Errors ==========   Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!   < End of report >   Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7192 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/18/2011 3:07:13 PM mbam-log-2011-07-18 (15-06-57).txt Scan type: Full scan (C:\|) Objects scanned: 302799 Time elapsed: 1 hour(s), 10 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

tom982

CKScanner log is fine
aswMBR log is fine

Delete the entry malwarebytes found. Reboot and scan again and upload a fresh malwarebytes log.

I'll go through your OTL log tomorrow, it's going to take a while and I'm very tired!

Tom

phillywells

ok, malwarebytes is scanning now. ill post the log afterwards. When thats done, ill try the microsoft standalone system sweeper

phillywells

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7192
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
7/18/2011 6:19:34 PM
mbam-log-2011-07-18 (18-19-33).txt
Scan type: Full scan (C:\|)
Objects scanned: 303036
Time elapsed: 1 hour(s), 31 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

phillywells

trying the sweeper now

karlsnooks

Phillywells, Excellent-although I don't expect the system sweeper to find anything.

I'd say we need another approach to your problem.

Could you help us out and fluff out your System Specs?

Here's a procedure to guide you.

UPDATE YOUR SEVENFORUMS SYSTEM SPECS


User CP (3rd item in the top menu bar) |
in left-hand column, under Your Profile, Edit System Spec |


Use Speccy - System Information - Free Download
and/or SIW to gather info for filling in the blanks.

Do me a favor and add the word laptop or desktop to the �system manufacturer� block.

Use the �Other Info� block for Optical Reader, Mouse, touchpad, wifi adapter, speakers, monitor

Scroll down and click on the SAVE CHANGES button.



phillywells

Ok, its been updated now and yeah the sweeper didnt find anything.

karlsnooks

Quote�� Quote: Originally Posted by phillywells View Post
Ok, its been updated now and yeah the sweeper didnt find anything.
Excellent! Thanks.

Now I don't think that MagicISO is the source of your problems, but could you delete MagicISO till we have located the problem?

I tried MagicISO and found the program to be interfering.

I liked some of the features but I would recommend to anyone to use it to accomplish an objective and then immediately uninstall it.

Which anti-virus are you presently using?

If at all possible, until the source of the problem is located, remove and anti-virus, anti-spyware, firewall program that you have installed if it is not from Microsoft. That means, use Microsoft Security Essentials, Windows Firewall and the Security Center defaults.

Would you please download, install and run CCleaner (link in my sig). CCleaner is free. Don't get tricked into clicking on the buy buttons.

AFter cleaning, then follow this procedure:
LIST OF STARTUP PROGRAMS USING CCLEANER


CCleaner | Tasks icon | Startup tab | click on Save to text file button (bottom right side)

Using the PAPER CLIP icon in the top panel of a Message Reply window, attach the .txt file generated by CCleaner.

phillywells

Ok i got rid of MagicISO and I dont have any anti virus programs installed right now. Microsoft Security Essentials wont start and im guessing its because the Security Center and the Microsoft Antimalware services keep getting disabled automatically when i try to turn it on. Windows Firewall works fine though.

karlsnooks

philly,
| MSCONFIG | ENTER | STARTUP tab |
uncheck ALL except for:
Sidebar C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSC "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

RESTART your computer.

In the Start Menu, If you select All Programs, do you see an entry for Microsoft Security Essentials?

If yes, then click on it.

phillywells

its there but nothing happens when i click on it

karlsnooks

did you uncheck all except for the two I listed? Yes or No.

Be sure to leave all unchecked except for those two.

karlsnooks

I've put a call out for assistance as I find your case unusual. I must be missing the obvious.

phillywells

yes those two are the only ones checked. not sure whats wrong here.

marsmimar

Karl -

I found this Microsoft forum Q&A. Don't know if will help in this case but thought I'd throw it out FWIW.

The windows security center service can't be started. - Microsoft Answers

phillywells

Hello there,

I think it's best to also Reboot the system in Selective Startup Run Selective Startup using System Configuration and run SFC /SCANNOW Command - System File Checker

Also test it in a new Windows Profile
  1. Open User Accounts by clicking the Start button , clicking Control Panel, clicking User Accounts and Family Safety (or clicking User Accounts, if you are connected to a network domain), and then clicking User Accounts.
  2. Click Manage another account. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. Click Create a new account.
  4. Type the name you want to give the user account, click an account type, and then click Create Account.


Hope this helps!
Captain



marsmimar

@ Jack Sparrow: i still had the problems on the new account.
@ Marsmimar: i dont think i have a Local Users/Groups manager.

I did get an error during the sfc /scannow. Should i post the details log?

phillywells

Re: Local Users/Groups manager. I just noticed you have Home Premium. The manager is available in 7 Professional, Ultimate, and Enterprise editions. Sorry. (See here for additional info.) To confirm that it's not available, click Start > right click Computer > Manage.

If SFC found an error it's recommended to run the scan 3-4 more times. If the error is still unable to be fixed it wouldn't hurt to post the CBS.log file.

Jacee

yeah i dont have the manager after all . I ran the scan several times and kept getting the error so im going to post the log file.

phillywells

Quote�� Quote: Originally Posted by phillywells View Post
yeah i dont have the manager after all . I ran the scan several times and kept getting the error so im going to post the log file.

Hello there,

Seems like the issue is with Autochk.exe

Code:
Cannot repair member file [l:22{11}]"autochk.exe" of  Microsoft-Windows-Autochk, Version = 6.1.7601.17514, pA =  PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1  nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral,  TypeName neutral, PublicKey neutral in the store, hash mismatch
See if you can apply the hotfix The Chkdsk.exe program does not start correctly on a Windows 7-based computer that has an update for Auto

karlsnooks

I see Kaspersky in the log ... is this your antivirus? IOBIT may have deleted one of it's important files.

Uninstall IOBIT!

Next, open MBam and be sure that this item is checked, and click Remove Selected

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> No action taken.

karlsnooks

@ Jack Sparrow: Ok, ive applied the hotfix and re-scanned but nothing has changed. In the properties on the details tab for autochk.exe, everything is blank except for Type, Size, and Date modified. Does it supposed to be like that?


@ Jacee: I did what you requested.


I even tried what HappyFacePCs mentioned here Can not turn on Windows Security Center Service but Microsoft Security Essentials didnt find anything in safe mode.

phillywells

Quote�� Quote: Originally Posted by marsmimar View Post
Karl -

I found this Microsoft forum Q&A. Don't know if will help in this case but thought I'd throw it out FWIW.

The windows security center service can't be started. - Microsoft Answers

Thanks. Looks like the procedure is worth carrying out. I'll make sure that Philly tries this out.

Guest

Philly,

Did you have an opportunity to look at the link provided by marsimar?

The windows security center service can't be started. - Microsoft Answers


Incidentally, you are receiving some support from what I refer to as the big guns. These guys, and girls, should blow your virus sky high.

Guest

ok for some reason, malwarebytes just found a virus that it hadnt found before so i deleted it and rebooted the system and now the security center and MSE starts up fine now . One thing though, im still getting that error when i run the sfc scan

Golden

Hi Philly,

Great news there on the malware front. Keep MalwareBytes updated, and do some manual scans with that occasionally - it compliments MSE very nicely.

Regarding the sfc issue, did you try the link that Capt. Jack posted in Post # 25 above?

Regards,
Golden



phillywells

hmm, when i run the .msu file, it says the update isnt applicable to my computer.

karlsnooks

Please run SFC /SCANNOW afresh. If you do not get a message about all files being verified, then reboot and run sfc /scannow again. If you do not get a msg about all files being verified, then:

REBOOT.

Boot up into safe mode.

run CMD.exe as administrator.

Navigate to \windows\logs\cbs

Enter following:
findstr c:/"[SR]" CBS.LOG > sfcdetails.txt

Attach the sfcdetails.txt to your next post.

Jacee

Quote�� Quote: Originally Posted by phillywells View Post
hmm, when i run the .msu file, it says the update isnt applicable to my computer.

Hello there!

I would also suggest one more tip. Follow this article Extract Files from Windows 7 Installation DVD and replace that files from the installation DVD. That might work.

karlsnooks

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now tell us if you're still getting errors, infections, redirected and hanging apps.

phillywells

any reason for such a small timeout value?
any reason for the del %0%?

karlsnooks

ok guys i replaced the autochk.exe using the installation dvd and it works fine, but sfc is still reporting an error. I want to post it on here, but when i typed in "findstr c:/"[SR]" CBS.LOG > sfcdetails.txt" it said Cannot open CBS.LOG

phillywells

philly,
Read this carefully and all will be well.



System File Checker � SFC

System File Checker checks system files and restores them if possible.

To run System File Checker:
WIN | type CMD.EXE | do NOT hit Enter| CTRL + SHIFT + ENTER key combo | YES button
WIN is the key with the Microsoft flag on top.

Enter SFC /SCANNOW
When System File Checker finishes, if all went well, you will see:
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

Otherwise, you will see:
---Help me out here guys and gals�my system is ok. Need sample

If all did not go well:
RESTART your computer
Run sfc /scannow again
If all did not go will, then
Use the findstr command to view the results.

VIEW THE RESULTS
Reboot your computer.
Immediately start tapping the SPACEBAR
When the Windows Boot Manager screen appears, Press the F8 key
In the Advanced Boot Options screen, highlight Safe Mode and press the ENTER key.
WIN | type CMD.EXE | do NOT hit Enter |
right-click on cmd.exe in the list above |
select Run as administrator
WIN is the key with the Microsoft flag on top.
Enter CD /D %windir%\cbs\logs
Enter Findstr /c:"[SR]" cbs.log > sfcdetails.txt
If sfcdetails.txt has a size of 0, you made a typo.
Enter Notepad sfcdetail.txt
Go to the end (Ctrl + End)
Cannot repair member file indicates a problematic file



Attach the sfcdetails.txt file to your next post.

karlsnooks

did that, but when i got to enter CD /D %windir%\cbs\logs it says the system cant find the path specified.

Guest

then do it again.

You made a typo.

Of course, you can do it piece-wise.

cd /d %windir%
cd .\logs
cd .\cbs

notice the period before the back-slash.

Be sure to run cmd.exe as an administrator.

karlsnooks

philly,

from my computer:


D:\>cd /d %windir%

C:\Windows>cd .\logs

C:\Windows\Logs>cd .\cbs

C:\Windows\Logs\CBS>



phillywells

please quote exactly how it should be because something is still not right for im still getting that error.

phillywells

Hello there!

In this article follow the option 3 SFC /SCANNOW Command - System File Checker

phillywells

ok i got how to do it from that article . it still says that theres something wrong with the autochk.exe even though it now checks the drive for errors since i replaced it.

marsmimar

guys? i still want this fixed. Anymore help would be great.

Guest

I went through the log you provided and saw a few things that need fixing. I just don't feel confident enough in my own abilities to tell someone else what to do. So my recommendation is to not try to fix individual system file problems manually, but to do a Repair Install. This should fix your currently installed Windows 7 and preserve your user accounts, data, programs, system drivers, etc.

Repair Install
Người đăng: vào lúc Không có nhận xét nào: