Help me remove microsoft security essentials fake allert,,,thinkpoint

View previous topic View next topic Go down

Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:35 am

I need help my computer is infected with some kind of fake warning. it says thinkpoint and microsoft security essentials. It has me completly locked out os addministrater and wont let me run anything to help from guest. my administrater one has no icons and just the pop ups on it. I dont know what to do, i dont even understand safemode

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:45 am

[code]
OTS logfile created on: 11/10/2010 7:38:18 PM - Run (Non-Administrative account!)
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.86 Gb Free Space | 70.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1FNS3G1
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
bootstreamprop.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\bootstreamprop.exe -> [2010/10/14 07:19:25 | 000,155,648 | ---- | M] ()
stopzilla.exe -> C:\Program Files\STOPzilla!\STOPzilla.exe -> [2010/09/10 15:11:48 | 000,177,616 | R--- | M] (iS3, Inc.)
scserver.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe -> [2010/05/14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation)
mswinext.exe -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
brmfcwnd.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
brmfcmon.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe -> [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
winhook.dll -> C:\Program Files\Avanquest\Fix-It\WinHook.dll -> [2008/08/22 12:53:28 | 000,028,672 | ---- | M] (Avanquest North America, Inc.)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:46 am

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"CustomSearch" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultURL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: URLSearchHooks\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1411.0\FIREFOX] -> [2010/03/21 12:45:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2010/08/23 02:02:32 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/13 10:52:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/08/01 13:39:30 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/08/31 13:04:37 | 000,000,000 | ---D | M]
No name found -> C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008/09/07 10:58:52 | 000,000,000 | ---D | M]
QuestDns -> C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} -> [2010/08/01 13:39:37 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/10/14 21:32:53 | 000,000,000 | ---- | M] - 0 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31c7d459-9cc3-44f2-9dca-fc11795309b4} [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 000,192,512 | R--- | M] ()
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 10:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [Bing Bar BHO] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"Bing Bar" -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe ["C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe"] -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
"bootstreamprop.exe" -> C:\Documents and Settings\All Users\Start Menu\Programs\bootstreamprop.exe ["C:\Documents and Settings\All Users\Start Menu\Programs\bootstreamprop.exe"] -> [2010/10/14 07:19:25 | 000,155,648 | ---- | M] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/04/06 21:41:44 | 008,466,432 | ---- | M] (NVIDIA Corporation)
"VirusScannerPro" -> C:\Program Files\Avanquest\Fix-It\MemCheck.exe [C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe] -> [2008/08/26 16:14:40 | 000,173,312 | ---- | M] (Avanquest North America, Inc.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"*bootstreamprop.exe" -> C:\Documents and Settings\All Users\Start Menu\Programs\bootstreamprop.exe ["C:\Documents and Settings\All Users\Start Menu\Programs\bootstreamprop.exe"] -> [2010/10/14 07:19:25 | 000,155,648 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2010/03/21 12:13:32 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoCDBurning" -> [0] -> File not found
\"HonorAutoRunSetting" -> [1] -> File not found
\"NoDriveAutoRun" -> [67108863] -> File not found
\"NoDriveTypeAutoRun" -> [323] -> File not found
\"NoDrives" -> [0] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
\"NoPopUpsOnBoot" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> [You must be registered and logged in to see this link.] [SpinTop DRM Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Genuine Advantage Validation Tool] ->
{1A1F56AA-3401-46F9-B277-D57F3421F821} [HKLM] -> [You must be registered and logged in to see this link.] [FunGamesLoader Object] ->
{1D082E71-DF20-4AAF-863B-596428C49874} [HKLM] -> [You must be registered and logged in to see this link.] [TPIR Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> [You must be registered and logged in to see this link.] [Shockwave ActiveX Control] ->
{2C153C75-8476-434B-B3C3-57B63A3D1939} [HKLM] -> [You must be registered and logged in to see this link.] [Brickout Control] ->
{352797A0-EFD0-4FA6-B229-145120EA4B8A} [HKLM] -> [You must be registered and logged in to see this link.] [Walt Disney Internet Group Hardware Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [You must be registered and logged in to see this link.] [BDSCANONLINE Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Live Safety Center Base Module] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> [You must be registered and logged in to see this link.] [Wwlaunch Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [HKLM] -> [You must be registered and logged in to see this link.] [WoF Control] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [HKLM] -> [You must be registered and logged in to see this link.] [SABScanProcesses Class] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [You must be registered and logged in to see this link.] [a-squared Scanner] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> [You must be registered and logged in to see this link.] [F-Secure Online Scanner 3.3] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> [You must be registered and logged in to see this link.] [FamilyFeud Control] ->
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} [HKLM] -> [You must be registered and logged in to see this link.] [Oberon Flash Game Host] ->
{D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> [You must be registered and logged in to see this link.] [Imikimi_activex_plugin Control] ->
{E6BB2089-163F-466B-812A-748096614DFD} [HKLM] -> [You must be registered and logged in to see this link.] [CAScanner Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B1C8C0E-2B77-4468-8506-C88852B5004C}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 11:05:34 | 000,356,352 | ---- | M] (SUPERAntiSpyware.com)
TPSvc -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> Reg Error: Key error. [Microsoft AntiMalware ShellExecuteHook] -> File not found
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [SpywareGuard] -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 17:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 16:34:06 | 000,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2009/01/19 20:46:03 | 000,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" -> C:\Program Files\iWin Games\iWinGames.exe [C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.] -> [2009/09/02 12:30:16 | 001,657,112 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\iWinTrusted.exe" -> C:\Program Files\iWin Games\iWinTrusted.exe [C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted] -> [2009/09/02 12:30:28 | 000,078,104 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" -> C:\Program Files\iWin Games\WebUpdater.exe [C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.] -> [2009/09/02 12:30:22 | 000,082,200 | ---- | M] ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/11/30 08:27:50 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:46 am

com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/10 19:39:01 | 000,000,374 | -H-- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/10 19:37:00 | 000,000,424 | -H-- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/10 19:37:00 | 000,000,422 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/10 19:36:00 | 000,000,406 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/10 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/10 17:17:00 | 000,000,406 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/10 17:01:00 | 000,000,236 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/10 16:57:00 | 000,000,886 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/10 16:54:00 | 000,000,416 | ---- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/10 16:53:00 | 000,000,562 | -H-- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/10 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/10 16:17:00 | 000,000,406 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/10 15:54:00 | 000,000,416 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/10 15:51:39 | 000,000,882 | ---- | M] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/10 15:51:09 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 15:51:07 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 15:51:05 | 2078,789,632 | -HS- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/10 08:38:06 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/09 20:17:52 | 000,000,258 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/09 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/09 13:17:00 | 000,000,406 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/09 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/09 12:17:00 | 000,000,406 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/10/14 21:32:53 | 000,000,000 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/10/14 07:19:25 | 000,000,127 | ---- | M] ()
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,127 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:49 am

com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/10 19:39:01 | 000,000,374 | -H-- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/10 19:37:00 | 000,000,424 | -H-- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/10 19:37:00 | 000,000,422 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/10 19:36:00 | 000,000,406 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/10 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/10 17:17:00 | 000,000,406 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/10 17:01:00 | 000,000,236 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/10 16:57:00 | 000,000,886 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/10 16:54:00 | 000,000,416 | ---- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/10 16:53:00 | 000,000,562 | -H-- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/10 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/10 16:17:00 | 000,000,406 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/10 15:54:00 | 000,000,416 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/10 15:51:39 | 000,000,882 | ---- | M] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/10 15:51:09 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 15:51:07 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 15:51:05 | 2078,789,632 | -HS- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/10 08:38:06 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/09 20:17:52 | 000,000,258 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/09 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/09 13:17:00 | 000,000,406 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/09 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/09 12:17:00 | 000,000,406 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/10/14 21:32:53 | 000,000,000 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/10/14 07:19:25 | 000,000,127 | ---- | M] ()
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,127 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:50 am

com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/10 19:39:01 | 000,000,374 | -H-- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/10 19:37:00 | 000,000,424 | -H-- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/10 19:37:00 | 000,000,422 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/10 19:36:00 | 000,000,406 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/10 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/10 17:17:00 | 000,000,406 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/10 17:01:00 | 000,000,236 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/10 16:57:00 | 000,000,886 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/10 16:54:00 | 000,000,416 | ---- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/10 16:53:00 | 000,000,562 | -H-- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/10 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/10 16:17:00 | 000,000,406 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/10 15:54:00 | 000,000,416 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/10 15:51:39 | 000,000,882 | ---- | M] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/10 15:51:09 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 15:51:07 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 15:51:05 | 2078,789,632 | -HS- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/10 08:38:06 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/09 20:17:52 | 000,000,258 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/09 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/09 13:17:00 | 000,000,406 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/09 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/09 12:17:00 | 000,000,406 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/10/14 21:32:53 | 000,000,000 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/10/14 07:19:25 | 000,000,127 | ---- | M] ()
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,127 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Thu Nov 11, 2010 1:51 am

com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/10 19:39:01 | 000,000,374 | -H-- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/10 19:37:00 | 000,000,424 | -H-- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/10 19:37:00 | 000,000,422 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/10 19:36:00 | 000,000,406 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/10 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/10 17:17:00 | 000,000,406 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/10 17:01:00 | 000,000,236 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/10 16:57:00 | 000,000,886 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/10 16:54:00 | 000,000,416 | ---- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/10 16:53:00 | 000,000,562 | -H-- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/10 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/10 16:17:00 | 000,000,406 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/10 15:54:00 | 000,000,416 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/10 15:51:39 | 000,000,882 | ---- | M] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/10 15:51:09 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 15:51:07 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 15:51:05 | 2078,789,632 | -HS- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/10 08:38:06 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/09 20:17:52 | 000,000,258 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/09 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/09 13:17:00 | 000,000,406 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/09 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/09 12:17:00 | 000,000,406 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/10/14 21:32:53 | 000,000,000 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/10/14 07:19:25 | 000,000,127 | ---- | M] ()
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/10/11 20:31:47 | 000,000,406 | ---- | C] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/10/11 20:31:46 | 000,000,406 | ---- | C] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/10/11 20:31:45 | 000,000,406 | ---- | C] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/10/11 20:31:44 | 000,000,406 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,127 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by Belahzur on Fri Nov 12, 2010 12:17 am

Hello.
Don't use OTS, please run OTL.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Fri Nov 12, 2010 12:38 am

[code]
OTS logfile created on: 11/11/2010 7:29:59 PM - Run (Non-Administrative account!)
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.68 Gb Free Space | 70.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1FNS3G1
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
stopzilla.exe -> C:\Program Files\STOPzilla!\STOPzilla.exe -> [2010/09/10 15:11:48 | 000,177,616 | R--- | M] (iS3, Inc.)
mswinext.exe -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
brmfcwnd.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
brmfcmon.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe -> [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
winhook.dll -> C:\Program Files\Avanquest\Fix-It\WinHook.dll -> [2008/08/22 12:53:28 | 000,028,672 | ---- | M] (Avanquest North America, Inc.)
sasseh.dll -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
sxs.dll -> C:\WINDOWS\system32\sxs.dll -> [2008/04/13 19:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation)
msvbvm60.dll -> C:\WINDOWS\system32\msvbvm60.dll -> [2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
spywareguard.dll -> C:\Program Files\SpywareGuard\spywareguard.dll -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()

[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"CustomSearch" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultURL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: URLSearchHooks\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1411.0\FIREFOX] -> [2010/03/21 12:45:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2010/08/23 02:02:32 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/13 10:52:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/08/01 13:39:30 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/08/31 13:04:37 | 000,000,000 | ---D | M]
No name found -> C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008/09/07 10:58:52 | 000,000,000 | ---D | M]
QuestDns -> C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} -> [2010/08/01 13:39:37 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/11 11:43:33 | 000,000,822 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31c7d459-9cc3-44f2-9dca-fc11795309b4} [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 000,192,512 | R--- | M] ()
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 10:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [Bing Bar BHO] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"Bing Bar" -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe ["C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe"] -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/04/06 21:41:44 | 008,466,432 | ---- | M] (NVIDIA Corporation)
"VirusScannerPro" -> C:\Program Files\Avanquest\Fix-It\MemCheck.exe [C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe] -> [2008/08/26 16:14:40 | 000,173,312 | ---- | M] (Avanquest North America, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2010/03/21 12:13:32 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoCDBurning" -> [0] -> File not found
\"HonorAutoRunSetting" -> [1] -> File not found
\"NoDriveAutoRun" -> [67108863] -> File not found
\"NoDriveTypeAutoRun" -> [323] -> File not found
\"NoDrives" -> [0] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
\"NoPopUpsOnBoot" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> [You must be registered and logged in to see this link.] [SpinTop DRM Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Genuine Advantage Validation Tool] ->
{1A1F56AA-3401-46F9-B277-D57F3421F821} [HKLM] -> [You must be registered and logged in to see this link.] [FunGamesLoader Object] ->
{1D082E71-DF20-4AAF-863B-596428C49874} [HKLM] -> [You must be registered and logged in to see this link.] [TPIR Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> [You must be registered and logged in to see this link.] [Shockwave ActiveX Control] ->
{2C153C75-8476-434B-B3C3-57B63A3D1939} [HKLM] -> [You must be registered and logged in to see this link.] [Brickout Control] ->
{352797A0-EFD0-4FA6-B229-145120EA4B8A} [HKLM] -> [You must be registered and logged in to see this link.] [Walt Disney Internet Group Hardware Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [You must be registered and logged in to see this link.] [BDSCANONLINE Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Live Safety Center Base Module] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> [You must be registered and logged in to see this link.] [Wwlaunch Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [HKLM] -> [You must be registered and logged in to see this link.] [WoF Control] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [HKLM] -> [You must be registered and logged in to see this link.] [SABScanProcesses Class] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [You must be registered and logged in to see this link.] [a-squared Scanner] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> [You must be registered and logged in to see this link.] [F-Secure Online Scanner 3.3] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> [You must be registered and logged in to see this link.] [FamilyFeud Control] ->
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} [HKLM] -> [You must be registered and logged in to see this link.] [Oberon Flash Game Host] ->
{D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> [You must be registered and logged in to see this link.] [Imikimi_activex_plugin Control] ->
{E6BB2089-163F-466B-812A-748096614DFD} [HKLM] -> [You must be registered and logged in to see this link.] [CAScanner Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B1C8C0E-2B77-4468-8506-C88852B5004C}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 11:05:34 | 000,356,352 | ---- | M] (SUPERAntiSpyware.com)
TPSvc -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> Reg Error: Key error. [Microsoft AntiMalware ShellExecuteHook] -> File not found
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [SpywareGuard] -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 17:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 16:34:06 | 000,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2009/01/19 20:46:03 | 000,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" -> C:\Program Files\iWin Games\iWinGames.exe [C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.] -> [2009/09/02 12:30:16 | 001,657,112 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\iWinTrusted.exe" -> C:\Program Files\iWin Games\iWinTrusted.exe [C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted] -> [2009/09/02 12:30:28 | 000,078,104 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" -> C:\Program Files\iWin Games\WebUpdater.exe [C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.] -> [2009/09/02 12:30:22 | 000,082,200 | ---- | M] ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/11/30 08:27:50 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\"FirstRunDisabled" -> [1] -> File not found
\"AntiVirusDisableNotify" -> [0] -> File not found
\"FirewallDisableNotify" -> [0] -> File not found
\"AntiVirusOverride" -> [1] -> File not found
\"FirewallOverride" -> [0] -> File not found
\"UpdatesDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
\Monitoring\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
< System Restore User Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore ->
"DisableSR" -> 0 ->
< System Restore File Filter Service > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr ->
"Start" -> 0 ->
< System Restore Service > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService ->
"Start" -> 2 ->
< Windows Firewall Group Policy Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
< Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\"EnableFirewall" -> [1] -> File not found
\"DoNotAllowExceptions" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Windows StandardProfile GloballyOpenPorts Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
\"8097:TCP" -> [8097:TCP:*:Enabled:EarthLink UHP Modem Support] -> File not found
\"1900:UDP" -> [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
\"2869:TCP" -> [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{03EDED24-8375-407D-A721-4643D9768BE1} -> kgchlwn
{06E6E30D-B498-442F-A943-07DE41D7F785} -> Microsoft Search Enhancement Pack
{073F22CE-9A5B-4A40-A604-C7270AC6BF34} -> ESSSONIC
{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
{08234a0d-cf39-4dca-99f0-0c5cb496da81} -> Bing Bar
{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} -> Windows Live ID Sign-in Assistant
{0996C331-6DCB-4E38-A3EC-0A77ABAE1361} -> Help_CTR
{10369D78-70C4-4C83-BAC7-40F94CAA8B76} -> Righteous Kill
{11F3F858-4131-4FFA-A560-3FE282933B6E} -> kgchday
{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} -> ESSPCD
{15A160C8-124E-481F-BBBB-66218A95F6E1} -> Ancient Mysteries
{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{205A0423-A2FF-473A-92E7-9A5F645225F1} -> Blood Ties
{21BB2D6D-8ED8-47DC-8146-48104DDE3262} -> Super Granny 4
{2A97D5B3-A989-47E1-B207-1CA9E3635655} -> aioprnt
{2BC2781A-F7F6-452E-95EB-018A522F1B2C} -> PaperPort Image Printer
{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} -> essvatgt
{2DF9155C-AA79-4AB3-95FE-549AC9EB993E} -> Slingo Quest
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{326957C7-83FD-4550-A59A-849B7B4297DE} -> Microsoft Easy Assist v2
{334713BA-B8E7-4A60-988C-4110753A191E} -> ArcSoft Magic-i Visual Effects 2
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{36FED898-68B7-4A00-824F-EB2136E17D6A} -> Barbie(R) idesign(TM) Ultimate Stylist(TM)
{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327} -> Brother MFL-Pro Suite MFC-290C
{3BED0238-3A25-41AE-BC23-316914B5B048} -> aioocr
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting
{428102E6-8A39-48B9-8389-847F5A44A600} -> MSXML 4.0
{42938595-0D83-404D-9F73-F8177FDD531A} -> ESScore
{4537EA4B-F603-4181-89FB-2953FC695AB1} -> netbrdg
{475C7AB4-763E-49DC-9CFC-154FFB2B745D} -> Snowy: The Bears Adventures
{503C539A-8572-4D92-A406-2EE67EBD2D26} -> Big City Adventure: Sydney Australia
{510E4BCD-286B-40F0-8DB9-D02269EA144E} -> G.H.O.S.T. Hunters: The Haunting of Majesty Manor
{5158974E-2D28-4018-9335-7694C2974746} -> Fix-It Utilities 8 Professional
{51C91B84-7B46-4FE7-8999-8228CFA75F89} -> Intel(R) Integrated Performance Primitives RTI 4.0
{51E2559D-F321-4B7A-81BE-0E7C168A4680}_is1 -> Double Solitaire 2.00
{52F5FBEC-F064-4766-A5AC-E3B136CD8887} -> Rainbow Mystery
{5316DFC9-CE99-4458-9AB3-E8726EDE0210} -> skin0001
{54B87119-DBC4-4663-8E25-57384D1FF1EE} -> Treasure Masters
{54BB0384-1C33-488F-A95B-877E480D3EDC} -> MSXML 4.0
{605A4E39-613C-4A12-B56F-DEFBE6757237} -> SHASTA
{643EAE81-920C-4931-9F0B-4B343B225CA6} -> ESSBrwr
{645120D3-6592-4190-9D9D-4E769B8D4DD8} -> Discovery
{647AC9E7-F65F-45B6-ADB1-17786D222247} -> STOPzilla
{65D85050-5610-4A91-A3B1-D5C744291AD4} -> PCDADDIN
{66F6BC8B-22E0-4B67-A103-7AE3620B8281} -> Fashion Apprentice
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{693C08A7-9E76-43FF-B11E-9A58175474C4} -> kgckids
{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6} -> ArcSoft WebCam Companion 3
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{73F1681F-ADE1-461F-9F18-B7640507D395} -> ksdip
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{791E3D44-33D3-4446-82AD-5CD4B0169083} -> aiofw
{79E41D91-BA1C-44B9-9358-48E598263ECF} -> center
{7A8FF745-BBC5-482B-88E4-18D3178249A9} -> ScanSoft PaperPort 11
{8168D841-C358-4F9B-B92E-EAE9EB715A74} -> Bing Bar Platform
{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115459780} -> Mystery of Unicorn Castle
{843081BD-351F-46FC-8A17-517A0D9117A3} -> helptut
{87AC3F0D-3FA2-4B93-8D06-DF8B86860B57} -> TriJinx
{8943CE61-53BD-475E-90E1-A580869E98A2} -> staticcr
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A502E38-29C9-49FA-BCFA-D727CA062589} -> ESSTOOLS
{8A8664E1-84C8-4936-891C-BC1F07797549} -> kgcvday
{8B8ECEEB-8EDE-40A7-8FB9-E01D822A0573} -> Neverland
{8E92D746-CD9F-4B90-9668-42B74C14F765} -> ESSini
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{91517631-A9F3-4B7C-B482-43E0068FD55A} -> ESSgui
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} -> QuickTime
{999D43F4-9709-4887-9B1A-83EBB15A8370} -> VPRINTOL
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9BD54685-1496-46A5-AB62-357CD140ED8B} -> kgcinvt
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender
{A1588373-1D86-4D44-86C9-78ABD190F9CC} -> kgcmove
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{A9A77305-6CC1-43EC-8A72-4E88A364C38C} -> The Lost Cases of Sherlock Holmes
{AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8
{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} -> ESSCDBK
{B0C0F5E6-10B1-11D6-9296-0050BA073EEC} -> Presto! VideoWorks 6
{B0DF58A2-40DF-4465-AA56-38623EC9938C} -> Documentation & Support Launcher
{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} -> OfotoXMI
{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} -> CCScore
{B6884A07-0305-47AE-9969-8F26FADC17DE} -> Games, Music, & Photos Launcher
{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120} -> Microsoft Default Manager
{C0251585-1BE8-4278-B3CB-964B6E01C59D} -> aioscnnr
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C252EB7B-7AE0-46DE-9BEE-DF681B885F13} -> Modem Diagnostic Tool
{C99DCDA4-7407-4F72-A77E-C81C551D0C4E} -> PCDHELP
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D32470A1-B10C-4059-BA53-CF0486F68EBC} -> KODAK All-in-One Printer Software
{D77654AA-8AEC-45F4-8CF7-2ACCD615B294} -> Finders Keepers
{D8262480-2A04-407C-B2F7-1439B789C349} -> Print Artist Express
{D89C4390-238E-47A1-A9C7-07F2F6544BA0} -> DXG-518
{D92980F6-3405-4524-B4B8-A6874AA730A4} -> Big City Adventure: San Francisco
{DB02F716-6275-42E9-B8D2-83BA2BF5100B} -> SFR
{DC626A21-EDF1-40C7-8F2F-D2BA7535529F} -> helpug
{E18B549C-5D15-45DA-8D8F-8FD2BD946344} -> kgcbaby
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> Adobe Download Manager
{E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center
{E42BD75A-FC23-4E3F-9F91-2658334C644F} -> Internet Service Offers Launcher
{E6FF00EE-B79C-44F7-BB97-FA7FD8D94E62} -> Dancing with the Stars
{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} -> tooltips
{ENS31293-4DD5-81C6-1155-624AC34560083}_is1 -> Autumn Tree
{F0C8BC0A-B0E7-4F39-848C-C5B06021B702} -> Hidden Mysteries - White House
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} -> kgcbase
{F2A64101-DAB6-40AE-B4B3-18820F469421} -> Pirate Island
{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} -> SKINXSDK
{F6B2ED65-7378-4065-802D-F2E5689F3A4E} -> Photo Viewer
{F9593CFB-D836-49BC-BFF1-0E669A411D9F} -> WIRELESS
123 Free Solitaire_is1 -> 123 Free Solitaire 2008 v6.0
3D Falling Leaves Animated Wallpaper -> 3D Falling Leaves Animated Wallpaper
3D Frog Frenzy -> 3D Frog Frenzy
3D Snowy Cottage Animated Wallpaper -> 3D Snowy Cottage Animated Wallpaper
Adobe Shockwave Player -> Adobe Shockwave Player 11.5
Advanced SystemCare 3_is1 -> Advanced SystemCare 3
Amazing Adventures The Caribbean Secret -> Amazing Adventures The Caribbean Secret

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Fri Nov 12, 2010 12:39 am

Amazing Heists: Dillinger -> Amazing Heists: Dillinger (remove only)
am-leeloostalentagency -> Leeloo's Talent Agency
Annabel -> Annabel (remove only)
AOL YGP Screensaver -> AOL You've Got Pictures Screensaver
AolCoach2_en -> AOL Coach Version 2.0(Build:20041026.5 en)
AVS Video Editor 4_is1 -> AVS Video Editor 4 4.2.1.166
AVS Video Recorder_is1 -> AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader 2.1_is1 -> AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator_is1 -> AVS4YOU Software Navigator 1.3
Barbie(TM) as Rapunzel -> Barbie(TM) as Rapunzel
BCDP9_is1 -> Business Card Designer Plus 9.5.0.0
cayahooantispy -> CA Yahoo! Anti-Spy (remove only)
CleanUp! -> CleanUp!
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows4.0 -> Coupon Printer for Windows
Cradle of Rome -> Cradle of Rome (remove only)
Diamond Drop 2 (CD version) -> Diamond Drop 2 (CD version)
embarqtoolbar -> Embarq Toolbar
Falling leaves Wallpaper -> Falling leaves Wallpaper
Family Feud Dream Home -> Family Feud Dream Home (remove only)
Feeding Frenzy 2 Deluxe 1.0 -> Feeding Frenzy 2 Deluxe 1.0
Freeze Wallpaper -> Freeze Wallpaper
FunPhotor_is1 -> FunPhotor 5.0
GameHouse -> GameHouse
Gemini Lost Deluxe -> Gemini Lost Deluxe
Heroes of Hellas -> Heroes of Hellas (remove only)
Hide and Secret -> Hide and Secret
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie8 -> Windows Internet Explorer 8
Imikimi Plugin -> Imikimi Plugin
InterActual Player -> InterActual Player
Interpol 2: Most Wanted -> Interpol 2: Most Wanted (remove only)
IObitCom Toolbar -> IObitCom Toolbar
iWinArcade -> iWin Games (remove only)
Jewel Quest II -> Jewel Quest II (remove only)
Jewel Quest Online Party -> Jewel Quest Online Party (remove only)
Jewel Quest Solitaire Deluxe -> Jewel Quest Solitaire Deluxe
JL2005A Camera_is1 -> Uninstall JL2005A Camera
Little Shop: Memories -> Little Shop: Memories (remove only)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Marooned -> Marooned
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
MostFun.com Games - Big City Adventure: San Francisco -> MostFun.com Games - Big City Adventure: San Francisco (remove only)
MostFun.com Games - Big City Adventure: Sydney Australia -> MostFun.com Games - Big City Adventure: Sydney Australia (remove only)
MostFun.com Games - Fashion Apprentice -> MostFun.com Games - Fashion Apprentice (remove only)
MostFun.com Games - Finders Keepers -> MostFun.com Games - Finders Keepers (remove only)
MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor -> MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor (remove only)
MostFun.com Games - Neverland -> MostFun.com Games - Neverland (remove only)
MostFun.com Games - Pirate Island -> MostFun.com Games - Pirate Island (remove only)
MostFun.com Games - Rainbow Mystery -> MostFun.com Games - Rainbow Mystery (remove only)
MostFun.com Games - Righteous Kill -> MostFun.com Games - Righteous Kill (remove only)
MostFun.com Games - Slingo Quest -> MostFun.com Games - Slingo Quest (remove only)
MostFun.com Games - Snowy: The Bears Adventures -> MostFun.com Games - Snowy: The Bears Adventures (remove only)
MostFun.com Games - Super Granny 4 -> MostFun.com Games - Super Granny 4 (remove only)
MostFun.com Games - The Lost Cases of Sherlock Holmes -> MostFun.com Games - The Lost Cases of Sherlock Holmes (remove only)
Mozilla Firefox (3.5.5) -> Mozilla Firefox (3.5.5)
MSNINST -> MSN
Mystery Solitaire -> Mystery Solitaire: Secret Island (remove only)
Mystic Emporium Deluxe -> Mystic Emporium Deluxe
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NSS -> Norton Security Scan
NVIDIA Drivers -> NVIDIA Drivers
PakMan 2008_is1 -> PakMan 2008
Peggle Nights Deluxe -> Peggle Nights Deluxe
Plants vs. Zombies -> Plants vs. Zombies
Playsushi -> Playsushi
Pop-Up Stopper Free Edition -> Pop-Up Stopper Free Edition
Princess Isabella - A Witchs Curse -> Princess Isabella - A Witchs Curse (remove only)
RealArcade -> RealArcade
RealPlayer 6.0 -> RealPlayer Basic
Registry Mechanic_is1 -> Registry Mechanic 10.0
Safari Island Deluxe -> Safari Island Deluxe
Scooby-Doo(TM), Case File #1 The Glowing Bug Man -> Scooby-Doo(TM), Case File #1 The Glowing Bug Man
Spyware Doctor -> Spyware Doctor 6.1
SpywareGuard_is1 -> SpywareGuard v2.2
Super Granny 5 -> Super Granny 5 (remove only)
Supermarket Mania -> Supermarket Mania
The Treasures of Mystery Island -> The Treasures of Mystery Island
The Treasures Of Mystery Island_is1 -> The Treasures Of Mystery Island
Total 3D Home -> Total 3D Home
UnityWebPlayer -> Unity Web Player
ViewpointMediaPlayer -> Viewpoint Media Player
VIVAGplayer -> VIVA MEDIA GAME CENTER
Wedding Dash 4-Ever -> Wedding Dash 4-Ever (remove only)
Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
Yahoo! Messenger -> Yahoo! Messenger
Yahoo! Search Defender -> Yahoo! Search Protection
Yahoo! Software Update -> Yahoo! Software Update
Zuma's Revenge! -> Zuma's Revenge!
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error: Unable to start EventLog service!

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/11 19:30:33 | 000,000,374 | -H-- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/11 19:30:00 | 000,000,424 | -H-- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/11 19:26:59 | 000,000,422 | -H-- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/11 19:17:00 | 000,000,406 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/11 19:01:00 | 000,000,236 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/11 19:00:00 | 000,000,258 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/11 18:57:00 | 000,000,886 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/11 18:54:00 | 000,000,416 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/11 18:36:00 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/11 18:17:00 | 000,000,406 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/11 17:54:00 | 000,000,416 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/11 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/11 17:17:00 | 000,000,406 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/11 16:54:00 | 000,000,416 | ---- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/11 16:53:02 | 000,000,562 | -H-- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/11 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/11 16:17:00 | 000,000,406 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/11 13:54:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/11 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/11 13:17:00 | 000,000,406 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/11 12:54:00 | 000,000,416 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/11 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/11 12:17:00 | 000,000,406 | ---- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/11 11:54:00 | 000,000,416 | ---- | M] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 11:43:39 | 000,000,248 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/11/11 11:43:33 | 000,000,822 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/11/11 11:43:33 | 000,000,197 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/10 22:17:00 | 000,000,406 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/10 21:54:00 | 000,000,416 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/10 21:36:00 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/10 21:17:00 | 000,000,406 | ---- | M] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/10 20:54:00 | 000,000,416 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/10 20:36:00 | 000,000,406 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/10 20:19:08 | 000,000,882 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/10 20:19:05 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 20:19:03 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:19:01 | 2078,789,632 | -HS- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/10 20:16:56 | 000,000,416 | ---- | M] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/10 20:16:56 | 000,000,416 | ---- | M] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/10 20:16:56 | 000,000,406 | ---- | M] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:40 | 003,902,849 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/10 15:51:09 | 000,000,406 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/10 08:38:06 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 11:43:39 | 000,000,248 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:16:47 | 2078,789,632 | -HS- | C] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:28 | 003,902,849 | ---- | C] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,197 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()
maxlink.ini -> C:\WINDOWS\maxlink.ini -> [2009/05/10 10:36:38 | 000,031,567 | ---- | C] ()
sqlite3.dll -> C:\WINDOWS\System32\sqlite3.dll -> [2009/05/01 20:30:55 | 000,223,232 | ---- | C] ()
SQLiteWrapper.dll -> C:\WINDOWS\System32\SQLiteWrapper.dll -> [2009/05/01 20:30:55 | 000,086,016 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2009/03/22 21:13:51 | 000,001,755 | ---- | C] ()
bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2009/01/05 14:44:10 | 000,000,453 | ---- | C] ()
PRNTCARD.INI -> C:\WINDOWS\PRNTCARD.INI -> [2008/12/26 10:48:44 | 000,000,045 | ---- | C] ()
Game.INI -> C:\WINDOWS\Game.INI -> [2008/11/05 14:48:17 | 000,000,000 | ---- | C] ()
iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2008/10/08 21:33:51 | 000,000,000 | ---- | C] ()
ka.ini -> C:\WINDOWS\ka.ini -> [2008/10/04 20:12:48 | 000,000,092 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2008/09/20 15:03:00 | 000,000,253 | ---- | C] ()
SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2008/09/20 14:58:45 | 000,000,000 | ---- | C] ()
st_affiliate.ini -> C:\WINDOWS\st_affiliate.ini -> [2008/08/21 21:24:09 | 000,000,071 | ---- | C] ()
iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2008/07/31 17:17:07 | 000,000,042 | ---- | C] ()
EKDeviceServices.dll -> C:\WINDOWS\System32\EKDeviceServices.dll -> [2008/07/28 16:45:27 | 000,012,800 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/07/24 20:50:27 | 000,000,002 | ---- | C] ()
Nsvideo.dll -> C:\WINDOWS\System32\Nsvideo.dll -> [2008/07/20 15:33:02 | 000,122,880 | ---- | C] ()
IPPCPUID.DLL -> C:\WINDOWS\System32\IPPCPUID.DLL -> [2008/07/20 15:32:07 | 000,040,960 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/04/18 23:54:05 | 000,000,061 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/04/18 23:21:18 | 001,703,936 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/04/18 23:21:18 | 001,019,904 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/04/18 23:21:17 | 000,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2008/04/18 23:21:17 | 000,286,720 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/04/18 23:21:16 | 001,478,656 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2008/04/18 23:19:55 | 000,001,119 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2002/03/13 15:46:46 | 000,053,248 | R--- | C] ()
sysgtime.dll -> C:\WINDOWS\sysgtime.dll -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()
proclsvr.drv -> C:\WINDOWS\System32\proclsvr.drv -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5BE85F6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DE1FF38
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:043E24E7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C80C7DFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7624E8B8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8085D0B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C434694E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FB71C37
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03F0A612
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C81E3C9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18186C66
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DED4A5E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0506F89A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A385C726
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BEAD68C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4B5B2D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88240B04
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CC31E0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FFBB703
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08E8B73D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7A916
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FF59BCE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51284D0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3757C473
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2611698
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECD2924
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:929C5AFE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EBFA1FD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF079216
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6763F46
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702A8B3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A217D1B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA4BC92
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65521523
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1020F9B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B23CB4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBB82A4E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE22ABA0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6C15BD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14DFF9B1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A146077
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA29F37
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DAB5A8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C778DFA3
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C0059D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B0DDFD
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C2F1C3C
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C404520E
< End of report >
[/code]

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Fri Nov 12, 2010 12:40 am

code]
OTS logfile created on: 11/11/2010 7:29:59 PM - Run (Non-Administrative account!)
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.68 Gb Free Space | 70.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1FNS3G1
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
stopzilla.exe -> C:\Program Files\STOPzilla!\STOPzilla.exe -> [2010/09/10 15:11:48 | 000,177,616 | R--- | M] (iS3, Inc.)
mswinext.exe -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
brmfcwnd.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
brmfcmon.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe -> [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
winhook.dll -> C:\Program Files\Avanquest\Fix-It\WinHook.dll -> [2008/08/22 12:53:28 | 000,028,672 | ---- | M] (Avanquest North America, Inc.)
sasseh.dll -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
sxs.dll -> C:\WINDOWS\system32\sxs.dll -> [2008/04/13 19:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation)
msvbvm60.dll -> C:\WINDOWS\system32\msvbvm60.dll -> [2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
spywareguard.dll -> C:\Program Files\SpywareGuard\spywareguard.dll -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()

[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"CustomSearch" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultURL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: URLSearchHooks\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1411.0\FIREFOX] -> [2010/03/21 12:45:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2010/08/23 02:02:32 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/13 10:52:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/08/01 13:39:30 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/08/31 13:04:37 | 000,000,000 | ---D | M]
No name found -> C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008/09/07 10:58:52 | 000,000,000 | ---D | M]
QuestDns -> C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} -> [2010/08/01 13:39:37 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/11 11:43:33 | 000,000,822 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31c7d459-9cc3-44f2-9dca-fc11795309b4} [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 000,192,512 | R--- | M] ()
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 10:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [Bing Bar BHO] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"Bing Bar" -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe ["C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe"] -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/04/06 21:41:44 | 008,466,432 | ---- | M] (NVIDIA Corporation)
"VirusScannerPro" -> C:\Program Files\Avanquest\Fix-It\MemCheck.exe [C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe] -> [2008/08/26 16:14:40 | 000,173,312 | ---- | M] (Avanquest North America, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2010/03/21 12:13:32 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoCDBurning" -> [0] -> File not found
\"HonorAutoRunSetting" -> [1] -> File not found
\"NoDriveAutoRun" -> [67108863] -> File not found
\"NoDriveTypeAutoRun" -> [323] -> File not found
\"NoDrives" -> [0] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
\"NoPopUpsOnBoot" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> [You must be registered and logged in to see this link.] [SpinTop DRM Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Genuine Advantage Validation Tool] ->
{1A1F56AA-3401-46F9-B277-D57F3421F821} [HKLM] -> [You must be registered and logged in to see this link.] [FunGamesLoader Object] ->
{1D082E71-DF20-4AAF-863B-596428C49874} [HKLM] -> [You must be registered and logged in to see this link.] [TPIR Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> [You must be registered and logged in to see this link.] [Shockwave ActiveX Control] ->
{2C153C75-8476-434B-B3C3-57B63A3D1939} [HKLM] -> [You must be registered and logged in to see this link.] [Brickout Control] ->
{352797A0-EFD0-4FA6-B229-145120EA4B8A} [HKLM] -> [You must be registered and logged in to see this link.] [Walt Disney Internet Group Hardware Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [You must be registered and logged in to see this link.] [BDSCANONLINE Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Live Safety Center Base Module] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> [You must be registered and logged in to see this link.] [Wwlaunch Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [HKLM] -> [You must be registered and logged in to see this link.] [WoF Control] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [HKLM] -> [You must be registered and logged in to see this link.] [SABScanProcesses Class] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [You must be registered and logged in to see this link.] [a-squared Scanner] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> [You must be registered and logged in to see this link.] [F-Secure Online Scanner 3.3] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> [You must be registered and logged in to see this link.] [FamilyFeud Control] ->
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} [HKLM] -> [You must be registered and logged in to see this link.] [Oberon Flash Game Host] ->
{D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> [You must be registered and logged in to see this link.] [Imikimi_activex_plugin Control] ->
{E6BB2089-163F-466B-812A-748096614DFD} [HKLM] -> [You must be registered and logged in to see this link.] [CAScanner Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B1C8C0E-2B77-4468-8506-C88852B5004C}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 11:05:34 | 000,356,352 | ---- | M] (SUPERAntiSpyware.com)
TPSvc -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> Reg Error: Key error. [Microsoft AntiMalware ShellExecuteHook] -> File not found
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [SpywareGuard] -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 17:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 16:34:06 | 000,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2009/01/19 20:46:03 | 000,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" -> C:\Program Files\iWin Games\iWinGames.exe [C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.] -> [2009/09/02 12:30:16 | 001,657,112 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\iWinTrusted.exe" -> C:\Program Files\iWin Games\iWinTrusted.exe [C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted] -> [2009/09/02 12:30:28 | 000,078,104 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" -> C:\Program Files\iWin Games\WebUpdater.exe [C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.] -> [2009/09/02 12:30:22 | 000,082,200 | ---- | M] ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/11/30 08:27:50 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\"FirstRunDisabled" -> [1] -> File not found
\"AntiVirusDisableNotify" -> [0] -> File not found
\"FirewallDisableNotify" -> [0] -> File not found
\"AntiVirusOverride" -> [1] -> File not found
\"FirewallOverride" -> [0] -> File not found
\"UpdatesDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
\Monitoring\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
< System Restore User Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore ->
"DisableSR" -> 0 ->
< System Restore File Filter Service > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr ->
"Start" -> 0 ->
< System Restore Service > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService ->
"Start" -> 2 ->
< Windows Firewall Group Policy Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
< Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\"EnableFirewall" -> [1] -> File not found
\"DoNotAllowExceptions" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Windows StandardProfile GloballyOpenPorts Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
\"8097:TCP" -> [8097:TCP:*:Enabled:EarthLink UHP Modem Support] -> File not found
\"1900:UDP" -> [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
\"2869:TCP" -> [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{03EDED24-8375-407D-A721-4643D9768BE1} -> kgchlwn
{06E6E30D-B498-442F-A943-07DE41D7F785} -> Microsoft Search Enhancement Pack
{073F22CE-9A5B-4A40-A604-C7270AC6BF34} -> ESSSONIC
{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
{08234a0d-cf39-4dca-99f0-0c5cb496da81} -> Bing Bar
{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} -> Windows Live ID Sign-in Assistant
{0996C331-6DCB-4E38-A3EC-0A77ABAE1361} -> Help_CTR
{10369D78-70C4-4C83-BAC7-40F94CAA8B76} -> Righteous Kill
{11F3F858-4131-4FFA-A560-3FE282933B6E} -> kgchday
{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} -> ESSPCD
{15A160C8-124E-481F-BBBB-66218A95F6E1} -> Ancient Mysteries
{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{205A0423-A2FF-473A-92E7-9A5F645225F1} -> Blood Ties
{21BB2D6D-8ED8-47DC-8146-48104DDE3262} -> Super Granny 4
{2A97D5B3-A989-47E1-B207-1CA9E3635655} -> aioprnt
{2BC2781A-F7F6-452E-95EB-018A522F1B2C} -> PaperPort Image Printer
{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} -> essvatgt
{2DF9155C-AA79-4AB3-95FE-549AC9EB993E} -> Slingo Quest
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{326957C7-83FD-4550-A59A-849B7B4297DE} -> Microsoft Easy Assist v2
{334713BA-B8E7-4A60-988C-4110753A191E} -> ArcSoft Magic-i Visual Effects 2
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{36FED898-68B7-4A00-824F-EB2136E17D6A} -> Barbie(R) idesign(TM) Ultimate Stylist(TM)
{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327} -> Brother MFL-Pro Suite MFC-290C
{3BED0238-3A25-41AE-BC23-316914B5B048} -> aioocr
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting
{428102E6-8A39-48B9-8389-847F5A44A600} -> MSXML 4.0
{42938595-0D83-404D-9F73-F8177FDD531A} -> ESScore
{4537EA4B-F603-4181-89FB-2953FC695AB1} -> netbrdg
{475C7AB4-763E-49DC-9CFC-154FFB2B745D} -> Snowy: The Bears Adventures
{503C539A-8572-4D92-A406-2EE67EBD2D26} -> Big City Adventure: Sydney Australia
{510E4BCD-286B-40F0-8DB9-D02269EA144E} -> G.H.O.S.T. Hunters: The Haunting of Majesty Manor
{5158974E-2D28-4018-9335-7694C2974746} -> Fix-It Utilities 8 Professional
{51C91B84-7B46-4FE7-8999-8228CFA75F89} -> Intel(R) Integrated Performance Primitives RTI 4.0
{51E2559D-F321-4B7A-81BE-0E7C168A4680}_is1 -> Double Solitaire 2.00
{52F5FBEC-F064-4766-A5AC-E3B136CD8887} -> Rainbow Mystery
{5316DFC9-CE99-4458-9AB3-E8726EDE0210} -> skin0001
{54B87119-DBC4-4663-8E25-57384D1FF1EE} -> Treasure Masters
{54BB0384-1C33-488F-A95B-877E480D3EDC} -> MSXML 4.0
{605A4E39-613C-4A12-B56F-DEFBE6757237} -> SHASTA
{643EAE81-920C-4931-9F0B-4B343B225CA6} -> ESSBrwr
{645120D3-6592-4190-9D9D-4E769B8D4DD8} -> Discovery
{647AC9E7-F65F-45B6-ADB1-17786D222247} -> STOPzilla
{65D85050-5610-4A91-A3B1-D5C744291AD4} -> PCDADDIN
{66F6BC8B-22E0-4B67-A103-7AE3620B8281} -> Fashion Apprentice
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{693C08A7-9E76-43FF-B11E-9A58175474C4} -> kgckids
{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6} -> ArcSoft WebCam Companion 3
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{73F1681F-ADE1-461F-9F18-B7640507D395} -> ksdip
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{791E3D44-33D3-4446-82AD-5CD4B0169083} -> aiofw
{79E41D91-BA1C-44B9-9358-48E598263ECF} -> center
{7A8FF745-BBC5-482B-88E4-18D3178249A9} -> ScanSoft PaperPort 11
{8168D841-C358-4F9B-B92E-EAE9EB715A74} -> Bing Bar Platform
{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115459780} -> Mystery of Unicorn Castle
{843081BD-351F-46FC-8A17-517A0D9117A3} -> helptut
{87AC3F0D-3FA2-4B93-8D06-DF8B86860B57} -> TriJinx
{8943CE61-53BD-475E-90E1-A580869E98A2} -> staticcr
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A502E38-29C9-49FA-BCFA-D727CA062589} -> ESSTOOLS
{8A8664E1-84C8-4936-891C-BC1F07797549} -> kgcvday
{8B8ECEEB-8EDE-40A7-8FB9-E01D822A0573} -> Neverland
{8E92D746-CD9F-4B90-9668-42B74C14F765} -> ESSini
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{91517631-A9F3-4B7C-B482-43E0068FD55A} -> ESSgui
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} -> QuickTime
{999D43F4-9709-4887-9B1A-83EBB15A8370} -> VPRINTOL
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9BD54685-1496-46A5-AB62-357CD140ED8B} -> kgcinvt
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender
{A1588373-1D86-4D44-86C9-78ABD190F9CC} -> kgcmove
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{A9A77305-6CC1-43EC-8A72-4E88A364C38C} -> The Lost Cases of Sherlock Holmes
{AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8
{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} -> ESSCDBK
{B0C0F5E6-10B1-11D6-9296-0050BA073EEC} -> Presto! VideoWorks 6
{B0DF58A2-40DF-4465-AA56-38623EC9938C} -> Documentation & Support Launcher
{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} -> OfotoXMI
{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} -> CCScore
{B6884A07-0305-47AE-9969-8F26FADC17DE} -> Games, Music, & Photos Launcher
{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120} -> Microsoft Default Manager
{C0251585-1BE8-4278-B3CB-964B6E01C59D} -> aioscnnr
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C252EB7B-7AE0-46DE-9BEE-DF681B885F13} -> Modem Diagnostic Tool
{C99DCDA4-7407-4F72-A77E-C81C551D0C4E} -> PCDHELP
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D32470A1-B10C-4059-BA53-CF0486F68EBC} -> KODAK All-in-One Printer Software
{D77654AA-8AEC-45F4-8CF7-2ACCD615B294} -> Finders Keepers
{D8262480-2A04-407C-B2F7-1439B789C349} -> Print Artist Express
{D89C4390-238E-47A1-A9C7-07F2F6544BA0} -> DXG-518
{D92980F6-3405-4524-B4B8-A6874AA730A4} -> Big City Adventure: San Francisco
{DB02F716-6275-42E9-B8D2-83BA2BF5100B} -> SFR
{DC626A21-EDF1-40C7-8F2F-D2BA7535529F} -> helpug
{E18B549C-5D15-45DA-8D8F-8FD2BD946344} -> kgcbaby
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> Adobe Download Manager
{E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center
{E42BD75A-FC23-4E3F-9F91-2658334C644F} -> Internet Service Offers Launcher
{E6FF00EE-B79C-44F7-BB97-FA7FD8D94E62} -> Dancing with the Stars
{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} -> tooltips
{ENS31293-4DD5-81C6-1155-624AC34560083}_is1 -> Autumn Tree
{F0C8BC0A-B0E7-4F39-848C-C5B06021B702} -> Hidden Mysteries - White House
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} -> kgcbase
{F2A64101-DAB6-40AE-B4B3-18820F469421} -> Pirate Island
{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} -> SKINXSDK
{F6B2ED65-7378-4065-802D-F2E5689F3A4E} -> Photo Viewer
{F9593CFB-D836-49BC-BFF1-0E669A411D9F} -> WIRELESS
123 Free Solitaire_is1 -> 123 Free Solitaire 2008 v6.0
3D Falling Leaves Animated Wallpaper -> 3D Falling Leaves Animated Wallpaper
3D Frog Frenzy -> 3D Frog Frenzy
3D Snowy Cottage Animated Wallpaper -> 3D Snowy Cottage Animated Wallpaper
Adobe Shockwave Player -> Adobe Shockwave Player 11.5
Advanced SystemCare 3_is1 -> Advanced SystemCare 3
Amazing Adventures The Caribbean Secret -> Amazing Adventures The Caribbean Secret
Amazing Heists: Dillinger -> Amazing Heists: Dillinger (remove only)
am-leeloostalentagency -> Leeloo's Talent Agency
Annabel -> Annabel (remove only)
AOL YGP Screensaver -> AOL You've Got Pictures Screensaver
AolCoach2_en -> AOL Coach Version 2.0(Build:20041026.5 en)
AVS Video Editor 4_is1 -> AVS Video Editor 4 4.2.1.166
AVS Video Recorder_is1 -> AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader 2.1_is1 -> AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator_is1 -> AVS4YOU Software Navigator 1.3
Barbie(TM) as Rapunzel -> Barbie(TM) as Rapunzel
BCDP9_is1 -> Business Card Designer Plus 9.5.0.0
cayahooantispy -> CA Yahoo! Anti-Spy (remove only)
CleanUp! -> CleanUp!
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows4.0 -> Coupon Printer for Windows
Cradle of Rome -> Cradle of Rome (remove only)
Diamond Drop 2 (CD version) -> Diamond Drop 2 (CD version)
embarqtoolbar -> Embarq Toolbar
Falling leaves Wallpaper -> Falling leaves Wallpaper
Family Feud Dream Home -> Family Feud Dream Home (remove only)
Feeding Frenzy 2 Deluxe 1.0 -> Feeding Frenzy 2 Deluxe 1.0
Freeze Wallpaper -> Freeze Wallpaper
FunPhotor_is1 -> FunPhotor 5.0
GameHouse -> GameHouse
Gemini Lost Deluxe -> Gemini Lost Deluxe
Heroes of Hellas -> Heroes of Hellas (remove only)
Hide and Secret -> Hide and Secret
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie8 -> Windows Internet Explorer 8
Imikimi Plugin -> Imikimi Plugin
InterActual Player -> InterActual Player
Interpol 2: Most Wanted -> Interpol 2: Most Wanted (remove only)
IObitCom Toolbar -> IObitCom Toolbar
iWinArcade -> iWin Games (remove only)
Jewel Quest II -> Jewel Quest II (remove only)
Jewel Quest Online Party -> Jewel Quest Online Party (remove only)

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Fri Nov 12, 2010 12:41 am

Jewel Quest Solitaire Deluxe -> Jewel Quest Solitaire Deluxe
JL2005A Camera_is1 -> Uninstall JL2005A Camera
Little Shop: Memories -> Little Shop: Memories (remove only)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Marooned -> Marooned
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
MostFun.com Games - Big City Adventure: San Francisco -> MostFun.com Games - Big City Adventure: San Francisco (remove only)
MostFun.com Games - Big City Adventure: Sydney Australia -> MostFun.com Games - Big City Adventure: Sydney Australia (remove only)
MostFun.com Games - Fashion Apprentice -> MostFun.com Games - Fashion Apprentice (remove only)
MostFun.com Games - Finders Keepers -> MostFun.com Games - Finders Keepers (remove only)
MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor -> MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor (remove only)
MostFun.com Games - Neverland -> MostFun.com Games - Neverland (remove only)
MostFun.com Games - Pirate Island -> MostFun.com Games - Pirate Island (remove only)
MostFun.com Games - Rainbow Mystery -> MostFun.com Games - Rainbow Mystery (remove only)
MostFun.com Games - Righteous Kill -> MostFun.com Games - Righteous Kill (remove only)
MostFun.com Games - Slingo Quest -> MostFun.com Games - Slingo Quest (remove only)
MostFun.com Games - Snowy: The Bears Adventures -> MostFun.com Games - Snowy: The Bears Adventures (remove only)
MostFun.com Games - Super Granny 4 -> MostFun.com Games - Super Granny 4 (remove only)
MostFun.com Games - The Lost Cases of Sherlock Holmes -> MostFun.com Games - The Lost Cases of Sherlock Holmes (remove only)
Mozilla Firefox (3.5.5) -> Mozilla Firefox (3.5.5)
MSNINST -> MSN
Mystery Solitaire -> Mystery Solitaire: Secret Island (remove only)
Mystic Emporium Deluxe -> Mystic Emporium Deluxe
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NSS -> Norton Security Scan
NVIDIA Drivers -> NVIDIA Drivers
PakMan 2008_is1 -> PakMan 2008
Peggle Nights Deluxe -> Peggle Nights Deluxe
Plants vs. Zombies -> Plants vs. Zombies
Playsushi -> Playsushi
Pop-Up Stopper Free Edition -> Pop-Up Stopper Free Edition
Princess Isabella - A Witchs Curse -> Princess Isabella - A Witchs Curse (remove only)
RealArcade -> RealArcade
RealPlayer 6.0 -> RealPlayer Basic
Registry Mechanic_is1 -> Registry Mechanic 10.0
Safari Island Deluxe -> Safari Island Deluxe
Scooby-Doo(TM), Case File #1 The Glowing Bug Man -> Scooby-Doo(TM), Case File #1 The Glowing Bug Man
Spyware Doctor -> Spyware Doctor 6.1
SpywareGuard_is1 -> SpywareGuard v2.2
Super Granny 5 -> Super Granny 5 (remove only)
Supermarket Mania -> Supermarket Mania
The Treasures of Mystery Island -> The Treasures of Mystery Island
The Treasures Of Mystery Island_is1 -> The Treasures Of Mystery Island
Total 3D Home -> Total 3D Home
UnityWebPlayer -> Unity Web Player
ViewpointMediaPlayer -> Viewpoint Media Player
VIVAGplayer -> VIVA MEDIA GAME CENTER
Wedding Dash 4-Ever -> Wedding Dash 4-Ever (remove only)
Windows Live OneCare safety scanner -> Windows Live OneCare safety scanner
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
Yahoo! Messenger -> Yahoo! Messenger
Yahoo! Search Defender -> Yahoo! Search Protection
Yahoo! Software Update -> Yahoo! Software Update
Zuma's Revenge! -> Zuma's Revenge!
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error: Unable to start EventLog service!

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/11 19:30:33 | 000,000,374 | -H-- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/11 19:30:00 | 000,000,424 | -H-- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/11 19:26:59 | 000,000,422 | -H-- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/11 19:17:00 | 000,000,406 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/11 19:01:00 | 000,000,236 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/11 19:00:00 | 000,000,258 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/11 18:57:00 | 000,000,886 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/11 18:54:00 | 000,000,416 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/11 18:36:00 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/11 18:17:00 | 000,000,406 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/11 17:54:00 | 000,000,416 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/11 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/11 17:17:00 | 000,000,406 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/11 16:54:00 | 000,000,416 | ---- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/11 16:53:02 | 000,000,562 | -H-- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/11 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/11 16:17:00 | 000,000,406 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/11 13:54:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/11 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/11 13:17:00 | 000,000,406 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/11 12:54:00 | 000,000,416 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/11 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/11 12:17:00 | 000,000,406 | ---- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/11 11:54:00 | 000,000,416 | ---- | M] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 11:43:39 | 000,000,248 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/11/11 11:43:33 | 000,000,822 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/11/11 11:43:33 | 000,000,197 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/10 22:17:00 | 000,000,406 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/10 21:54:00 | 000,000,416 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/10 21:36:00 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/10 21:17:00 | 000,000,406 | ---- | M] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/10 20:54:00 | 000,000,416 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/10 20:36:00 | 000,000,406 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/10 20:19:08 | 000,000,882 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/10 20:19:05 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 20:19:03 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:19:01 | 2078,789,632 | -HS- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/10 20:16:56 | 000,000,416 | ---- | M] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/10 20:16:56 | 000,000,416 | ---- | M] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/10 20:16:56 | 000,000,406 | ---- | M] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:40 | 003,902,849 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/10 15:51:09 | 000,000,406 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/10 15:26:19 | 000,000,416 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/10 15:26:19 | 000,000,406 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/10 08:38:06 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/09 20:19:55 | 000,000,406 | ---- | M] ()
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:05 | 000,000,416 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 11:43:39 | 000,000,248 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:16:47 | 2078,789,632 | -HS- | C] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:28 | 003,902,849 | ---- | C] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,197 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()
maxlink.ini -> C:\WINDOWS\maxlink.ini -> [2009/05/10 10:36:38 | 000,031,567 | ---- | C] ()
sqlite3.dll -> C:\WINDOWS\System32\sqlite3.dll -> [2009/05/01 20:30:55 | 000,223,232 | ---- | C] ()
SQLiteWrapper.dll -> C:\WINDOWS\System32\SQLiteWrapper.dll -> [2009/05/01 20:30:55 | 000,086,016 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2009/03/22 21:13:51 | 000,001,755 | ---- | C] ()
bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2009/01/05 14:44:10 | 000,000,453 | ---- | C] ()
PRNTCARD.INI -> C:\WINDOWS\PRNTCARD.INI -> [2008/12/26 10:48:44 | 000,000,045 | ---- | C] ()
Game.INI -> C:\WINDOWS\Game.INI -> [2008/11/05 14:48:17 | 000,000,000 | ---- | C] ()
iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2008/10/08 21:33:51 | 000,000,000 | ---- | C] ()
ka.ini -> C:\WINDOWS\ka.ini -> [2008/10/04 20:12:48 | 000,000,092 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2008/09/20 15:03:00 | 000,000,253 | ---- | C] ()
SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2008/09/20 14:58:45 | 000,000,000 | ---- | C] ()
st_affiliate.ini -> C:\WINDOWS\st_affiliate.ini -> [2008/08/21 21:24:09 | 000,000,071 | ---- | C] ()
iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2008/07/31 17:17:07 | 000,000,042 | ---- | C] ()
EKDeviceServices.dll -> C:\WINDOWS\System32\EKDeviceServices.dll -> [2008/07/28 16:45:27 | 000,012,800 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/07/24 20:50:27 | 000,000,002 | ---- | C] ()
Nsvideo.dll -> C:\WINDOWS\System32\Nsvideo.dll -> [2008/07/20 15:33:02 | 000,122,880 | ---- | C] ()
IPPCPUID.DLL -> C:\WINDOWS\System32\IPPCPUID.DLL -> [2008/07/20 15:32:07 | 000,040,960 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/04/18 23:54:05 | 000,000,061 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/04/18 23:21:18 | 001,703,936 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/04/18 23:21:18 | 001,019,904 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/04/18 23:21:17 | 000,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2008/04/18 23:21:17 | 000,286,720 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/04/18 23:21:16 | 001,478,656 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2008/04/18 23:19:55 | 000,001,119 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2002/03/13 15:46:46 | 000,053,248 | R--- | C] ()
sysgtime.dll -> C:\WINDOWS\sysgtime.dll -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()
proclsvr.drv -> C:\WINDOWS\System32\proclsvr.drv -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5BE85F6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DE1FF38
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:043E24E7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C80C7DFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7624E8B8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8085D0B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C434694E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FB71C37
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03F0A612
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C81E3C9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18186C66
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DED4A5E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0506F89A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A385C726
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BEAD68C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4B5B2D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88240B04
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CC31E0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FFBB703
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08E8B73D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7A916
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FF59BCE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51284D0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3757C473
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2611698
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECD2924
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:929C5AFE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EBFA1FD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF079216
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6763F46
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702A8B3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A217D1B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA4BC92
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65521523
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1020F9B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B23CB4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBB82A4E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE22ABA0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6C15BD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14DFF9B1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A146077
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA29F37
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DAB5A8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C778DFA3
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C0059D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B0DDFD
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C2F1C3C
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C404520E
< End of report >
[/code]

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by Belahzur on Sat Nov 13, 2010 1:16 am

Hello.

Did you see my post here?
[You must be registered and logged in to see this link.]

Please run OTL instead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Sat Nov 13, 2010 3:02 am

[code]
OTS logfile created on: 11/12/2010 9:59:29 PM - Run (Non-Administrative account!)
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.63 Gb Free Space | 70.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1FNS3G1
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
stopzilla.exe -> C:\Program Files\STOPzilla!\STOPzilla.exe -> [2010/09/10 15:11:48 | 000,177,616 | R--- | M] (iS3, Inc.)
scserver.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe -> [2010/05/14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation)
mswinext.exe -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
brmfcwnd.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
brmfcmon.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe -> [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.)
acrord32.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe -> [2006/10/23 01:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
winhook.dll -> C:\Program Files\Avanquest\Fix-It\WinHook.dll -> [2008/08/22 12:53:28 | 000,028,672 | ---- | M] (Avanquest North America, Inc.)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"CustomSearch" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultURL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: URLSearchHooks\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1411.0\FIREFOX] -> [2010/03/21 12:45:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2010/08/23 02:02:32 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/13 10:52:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/08/01 13:39:30 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/08/31 13:04:37 | 000,000,000 | ---D | M]
No name found -> C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008/09/07 10:58:52 | 000,000,000 | ---D | M]
QuestDns -> C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} -> [2010/08/01 13:39:37 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/11 11:43:33 | 000,000,822 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31c7d459-9cc3-44f2-9dca-fc11795309b4} [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 000,192,512 | R--- | M] ()
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 10:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [Bing Bar BHO] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"Bing Bar" -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe ["C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe"] -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/04/06 21:41:44 | 008,466,432 | ---- | M] (NVIDIA Corporation)
"VirusScannerPro" -> C:\Program Files\Avanquest\Fix-It\MemCheck.exe [C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe] -> [2008/08/26 16:14:40 | 000,173,312 | ---- | M] (Avanquest North America, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2010/03/21 12:13:32 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoCDBurning" -> [0] -> File not found
\"HonorAutoRunSetting" -> [1] -> File not found
\"NoDriveAutoRun" -> [67108863] -> File not found
\"NoDriveTypeAutoRun" -> [323] -> File not found
\"NoDrives" -> [0] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
\"NoPopUpsOnBoot" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> [You must be registered and logged in to see this link.] [SpinTop DRM Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Genuine Advantage Validation Tool] ->
{1A1F56AA-3401-46F9-B277-D57F3421F821} [HKLM] -> [You must be registered and logged in to see this link.] [FunGamesLoader Object] ->
{1D082E71-DF20-4AAF-863B-596428C49874} [HKLM] -> [You must be registered and logged in to see this link.] [TPIR Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> [You must be registered and logged in to see this link.] [Shockwave ActiveX Control] ->
{2C153C75-8476-434B-B3C3-57B63A3D1939} [HKLM] -> [You must be registered and logged in to see this link.] [Brickout Control] ->
{352797A0-EFD0-4FA6-B229-145120EA4B8A} [HKLM] -> [You must be registered and logged in to see this link.] [Walt Disney Internet Group Hardware Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [You must be registered and logged in to see this link.] [BDSCANONLINE Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Live Safety Center Base Module] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> [You must be registered and logged in to see this link.] [Wwlaunch Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [HKLM] -> [You must be registered and logged in to see this link.] [WoF Control] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [HKLM] -> [You must be registered and logged in to see this link.] [SABScanProcesses Class] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [You must be registered and logged in to see this link.] [a-squared Scanner] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> [You must be registered and logged in to see this link.] [F-Secure Online Scanner 3.3] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> [You must be registered and logged in to see this link.] [FamilyFeud Control] ->
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} [HKLM] -> [You must be registered and logged in to see this link.] [Oberon Flash Game Host] ->
{D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> [You must be registered and logged in to see this link.] [Imikimi_activex_plugin Control] ->
{E6BB2089-163F-466B-812A-748096614DFD} [HKLM] -> [You must be registered and logged in to see this link.] [CAScanner Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B1C8C0E-2B77-4468-8506-C88852B5004C}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 11:05:34 | 000,356,352 | ---- | M] (SUPERAntiSpyware.com)
TPSvc -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> Reg Error: Key error. [Microsoft AntiMalware ShellExecuteHook] -> File not found
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [SpywareGuard] -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 17:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 16:34:06 | 000,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2009/01/19 20:46:03 | 000,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" -> C:\Program Files\iWin Games\iWinGames.exe [C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.] -> [2009/09/02 12:30:16 | 001,657,112 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\iWinTrusted.exe" -> C:\Program Files\iWin Games\iWinTrusted.exe [C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted] -> [2009/09/02 12:30:28 | 000,078,104 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" -> C:\Program Files\iWin Games\WebUpdater.exe [C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.] -> [2009/09/02 12:30:22 | 000,082,200 | ---- | M] ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/11/30 08:27:50 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/12 22:01:00 | 000,000,236 | ---- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/12 22:00:00 | 000,000,424 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/12 21:57:00 | 000,000,886 | ---- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/12 21:57:00 | 000,000,422 | -H-- | M] ()
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/12 19:03:57 | 000,000,374 | -H-- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/12 17:26:23 | 000,000,562 | -H-- | M] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/12 15:54:00 | 000,000,416 | ---- | M] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/12 15:36:00 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/12 15:17:00 | 000,000,406 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/12 14:54:00 | 000,000,416 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/12 14:36:00 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/12 14:17:00 | 000,000,406 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/12 11:36:00 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/12 11:17:00 | 000,000,406 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/12 10:54:00 | 000,000,416 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/12 10:36:00 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/12 10:17:00 | 000,000,406 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/12 09:54:00 | 000,000,416 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/12 09:36:00 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/12 09:17:00 | 000,000,406 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/12 08:54:00 | 000,000,416 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/12 08:36:00 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/12 08:17:00 | 000,000,406 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/12 07:54:00 | 000,000,416 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/12 07:36:00 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/12 07:17:00 | 000,000,406 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/12 06:54:00 | 000,000,416 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/12 06:36:00 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/12 06:17:00 | 000,000,406 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/12 05:54:00 | 000,000,416 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/12 05:36:00 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/12 05:17:00 | 000,000,406 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/12 04:54:00 | 000,000,416 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/12 04:36:00 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/12 04:17:00 | 000,000,406 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/12 03:54:00 | 000,000,416 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/12 03:36:00 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/12 03:17:00 | 000,000,406 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/12 02:54:00 | 000,000,416 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/12 02:36:00 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/12 02:17:00 | 000,000,406 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/12 01:54:00 | 000,000,416 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/12 01:36:00 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/12 01:17:00 | 000,000,406 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/12 00:54:00 | 000,000,416 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/12 00:36:00 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/12 00:17:00 | 000,000,406 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/11 23:57:00 | 000,000,882 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/11 23:54:00 | 000,000,416 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/11 23:36:00 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/11 23:17:00 | 000,000,406 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/11 22:54:00 | 000,000,416 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/11 22:36:00 | 000,000,406 | ---- | M] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 20:46:01 | 000,008,704 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/11 20:17:00 | 000,000,406 | ---- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/11 19:54:00 | 000,000,416 | ---- | M] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/11 19:36:00 | 000,000,406 | ---- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/11 19:17:00 | 000,000,406 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/11 19:00:00 | 000,000,258 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/11 18:54:00 | 000,000,416 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/11 18:36:00 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/11 18:17:00 | 000,000,406 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/11 17:54:00 | 000,000,416 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/11 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/11 17:17:00 | 000,000,406 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/11 16:54:00 | 000,000,416 | ---- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/11 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/11 16:17:00 | 000,000,406 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/11 13:54:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/11 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/11 13:17:00 | 000,000,406 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/11 12:54:00 | 000,000,416 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/11 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/11 12:17:00 | 000,000,406 | ---- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/11 11:54:00 | 000,000,416 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/11/11 11:43:33 | 000,000,822 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/11/11 11:43:33 | 000,000,197 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/10 22:17:00 | 000,000,406 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/10 21:54:00 | 000,000,416 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/10 21:36:00 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/10 21:17:00 | 000,000,406 | ---- | M] ()

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Sat Nov 13, 2010 3:03 am

At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/10 20:54:00 | 000,000,416 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/10 20:36:00 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 20:19:03 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:19:01 | 2078,789,632 | -HS- | M] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:40 | 003,902,849 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 11:43:39 | 000,008,704 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:16:47 | 2078,789,632 | -HS- | C] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:28 | 003,902,849 | ---- | C] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,197 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()
maxlink.ini -> C:\WINDOWS\maxlink.ini -> [2009/05/10 10:36:38 | 000,031,567 | ---- | C] ()
sqlite3.dll -> C:\WINDOWS\System32\sqlite3.dll -> [2009/05/01 20:30:55 | 000,223,232 | ---- | C] ()
SQLiteWrapper.dll -> C:\WINDOWS\System32\SQLiteWrapper.dll -> [2009/05/01 20:30:55 | 000,086,016 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2009/03/22 21:13:51 | 000,001,755 | ---- | C] ()
bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2009/01/05 14:44:10 | 000,000,453 | ---- | C] ()
PRNTCARD.INI -> C:\WINDOWS\PRNTCARD.INI -> [2008/12/26 10:48:44 | 000,000,045 | ---- | C] ()
Game.INI -> C:\WINDOWS\Game.INI -> [2008/11/05 14:48:17 | 000,000,000 | ---- | C] ()
iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2008/10/08 21:33:51 | 000,000,000 | ---- | C] ()
ka.ini -> C:\WINDOWS\ka.ini -> [2008/10/04 20:12:48 | 000,000,092 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2008/09/20 15:03:00 | 000,000,253 | ---- | C] ()
SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2008/09/20 14:58:45 | 000,000,000 | ---- | C] ()
st_affiliate.ini -> C:\WINDOWS\st_affiliate.ini -> [2008/08/21 21:24:09 | 000,000,071 | ---- | C] ()
iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2008/07/31 17:17:07 | 000,000,042 | ---- | C] ()
EKDeviceServices.dll -> C:\WINDOWS\System32\EKDeviceServices.dll -> [2008/07/28 16:45:27 | 000,012,800 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/07/24 20:50:27 | 000,000,002 | ---- | C] ()
Nsvideo.dll -> C:\WINDOWS\System32\Nsvideo.dll -> [2008/07/20 15:33:02 | 000,122,880 | ---- | C] ()
IPPCPUID.DLL -> C:\WINDOWS\System32\IPPCPUID.DLL -> [2008/07/20 15:32:07 | 000,040,960 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/04/18 23:54:05 | 000,000,061 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/04/18 23:21:18 | 001,703,936 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/04/18 23:21:18 | 001,019,904 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/04/18 23:21:17 | 000,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2008/04/18 23:21:17 | 000,286,720 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/04/18 23:21:16 | 001,478,656 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2008/04/18 23:19:55 | 000,001,119 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2002/03/13 15:46:46 | 000,053,248 | R--- | C] ()
sysgtime.dll -> C:\WINDOWS\sysgtime.dll -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()
proclsvr.drv -> C:\WINDOWS\System32\proclsvr.drv -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5BE85F6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DE1FF38
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:043E24E7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C80C7DFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7624E8B8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8085D0B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C434694E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FB71C37
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03F0A612
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C81E3C9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18186C66
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DED4A5E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0506F89A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A385C726
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BEAD68C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4B5B2D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88240B04
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CC31E0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FFBB703
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08E8B73D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7A916
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FF59BCE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51284D0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3757C473
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2611698
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECD2924
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:929C5AFE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EBFA1FD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF079216
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6763F46
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702A8B3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A217D1B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA4BC92
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65521523
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1020F9B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B23CB4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBB82A4E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE22ABA0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6C15BD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14DFF9B1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A146077
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA29F37
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DAB5A8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C778DFA3
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C0059D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B0DDFD
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C2F1C3C
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C404520E
< End of report >
[/code]

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Sat Nov 13, 2010 3:04 am

[code]
OTS logfile created on: 11/12/2010 9:59:29 PM - Run (Non-Administrative account!)
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.63 Gb Free Space | 70.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1FNS3G1
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
stopzilla.exe -> C:\Program Files\STOPzilla!\STOPzilla.exe -> [2010/09/10 15:11:48 | 000,177,616 | R--- | M] (iS3, Inc.)
scserver.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe -> [2010/05/14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation)
mswinext.exe -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
brmfcwnd.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
brmfcmon.exe -> C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe -> [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.)
acrord32.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe -> [2006/10/23 01:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
winhook.dll -> C:\Program Files\Avanquest\Fix-It\WinHook.dll -> [2008/08/22 12:53:28 | 000,028,672 | ---- | M] (Avanquest North America, Inc.)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"CustomSearch" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\"SearchMigratedDefaultURL" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_CURRENT_USER\: URLSearchHooks\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1411.0\FIREFOX] -> [2010/03/21 12:45:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2010/08/23 02:02:32 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/13 10:52:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/08/01 13:39:30 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/08/31 13:04:37 | 000,000,000 | ---D | M]
No name found -> C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008/09/07 10:58:52 | 000,000,000 | ---D | M]
QuestDns -> C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} -> [2010/08/01 13:39:37 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/11 11:43:33 | 000,000,822 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31c7d459-9cc3-44f2-9dca-fc11795309b4} [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 000,192,512 | R--- | M] ()
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 10:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [Bing Bar BHO] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100] -> [2010/03/16 15:34:52 | 000,548,184 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/13 07:58:39 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}" [HKLM] -> C:\Program Files\IObitCom\tbIOb0.dll [compliance0615 Toolbar] -> [2010/09/12 19:06:40 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"Bing Bar" -> C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe ["C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe"] -> [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/04/06 21:41:44 | 008,466,432 | ---- | M] (NVIDIA Corporation)
"VirusScannerPro" -> C:\Program Files\Avanquest\Fix-It\MemCheck.exe [C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe] -> [2008/08/26 16:14:40 | 000,173,312 | ---- | M] (Avanquest North America, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2010/03/21 12:13:32 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe -> [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.)
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoCDBurning" -> [0] -> File not found
\"HonorAutoRunSetting" -> [1] -> File not found
\"NoDriveAutoRun" -> [67108863] -> File not found
\"NoDriveTypeAutoRun" -> [323] -> File not found
\"NoDrives" -> [0] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
\"NoPopUpsOnBoot" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Menu: Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> [You must be registered and logged in to see this link.] [SpinTop DRM Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Genuine Advantage Validation Tool] ->
{1A1F56AA-3401-46F9-B277-D57F3421F821} [HKLM] -> [You must be registered and logged in to see this link.] [FunGamesLoader Object] ->
{1D082E71-DF20-4AAF-863B-596428C49874} [HKLM] -> [You must be registered and logged in to see this link.] [TPIR Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> [You must be registered and logged in to see this link.] [Shockwave ActiveX Control] ->
{2C153C75-8476-434B-B3C3-57B63A3D1939} [HKLM] -> [You must be registered and logged in to see this link.] [Brickout Control] ->
{352797A0-EFD0-4FA6-B229-145120EA4B8A} [HKLM] -> [You must be registered and logged in to see this link.] [Walt Disney Internet Group Hardware Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [You must be registered and logged in to see this link.] [BDSCANONLINE Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> [You must be registered and logged in to see this link.] [Windows Live Safety Center Base Module] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> [You must be registered and logged in to see this link.] [Wwlaunch Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [HKLM] -> [You must be registered and logged in to see this link.] [WoF Control] ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [HKLM] -> [You must be registered and logged in to see this link.] [SABScanProcesses Class] ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [You must be registered and logged in to see this link.] [a-squared Scanner] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> [You must be registered and logged in to see this link.] [F-Secure Online Scanner 3.3] ->
{CC450D71-CC90-424C-8638-1F2DBAC87A54} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Key error.] ->
{CF969D51-F764-4FBF-9E90-475248601C8A} [HKLM] -> [You must be registered and logged in to see this link.] [FamilyFeud Control] ->
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} [HKLM] -> [You must be registered and logged in to see this link.] [Oberon Flash Game Host] ->
{D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> [You must be registered and logged in to see this link.] [Imikimi_activex_plugin Control] ->
{E6BB2089-163F-466B-812A-748096614DFD} [HKLM] -> [You must be registered and logged in to see this link.] [CAScanner Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6B1C8C0E-2B77-4468-8506-C88852B5004C}\\DhcpNameServer -> 192.168.2.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 11:05:34 | 000,356,352 | ---- | M] (SUPERAntiSpyware.com)
TPSvc -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> Reg Error: Key error. [Microsoft AntiMalware ShellExecuteHook] -> File not found
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [SpywareGuard] -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL] -> [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 17:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> [2004/10/14 16:34:06 | 000,059,992 | ---- | M] (Gteko Ltd.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program] -> [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" -> C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX] -> [2007/03/02 14:33:54 | 000,063,600 | ---- | M] (CyberLink Corp.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2009/01/19 20:46:03 | 000,342,848 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" -> C:\Program Files\iWin Games\iWinGames.exe [C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.] -> [2009/09/02 12:30:16 | 001,657,112 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\iWinTrusted.exe" -> C:\Program Files\iWin Games\iWinTrusted.exe [C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted] -> [2009/09/02 12:30:28 | 000,078,104 | ---- | M] (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" -> C:\Program Files\iWin Games\WebUpdater.exe [C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.] -> [2009/09/02 12:30:22 | 000,082,200 | ---- | M] ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/11/30 08:27:50 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/11/05 21:59:00 | 004,347,120 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:13 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
UniBox210.ocx -> C:\WINDOWS\System32\UniBox210.ocx -> [2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited)
UniBox10.ocx -> C:\WINDOWS\System32\UniBox10.ocx -> [2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited)
UniBoxVB12.ocx -> C:\WINDOWS\System32\UniBoxVB12.ocx -> [2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited)
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/12 22:01:00 | 000,000,236 | ---- | M] ()
User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job -> [2010/11/12 22:00:00 | 000,000,424 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/11/12 21:57:00 | 000,000,886 | ---- | M] ()
User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job -> [2010/11/12 21:57:00 | 000,000,422 | -H-- | M] ()
MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2010/11/12 19:03:57 | 000,000,374 | -H-- | M] ()
Norton Security Scan for Wanda_2.job -> C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job -> [2010/11/12 17:26:23 | 000,000,562 | -H-- | M] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/12 15:54:00 | 000,000,416 | ---- | M] ()
At40.job -> C:\WINDOWS\tasks\At40.job -> [2010/11/12 15:36:00 | 000,000,406 | ---- | M] ()
At16.job -> C:\WINDOWS\tasks\At16.job -> [2010/11/12 15:17:00 | 000,000,406 | ---- | M] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/12 14:54:00 | 000,000,416 | ---- | M] ()
At39.job -> C:\WINDOWS\tasks\At39.job -> [2010/11/12 14:36:00 | 000,000,406 | ---- | M] ()
At15.job -> C:\WINDOWS\tasks\At15.job -> [2010/11/12 14:17:00 | 000,000,406 | ---- | M] ()
At36.job -> C:\WINDOWS\tasks\At36.job -> [2010/11/12 11:36:00 | 000,000,406 | ---- | M] ()
At12.job -> C:\WINDOWS\tasks\At12.job -> [2010/11/12 11:17:00 | 000,000,406 | ---- | M] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/12 10:54:00 | 000,000,416 | ---- | M] ()
At35.job -> C:\WINDOWS\tasks\At35.job -> [2010/11/12 10:36:00 | 000,000,406 | ---- | M] ()
At11.job -> C:\WINDOWS\tasks\At11.job -> [2010/11/12 10:17:00 | 000,000,406 | ---- | M] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/12 09:54:00 | 000,000,416 | ---- | M] ()
At34.job -> C:\WINDOWS\tasks\At34.job -> [2010/11/12 09:36:00 | 000,000,406 | ---- | M] ()
At10.job -> C:\WINDOWS\tasks\At10.job -> [2010/11/12 09:17:00 | 000,000,406 | ---- | M] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/12 08:54:00 | 000,000,416 | ---- | M] ()
At33.job -> C:\WINDOWS\tasks\At33.job -> [2010/11/12 08:36:00 | 000,000,406 | ---- | M] ()
At9.job -> C:\WINDOWS\tasks\At9.job -> [2010/11/12 08:17:00 | 000,000,406 | ---- | M] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/12 07:54:00 | 000,000,416 | ---- | M] ()
At32.job -> C:\WINDOWS\tasks\At32.job -> [2010/11/12 07:36:00 | 000,000,406 | ---- | M] ()
At8.job -> C:\WINDOWS\tasks\At8.job -> [2010/11/12 07:17:00 | 000,000,406 | ---- | M] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/12 06:54:00 | 000,000,416 | ---- | M] ()
At31.job -> C:\WINDOWS\tasks\At31.job -> [2010/11/12 06:36:00 | 000,000,406 | ---- | M] ()
At7.job -> C:\WINDOWS\tasks\At7.job -> [2010/11/12 06:17:00 | 000,000,406 | ---- | M] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/12 05:54:00 | 000,000,416 | ---- | M] ()
At30.job -> C:\WINDOWS\tasks\At30.job -> [2010/11/12 05:36:00 | 000,000,406 | ---- | M] ()
At6.job -> C:\WINDOWS\tasks\At6.job -> [2010/11/12 05:17:00 | 000,000,406 | ---- | M] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/12 04:54:00 | 000,000,416 | ---- | M] ()
At29.job -> C:\WINDOWS\tasks\At29.job -> [2010/11/12 04:36:00 | 000,000,406 | ---- | M] ()
At5.job -> C:\WINDOWS\tasks\At5.job -> [2010/11/12 04:17:00 | 000,000,406 | ---- | M] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/12 03:54:00 | 000,000,416 | ---- | M] ()
At28.job -> C:\WINDOWS\tasks\At28.job -> [2010/11/12 03:36:00 | 000,000,406 | ---- | M] ()
At4.job -> C:\WINDOWS\tasks\At4.job -> [2010/11/12 03:17:00 | 000,000,406 | ---- | M] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/12 02:54:00 | 000,000,416 | ---- | M] ()
At27.job -> C:\WINDOWS\tasks\At27.job -> [2010/11/12 02:36:00 | 000,000,406 | ---- | M] ()
At3.job -> C:\WINDOWS\tasks\At3.job -> [2010/11/12 02:17:00 | 000,000,406 | ---- | M] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/12 01:54:00 | 000,000,416 | ---- | M] ()
At26.job -> C:\WINDOWS\tasks\At26.job -> [2010/11/12 01:36:00 | 000,000,406 | ---- | M] ()
At2.job -> C:\WINDOWS\tasks\At2.job -> [2010/11/12 01:17:00 | 000,000,406 | ---- | M] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/12 00:54:00 | 000,000,416 | ---- | M] ()
At25.job -> C:\WINDOWS\tasks\At25.job -> [2010/11/12 00:36:00 | 000,000,406 | ---- | M] ()
At1.job -> C:\WINDOWS\tasks\At1.job -> [2010/11/12 00:17:00 | 000,000,406 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/11/11 23:57:00 | 000,000,882 | ---- | M] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/11 23:54:00 | 000,000,416 | ---- | M] ()
At48.job -> C:\WINDOWS\tasks\At48.job -> [2010/11/11 23:36:00 | 000,000,406 | ---- | M] ()
At24.job -> C:\WINDOWS\tasks\At24.job -> [2010/11/11 23:17:00 | 000,000,406 | ---- | M] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/11 22:54:00 | 000,000,416 | ---- | M] ()
At47.job -> C:\WINDOWS\tasks\At47.job -> [2010/11/11 22:36:00 | 000,000,406 | ---- | M] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 20:46:01 | 000,008,704 | ---- | M] ()
At21.job -> C:\WINDOWS\tasks\At21.job -> [2010/11/11 20:17:00 | 000,000,406 | ---- | M] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/11 19:54:00 | 000,000,416 | ---- | M] ()
At44.job -> C:\WINDOWS\tasks\At44.job -> [2010/11/11 19:36:00 | 000,000,406 | ---- | M] ()
At20.job -> C:\WINDOWS\tasks\At20.job -> [2010/11/11 19:17:00 | 000,000,406 | ---- | M] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/11 19:00:00 | 000,000,258 | ---- | M] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/11 18:54:00 | 000,000,416 | ---- | M] ()
At43.job -> C:\WINDOWS\tasks\At43.job -> [2010/11/11 18:36:00 | 000,000,406 | ---- | M] ()
At19.job -> C:\WINDOWS\tasks\At19.job -> [2010/11/11 18:17:00 | 000,000,406 | ---- | M] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/11 17:54:00 | 000,000,416 | ---- | M] ()
At42.job -> C:\WINDOWS\tasks\At42.job -> [2010/11/11 17:36:00 | 000,000,406 | ---- | M] ()
At18.job -> C:\WINDOWS\tasks\At18.job -> [2010/11/11 17:17:00 | 000,000,406 | ---- | M] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/11 16:54:00 | 000,000,416 | ---- | M] ()
At41.job -> C:\WINDOWS\tasks\At41.job -> [2010/11/11 16:36:00 | 000,000,406 | ---- | M] ()
At17.job -> C:\WINDOWS\tasks\At17.job -> [2010/11/11 16:17:00 | 000,000,406 | ---- | M] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/11 13:54:00 | 000,000,416 | ---- | M] ()
At38.job -> C:\WINDOWS\tasks\At38.job -> [2010/11/11 13:36:00 | 000,000,406 | ---- | M] ()
At14.job -> C:\WINDOWS\tasks\At14.job -> [2010/11/11 13:17:00 | 000,000,406 | ---- | M] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/11 12:54:00 | 000,000,416 | ---- | M] ()
At37.job -> C:\WINDOWS\tasks\At37.job -> [2010/11/11 12:36:00 | 000,000,406 | ---- | M] ()
At13.job -> C:\WINDOWS\tasks\At13.job -> [2010/11/11 12:17:00 | 000,000,406 | ---- | M] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/11 11:54:00 | 000,000,416 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/11/11 11:43:33 | 000,000,822 | ---- | M] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/11/11 11:43:33 | 000,000,197 | ---- | M] ()
At23.job -> C:\WINDOWS\tasks\At23.job -> [2010/11/10 22:17:00 | 000,000,406 | ---- | M] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/10 21:54:00 | 000,000,416 | ---- | M] ()
At46.job -> C:\WINDOWS\tasks\At46.job -> [2010/11/10 21:36:00 | 000,000,406 | ---- | M] ()
At22.job -> C:\WINDOWS\tasks\At22.job -> [2010/11/10 21:17:00 | 000,000,406 | ---- | M] ()

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Sat Nov 13, 2010 3:04 am

69.job -> [2010/11/10 20:54:00 | 000,000,416 | ---- | M] ()
At45.job -> C:\WINDOWS\tasks\At45.job -> [2010/11/10 20:36:00 | 000,000,406 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/10 20:19:03 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:19:01 | 2078,789,632 | -HS- | M] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:40 | 003,902,849 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Guest\Desktop\OTS.exe -> [2010/11/10 19:36:20 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup.exe -> C:\Documents and Settings\Guest\Desktop\mbam-setup.exe -> [2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
Status Monitor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk -> [2010/11/09 20:18:37 | 000,000,848 | ---- | M] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 10:02:36 | 000,473,158 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 10:02:36 | 000,084,168 | ---- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/10/31 00:28:03 | 000,000,408 | -H-- | M] ()
logfile -> C:\logfile -> [2010/10/29 19:39:37 | 000,374,683 | ---- | M] ()
ESBK.mbb -> C:\Documents and Settings\All Users\Documents\ESBK.mbb -> [2010/10/24 19:50:23 | 004,428,800 | R--- | M] ()
ESBK.mb -> C:\Documents and Settings\All Users\Documents\ESBK.mb -> [2010/10/24 19:50:23 | 002,355,200 | R--- | M] ()
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/10/14 07:24:15 | 000,227,208 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/10/14 07:20:29 | 000,001,393 | ---- | M] ()
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/11 11:43:39 | 000,008,704 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/10 20:16:47 | 2078,789,632 | -HS- | C] ()
ComboFix.exe -> C:\Documents and Settings\Guest\Desktop\ComboFix.exe -> [2010/11/10 19:42:28 | 003,902,849 | ---- | C] ()
At72.job -> C:\WINDOWS\tasks\At72.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At71.job -> C:\WINDOWS\tasks\At71.job -> [2010/11/09 20:17:03 | 000,000,416 | ---- | C] ()
At70.job -> C:\WINDOWS\tasks\At70.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At69.job -> C:\WINDOWS\tasks\At69.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At68.job -> C:\WINDOWS\tasks\At68.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At67.job -> C:\WINDOWS\tasks\At67.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At66.job -> C:\WINDOWS\tasks\At66.job -> [2010/11/09 20:17:02 | 000,000,416 | ---- | C] ()
At65.job -> C:\WINDOWS\tasks\At65.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At64.job -> C:\WINDOWS\tasks\At64.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At63.job -> C:\WINDOWS\tasks\At63.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At62.job -> C:\WINDOWS\tasks\At62.job -> [2010/11/09 20:17:01 | 000,000,416 | ---- | C] ()
At61.job -> C:\WINDOWS\tasks\At61.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At60.job -> C:\WINDOWS\tasks\At60.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At59.job -> C:\WINDOWS\tasks\At59.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At58.job -> C:\WINDOWS\tasks\At58.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At57.job -> C:\WINDOWS\tasks\At57.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At56.job -> C:\WINDOWS\tasks\At56.job -> [2010/11/09 20:17:00 | 000,000,416 | ---- | C] ()
At55.job -> C:\WINDOWS\tasks\At55.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At54.job -> C:\WINDOWS\tasks\At54.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At53.job -> C:\WINDOWS\tasks\At53.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At52.job -> C:\WINDOWS\tasks\At52.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At51.job -> C:\WINDOWS\tasks\At51.job -> [2010/11/09 20:16:59 | 000,000,416 | ---- | C] ()
At50.job -> C:\WINDOWS\tasks\At50.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
At49.job -> C:\WINDOWS\tasks\At49.job -> [2010/11/09 20:16:58 | 000,000,416 | ---- | C] ()
RMSchedule.job -> C:\WINDOWS\tasks\RMSchedule.job -> [2010/11/07 23:08:29 | 000,000,258 | ---- | C] ()
Registry Mechanic.lnk -> C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk -> [2010/11/07 23:08:09 | 000,000,738 | ---- | C] ()
CleanMFT32.exe -> C:\WINDOWS\System32\CleanMFT32.exe -> [2010/11/07 23:08:08 | 000,037,336 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/07/29 12:47:14 | 000,524,288 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/07/29 12:47:14 | 000,139,264 | ---- | C] ()
yazeriza.dll -> C:\WINDOWS\System32\yazeriza.dll -> [2009/07/04 11:50:22 | 000,087,552 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2009/06/11 03:04:00 | 000,000,197 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2009/05/10 10:40:40 | 000,000,805 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2009/05/10 10:40:40 | 000,000,153 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2009/05/10 10:40:25 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2009/05/10 10:40:25 | 000,000,027 | ---- | C] ()
maxlink.ini -> C:\WINDOWS\maxlink.ini -> [2009/05/10 10:36:38 | 000,031,567 | ---- | C] ()
sqlite3.dll -> C:\WINDOWS\System32\sqlite3.dll -> [2009/05/01 20:30:55 | 000,223,232 | ---- | C] ()
SQLiteWrapper.dll -> C:\WINDOWS\System32\SQLiteWrapper.dll -> [2009/05/01 20:30:55 | 000,086,016 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2009/03/22 21:13:51 | 000,001,755 | ---- | C] ()
bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2009/01/05 14:44:10 | 000,000,453 | ---- | C] ()
PRNTCARD.INI -> C:\WINDOWS\PRNTCARD.INI -> [2008/12/26 10:48:44 | 000,000,045 | ---- | C] ()
Game.INI -> C:\WINDOWS\Game.INI -> [2008/11/05 14:48:17 | 000,000,000 | ---- | C] ()
iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2008/10/08 21:33:51 | 000,000,000 | ---- | C] ()
ka.ini -> C:\WINDOWS\ka.ini -> [2008/10/04 20:12:48 | 000,000,092 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2008/09/20 15:03:00 | 000,000,253 | ---- | C] ()
SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2008/09/20 14:58:45 | 000,000,000 | ---- | C] ()
st_affiliate.ini -> C:\WINDOWS\st_affiliate.ini -> [2008/08/21 21:24:09 | 000,000,071 | ---- | C] ()
iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2008/07/31 17:17:07 | 000,000,042 | ---- | C] ()
EKDeviceServices.dll -> C:\WINDOWS\System32\EKDeviceServices.dll -> [2008/07/28 16:45:27 | 000,012,800 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/07/24 20:50:27 | 000,000,002 | ---- | C] ()
Nsvideo.dll -> C:\WINDOWS\System32\Nsvideo.dll -> [2008/07/20 15:33:02 | 000,122,880 | ---- | C] ()
IPPCPUID.DLL -> C:\WINDOWS\System32\IPPCPUID.DLL -> [2008/07/20 15:32:07 | 000,040,960 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/04/18 23:54:05 | 000,000,061 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/04/18 23:21:18 | 001,703,936 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/04/18 23:21:18 | 001,019,904 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/04/18 23:21:17 | 000,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2008/04/18 23:21:17 | 000,286,720 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/04/18 23:21:16 | 001,478,656 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2008/04/18 23:19:55 | 000,001,119 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
zlib.dll -> C:\WINDOWS\System32\zlib.dll -> [2002/03/13 15:46:46 | 000,053,248 | R--- | C] ()
sysgtime.dll -> C:\WINDOWS\sysgtime.dll -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()
proclsvr.drv -> C:\WINDOWS\System32\proclsvr.drv -> [2000/01/06 19:00:00 | 000,024,448 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5BE85F6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DE1FF38
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:043E24E7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C80C7DFB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7624E8B8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8085D0B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C434694E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FB71C37
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03F0A612
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C81E3C9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18186C66
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DED4A5E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0506F89A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A385C726
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BEAD68C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4B5B2D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88240B04
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CC31E0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FFBB703
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08E8B73D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7A916
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FF59BCE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51284D0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3757C473
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2611698
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECD2924
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:929C5AFE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EBFA1FD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF079216
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6763F46
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702A8B3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A217D1B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA4BC92
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65521523
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1020F9B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B23CB4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBB82A4E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE22ABA0
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6C15BD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14DFF9B1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A146077
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA29F37
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DAB5A8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C778DFA3
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C0059D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B0DDFD
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C2F1C3C
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C404520E
< End of report >
[/code]

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by Belahzur on Sun Nov 14, 2010 12:04 am

Did you even read my post? that's OTS again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Tue Nov 16, 2010 10:27 pm

OTL Extras logfile created on: 11/16/2010 5:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.49 Gb Free Space | 70.14% Space Free | Partition Type: NTFS

Computer Name: D1FNS3G1 | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\iWin Games\iWinTrusted.exe" = C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted -- (iWin Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{10369D78-70C4-4C83-BAC7-40F94CAA8B76}" = Righteous Kill
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15A160C8-124E-481F-BBBB-66218A95F6E1}" = Ancient Mysteries
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205A0423-A2FF-473A-92E7-9A5F645225F1}" = Blood Ties
"{21BB2D6D-8ED8-47DC-8146-48104DDE3262}" = Super Granny 4
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DF9155C-AA79-4AB3-95FE-549AC9EB993E}" = Slingo Quest
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FED898-68B7-4A00-824F-EB2136E17D6A}" = Barbie(R) idesign(TM) Ultimate Stylist(TM)
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{475C7AB4-763E-49DC-9CFC-154FFB2B745D}" = Snowy: The Bears Adventures
"{503C539A-8572-4D92-A406-2EE67EBD2D26}" = Big City Adventure: Sydney Australia
"{510E4BCD-286B-40F0-8DB9-D02269EA144E}" = G.H.O.S.T. Hunters: The Haunting of Majesty Manor
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 8 Professional
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{51E2559D-F321-4B7A-81BE-0E7C168A4680}_is1" = Double Solitaire 2.00
"{52F5FBEC-F064-4766-A5AC-E3B136CD8887}" = Rainbow Mystery
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54B87119-DBC4-4663-8E25-57384D1FF1EE}" = Treasure Masters
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{645120D3-6592-4190-9D9D-4E769B8D4DD8}" = Discovery
"{647AC9E7-F65F-45B6-ADB1-17786D222247}" = STOPzilla
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66F6BC8B-22E0-4B67-A103-7AE3620B8281}" = Fashion Apprentice
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8168D841-C358-4F9B-B92E-EAE9EB715A74}" = Bing Bar Platform
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115459780}" = Mystery of Unicorn Castle
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{87AC3F0D-3FA2-4B93-8D06-DF8B86860B57}" = TriJinx
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B8ECEEB-8EDE-40A7-8FB9-E01D822A0573}" = Neverland
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A77305-6CC1-43EC-8A72-4E88A364C38C}" = The Lost Cases of Sherlock Holmes
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D77654AA-8AEC-45F4-8CF7-2ACCD615B294}" = Finders Keepers
"{D8262480-2A04-407C-B2F7-1439B789C349}" = Print Artist Express
"{D89C4390-238E-47A1-A9C7-07F2F6544BA0}" = DXG-518
"{D92980F6-3405-4524-B4B8-A6874AA730A4}" = Big City Adventure: San Francisco
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E6FF00EE-B79C-44F7-BB97-FA7FD8D94E62}" = Dancing with the Stars
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ENS31293-4DD5-81C6-1155-624AC34560083}_is1" = Autumn Tree
"{F0C8BC0A-B0E7-4F39-848C-C5B06021B702}" = Hidden Mysteries - White House
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F2A64101-DAB6-40AE-B4B3-18820F469421}" = Pirate Island
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"123 Free Solitaire_is1" = 123 Free Solitaire 2008 v6.0
"3D Falling Leaves Animated Wallpaper" = 3D Falling Leaves Animated Wallpaper
"3D Frog Frenzy" = 3D Frog Frenzy
"3D Snowy Cottage Animated Wallpaper" = 3D Snowy Cottage Animated Wallpaper
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazing Adventures The Caribbean Secret" = Amazing Adventures The Caribbean Secret
"Amazing Heists: Dillinger" = Amazing Heists: Dillinger (remove only)
"am-leeloostalentagency" = Leeloo's Talent Agency
"Annabel" = Annabel (remove only)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Barbie(TM) as Rapunzel" = Barbie(TM) as Rapunzel
"BCDP9_is1" = Business Card Designer Plus 9.5.0.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Cradle of Rome" = Cradle of Rome (remove only)
"Diamond Drop 2 (CD version)" = Diamond Drop 2 (CD version)
"embarqtoolbar" = Embarq Toolbar
"Falling leaves Wallpaper" = Falling leaves Wallpaper
"Family Feud Dream Home" = Family Feud Dream Home (remove only)
"Feeding Frenzy 2 Deluxe 1.0" = Feeding Frenzy 2 Deluxe 1.0
"Freeze Wallpaper" = Freeze Wallpaper
"FunPhotor_is1" = FunPhotor 5.0
"GameHouse" = GameHouse
"Gemini Lost Deluxe" = Gemini Lost Deluxe
"Heroes of Hellas" = Heroes of Hellas (remove only)
"Hide and Secret" = Hide and Secret
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Imikimi Plugin" = Imikimi Plugin
"InterActual Player" = InterActual Player
"Interpol 2: Most Wanted" = Interpol 2: Most Wanted (remove only)
"IObitCom Toolbar" = IObitCom Toolbar
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Jewel Quest Solitaire Deluxe" = Jewel Quest Solitaire Deluxe
"JL2005A Camera_is1" = Uninstall JL2005A Camera
"Little Shop: Memories" = Little Shop: Memories (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marooned" = Marooned
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MostFun.com Games - Big City Adventure: San Francisco" = MostFun.com Games - Big City Adventure: San Francisco (remove only)
"MostFun.com Games - Big City Adventure: Sydney Australia" = MostFun.com Games - Big City Adventure: Sydney Australia (remove only)
"MostFun.com Games - Fashion Apprentice" = MostFun.com Games - Fashion Apprentice (remove only)
"MostFun.com Games - Finders Keepers" = MostFun.com Games - Finders Keepers (remove only)
"MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor" = MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor (remove only)
"MostFun.com Games - Neverland" = MostFun.com Games - Neverland (remove only)
"MostFun.com Games - Pirate Island" = MostFun.com Games - Pirate Island (remove only)
"MostFun.com Games - Rainbow Mystery" = MostFun.com Games - Rainbow Mystery (remove only)
"MostFun.com Games - Righteous Kill" = MostFun.com Games - Righteous Kill (remove only)
"MostFun.com Games - Slingo Quest" = MostFun.com Games - Slingo Quest (remove only)
"MostFun.com Games - Snowy: The Bears Adventures" = MostFun.com Games - Snowy: The Bears Adventures (remove only)
"MostFun.com Games - Super Granny 4" = MostFun.com Games - Super Granny 4 (remove only)
"MostFun.com Games - The Lost Cases of Sherlock Holmes" = MostFun.com Games - The Lost Cases of Sherlock Holmes (remove only)
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNINST" = MSN
"Mystery Solitaire" = Mystery Solitaire: Secret Island (remove only)
"Mystic Emporium Deluxe" = Mystic Emporium Deluxe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PakMan 2008_is1" = PakMan 2008
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"Plants vs. Zombies" = Plants vs. Zombies
"Playsushi" = Playsushi
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Princess Isabella - A Witchs Curse" = Princess Isabella - A Witchs Curse (remove only)
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Safari Island Deluxe" = Safari Island Deluxe
"Scooby-Doo(TM), Case File #1 The Glowing Bug Man" = Scooby-Doo(TM), Case File #1 The Glowing Bug Man
"Spyware Doctor" = Spyware Doctor 6.1
"SpywareGuard_is1" = SpywareGuard v2.2
"Super Granny 5" = Super Granny 5 (remove only)
"Supermarket Mania" = Supermarket Mania
"The Treasures of Mystery Island" = The Treasures of Mystery Island
"The Treasures Of Mystery Island_is1" = The Treasures Of Mystery Island
"Total 3D Home" = Total 3D Home
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Wedding Dash 4-Ever" = Wedding Dash 4-Ever (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Zuma's Revenge!" = Zuma's Revenge!

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Tue Nov 16, 2010 10:27 pm

OTL Extras logfile created on: 11/16/2010 5:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.49 Gb Free Space | 70.14% Space Free | Partition Type: NTFS

Computer Name: D1FNS3G1 | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1208580525\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\iWin Games\iWinTrusted.exe" = C:\Program Files\iWin Games\iWinTrusted.exe:*:Enabled:iWinTrusted -- (iWin Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{10369D78-70C4-4C83-BAC7-40F94CAA8B76}" = Righteous Kill
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15A160C8-124E-481F-BBBB-66218A95F6E1}" = Ancient Mysteries
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205A0423-A2FF-473A-92E7-9A5F645225F1}" = Blood Ties
"{21BB2D6D-8ED8-47DC-8146-48104DDE3262}" = Super Granny 4
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DF9155C-AA79-4AB3-95FE-549AC9EB993E}" = Slingo Quest
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FED898-68B7-4A00-824F-EB2136E17D6A}" = Barbie(R) idesign(TM) Ultimate Stylist(TM)
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{475C7AB4-763E-49DC-9CFC-154FFB2B745D}" = Snowy: The Bears Adventures
"{503C539A-8572-4D92-A406-2EE67EBD2D26}" = Big City Adventure: Sydney Australia
"{510E4BCD-286B-40F0-8DB9-D02269EA144E}" = G.H.O.S.T. Hunters: The Haunting of Majesty Manor
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 8 Professional
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{51E2559D-F321-4B7A-81BE-0E7C168A4680}_is1" = Double Solitaire 2.00
"{52F5FBEC-F064-4766-A5AC-E3B136CD8887}" = Rainbow Mystery
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54B87119-DBC4-4663-8E25-57384D1FF1EE}" = Treasure Masters
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{645120D3-6592-4190-9D9D-4E769B8D4DD8}" = Discovery
"{647AC9E7-F65F-45B6-ADB1-17786D222247}" = STOPzilla
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66F6BC8B-22E0-4B67-A103-7AE3620B8281}" = Fashion Apprentice
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8168D841-C358-4F9B-B92E-EAE9EB715A74}" = Bing Bar Platform
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115459780}" = Mystery of Unicorn Castle
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{87AC3F0D-3FA2-4B93-8D06-DF8B86860B57}" = TriJinx
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B8ECEEB-8EDE-40A7-8FB9-E01D822A0573}" = Neverland
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A77305-6CC1-43EC-8A72-4E88A364C38C}" = The Lost Cases of Sherlock Holmes
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D77654AA-8AEC-45F4-8CF7-2ACCD615B294}" = Finders Keepers
"{D8262480-2A04-407C-B2F7-1439B789C349}" = Print Artist Express
"{D89C4390-238E-47A1-A9C7-07F2F6544BA0}" = DXG-518
"{D92980F6-3405-4524-B4B8-A6874AA730A4}" = Big City Adventure: San Francisco
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E6FF00EE-B79C-44F7-BB97-FA7FD8D94E62}" = Dancing with the Stars
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ENS31293-4DD5-81C6-1155-624AC34560083}_is1" = Autumn Tree
"{F0C8BC0A-B0E7-4F39-848C-C5B06021B702}" = Hidden Mysteries - White House
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F2A64101-DAB6-40AE-B4B3-18820F469421}" = Pirate Island
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"123 Free Solitaire_is1" = 123 Free Solitaire 2008 v6.0
"3D Falling Leaves Animated Wallpaper" = 3D Falling Leaves Animated Wallpaper
"3D Frog Frenzy" = 3D Frog Frenzy
"3D Snowy Cottage Animated Wallpaper" = 3D Snowy Cottage Animated Wallpaper
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazing Adventures The Caribbean Secret" = Amazing Adventures The Caribbean Secret
"Amazing Heists: Dillinger" = Amazing Heists: Dillinger (remove only)
"am-leeloostalentagency" = Leeloo's Talent Agency
"Annabel" = Annabel (remove only)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Barbie(TM) as Rapunzel" = Barbie(TM) as Rapunzel
"BCDP9_is1" = Business Card Designer Plus 9.5.0.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Cradle of Rome" = Cradle of Rome (remove only)
"Diamond Drop 2 (CD version)" = Diamond Drop 2 (CD version)
"embarqtoolbar" = Embarq Toolbar
"Falling leaves Wallpaper" = Falling leaves Wallpaper
"Family Feud Dream Home" = Family Feud Dream Home (remove only)
"Feeding Frenzy 2 Deluxe 1.0" = Feeding Frenzy 2 Deluxe 1.0
"Freeze Wallpaper" = Freeze Wallpaper
"FunPhotor_is1" = FunPhotor 5.0
"GameHouse" = GameHouse
"Gemini Lost Deluxe" = Gemini Lost Deluxe
"Heroes of Hellas" = Heroes of Hellas (remove only)
"Hide and Secret" = Hide and Secret
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Imikimi Plugin" = Imikimi Plugin
"InterActual Player" = InterActual Player
"Interpol 2: Most Wanted" = Interpol 2: Most Wanted (remove only)
"IObitCom Toolbar" = IObitCom Toolbar
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Jewel Quest Solitaire Deluxe" = Jewel Quest Solitaire Deluxe
"JL2005A Camera_is1" = Uninstall JL2005A Camera
"Little Shop: Memories" = Little Shop: Memories (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marooned" = Marooned
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MostFun.com Games - Big City Adventure: San Francisco" = MostFun.com Games - Big City Adventure: San Francisco (remove only)
"MostFun.com Games - Big City Adventure: Sydney Australia" = MostFun.com Games - Big City Adventure: Sydney Australia (remove only)
"MostFun.com Games - Fashion Apprentice" = MostFun.com Games - Fashion Apprentice (remove only)
"MostFun.com Games - Finders Keepers" = MostFun.com Games - Finders Keepers (remove only)
"MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor" = MostFun.com Games - G.H.O.S.T. Hunters: The Haunting of Majesty Manor (remove only)
"MostFun.com Games - Neverland" = MostFun.com Games - Neverland (remove only)
"MostFun.com Games - Pirate Island" = MostFun.com Games - Pirate Island (remove only)
"MostFun.com Games - Rainbow Mystery" = MostFun.com Games - Rainbow Mystery (remove only)
"MostFun.com Games - Righteous Kill" = MostFun.com Games - Righteous Kill (remove only)
"MostFun.com Games - Slingo Quest" = MostFun.com Games - Slingo Quest (remove only)
"MostFun.com Games - Snowy: The Bears Adventures" = MostFun.com Games - Snowy: The Bears Adventures (remove only)
"MostFun.com Games - Super Granny 4" = MostFun.com Games - Super Granny 4 (remove only)
"MostFun.com Games - The Lost Cases of Sherlock Holmes" = MostFun.com Games - The Lost Cases of Sherlock Holmes (remove only)
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNINST" = MSN
"Mystery Solitaire" = Mystery Solitaire: Secret Island (remove only)
"Mystic Emporium Deluxe" = Mystic Emporium Deluxe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PakMan 2008_is1" = PakMan 2008
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"Plants vs. Zombies" = Plants vs. Zombies
"Playsushi" = Playsushi
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Princess Isabella - A Witchs Curse" = Princess Isabella - A Witchs Curse (remove only)
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Safari Island Deluxe" = Safari Island Deluxe
"Scooby-Doo(TM), Case File #1 The Glowing Bug Man" = Scooby-Doo(TM), Case File #1 The Glowing Bug Man
"Spyware Doctor" = Spyware Doctor 6.1
"SpywareGuard_is1" = SpywareGuard v2.2
"Super Granny 5" = Super Granny 5 (remove only)
"Supermarket Mania" = Supermarket Mania
"The Treasures of Mystery Island" = The Treasures of Mystery Island
"The Treasures Of Mystery Island_is1" = The Treasures Of Mystery Island
"Total 3D Home" = Total 3D Home
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Wedding Dash 4-Ever" = Wedding Dash 4-Ever (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Zuma's Revenge!" = Zuma's Revenge!

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by Belahzur on Wed Nov 17, 2010 12:32 am

Hello.
You posted Extras.txt twice, please post OTL.txt as well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by jewelc on Fri Nov 19, 2010 1:44 am

OTL logfile created on: 11/18/2010 8:32:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 105.13 Gb Free Space | 70.57% Space Free | Partition Type: NTFS

Computer Name: D1FNS3G1 | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 17:22:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.exe
PRC - [2010/09/10 15:11:48 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/05/14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/03/16 15:34:54 | 000,243,032 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 08:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2006/10/23 01:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 17:22:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/08/22 12:53:28 | 000,028,672 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files\Avanquest\Fix-It\WinHook.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\Firefox [2010/03/21 12:45:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/23 02:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/13 10:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 13:39:30 | 000,000,000 | ---D | M]

[2010/08/31 13:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/07 10:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/01 13:39:37 | 000,000,000 | ---D | M] (QuestDns) -- C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}
[2010/07/15 16:25:04 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
[2009/10/26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/11/11 11:43:33 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (compliance0615 Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb0.dll (Conduit Ltd.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (compliance0615 Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (compliance0615 Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [VirusScannerPro] C:\Program Files\Avanquest\Fix-It\MemCheck.exe (Avanquest North America, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} [You must be registered and logged in to see this link.] (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} [You must be registered and logged in to see this link.] (Brickout Control)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} [You must be registered and logged in to see this link.] (Walt Disney Internet Group Hardware Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [You must be registered and logged in to see this link.] (WoF Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} [You must be registered and logged in to see this link.] (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [You must be registered and logged in to see this link.] (a-squared Scanner)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [You must be registered and logged in to see this link.] (F-Secure Online Scanner 3.3)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} [You must be registered and logged in to see this link.] (FamilyFeud Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} [You must be registered and logged in to see this link.] (Imikimi_activex_plugin Control)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} [You must be registered and logged in to see this link.] (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 17:22:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.exe
[2010/11/13 22:49:21 | 000,000,000 | ---D | C] -- C:\1591d1425ed796a632223ddbde6d
[2010/11/10 16:00:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guest\Desktop\mbam-setup.exe
[2010/11/07 23:08:08 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/11/07 23:08:08 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/11/07 23:08:08 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 20:39:47 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/11/18 20:37:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job
[2010/11/18 20:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/18 20:35:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job
[2010/11/18 20:34:52 | 000,009,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/18 20:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/18 20:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/18 19:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/18 19:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/11/18 19:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/18 19:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/18 19:00:12 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/11/18 16:53:04 | 000,000,562 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Wanda_2.job
[2010/11/18 15:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/11/18 15:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/18 15:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/18 14:53:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/11/18 14:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/18 14:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/18 12:54:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/11/18 12:36:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/11/18 12:17:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/18 11:54:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/11/18 11:36:12 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/18 11:17:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/18 10:54:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/11/18 10:36:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/18 10:17:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/18 09:54:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/11/18 09:36:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/11/18 09:17:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/18 08:54:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/11/18 08:36:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/18 08:17:11 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/18 07:54:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/11/18 07:36:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/11/18 07:17:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/18 06:54:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/11/18 06:36:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/18 06:17:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/18 05:54:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/11/18 05:36:10 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/18 05:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/18 04:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/11/18 04:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/11/18 04:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/18 03:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/11/18 03:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/11/18 03:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/18 02:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/11/18 02:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/11/18 02:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/18 01:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/11/18 01:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/11/18 01:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/18 00:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/11/18 00:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/11/18 00:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/17 23:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/17 23:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/11/17 23:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/11/17 23:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/17 22:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/11/17 22:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/11/17 22:17:14 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/17 21:54:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/11/17 21:36:14 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/17 21:17:14 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/17 20:54:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/11/17 18:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/11/17 18:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/11/17 18:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/17 17:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/11/17 17:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/11/17 17:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/17 16:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/11/17 16:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/11/17 16:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/17 13:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/11/17 13:36:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/11/17 13:17:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/16 17:22:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.exe
[2010/11/15 21:28:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Internet.lnk
[2010/11/14 14:06:59 | 000,046,698 | ---- | M] () -- C:\Documents and Settings\Guest\My Documents\ME.jpg
[2010/11/14 01:28:01 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/11 11:43:33 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/11 11:43:33 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/10 20:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 20:19:01 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 19:42:40 | 003,902,849 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\ComboFix.exe
[2010/11/10 16:03:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Guest\Desktop\mbam-setup.exe
[2010/11/09 20:18:37 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/11/07 23:08:09 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/11/07 10:02:36 | 000,473,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 10:02:36 | 000,084,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 19:39:37 | 000,374,683 | ---- | M] () -- C:\logfile
[2010/10/24 19:50:23 | 004,428,800 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/10/24 19:50:23 | 002,355,200 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 21:28:25 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\Internet.lnk
[2010/11/14 18:45:41 | 000,046,698 | ---- | C] () -- C:\Documents and Settings\Guest\My Documents\ME.jpg
[2010/11/11 11:43:39 | 000,008,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/10 20:16:47 | 2078,789,632 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/10 19:42:28 | 003,902,849 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\ComboFix.exe
[2010/11/09 20:17:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/11/09 20:17:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/11/09 20:17:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/11/09 20:17:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/11/09 20:17:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/11/09 20:17:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/11/09 20:17:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/11/09 20:17:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/11/09 20:17:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/11/09 20:17:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/11/09 20:17:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/11/09 20:17:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/11/09 20:17:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/11/09 20:17:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/11/09 20:17:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/11/09 20:17:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/11/09 20:17:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/11/09 20:16:59 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/11/09 20:16:59 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/11/09 20:16:59 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/11/09 20:16:59 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/11/09 20:16:59 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/11/09 20:16:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/11/09 20:16:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/11/07 23:08:29 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2010/11/07 23:08:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/11/07 23:08:08 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2009/07/29 12:47:14 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/29 12:47:14 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/04 11:50:22 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\yazeriza.dll
[2009/06/11 03:04:00 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/10 10:40:40 | 000,000,805 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/10 10:40:40 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/05/10 10:40:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/10 10:40:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/10 10:36:38 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/01 20:30:55 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/05/01 20:30:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/03/22 21:13:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/26 10:48:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\PRNTCARD.INI
[2008/11/05 14:48:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/10/08 21:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/10/04 20:12:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/09/20 15:03:00 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/20 14:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/08/21 21:24:09 | 000,000,071 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/07/31 17:17:07 | 000,000,042 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/07/28 16:45:27 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/07/24 20:50:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/20 15:33:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2008/07/20 15:32:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/04/18 23:54:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/18 23:21:18 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/18 23:21:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/18 23:21:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/18 23:21:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/18 23:21:16 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/18 23:19:55 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2000/01/06 19:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/06 19:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C404520E
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C2F1C3C
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B0DDFD
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C0059D
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C778DFA3
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7307D080
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DAB5A8
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA29F37
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A146077
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10C2DA8
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14DFF9B1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79041A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8011787
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6C15BD
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE22ABA0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBB82A4E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67F0F865
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B23CB4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1020F9B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3698DB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65521523
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA4BC92
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7120F9A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CD95DE0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A217D1B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702A8B3
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6763F46
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF079216
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D3CAFDD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EBFA1FD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:929C5AFE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECD2924
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2611698
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3757C473
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F24AD862
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51284D0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D7EDFD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FF59BCE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0F3115
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7A916
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC81AA95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08E8B73D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FFBB703
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA78B902
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CC31E0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88240B04
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F4B5B2D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BBAFAAC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C681EF1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BEAD68C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EC8A23
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C92A6B45
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35815A26
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF3D0EA3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A385C726
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0506F89A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB601DB3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2F4B57
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DED4A5E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18186C66
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C81E3C9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99963C1E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03F0A612
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA911BA0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6DC5DD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BE2307D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81BA5807
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FB71C37
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BA2318
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C434694E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8085D0B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15606AA7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38337420
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7624E8B8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C80C7DFB
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:043E24E7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E69E337
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DE1FF38
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5BE85F6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404390E0
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17FCBFF6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5070F1A6

< End of report >

jewelc
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-11-11
OS OS : windows xp
Points Points : 22408
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help me remove microsoft security essentials fake allert,,,thinkpoint

Post by Belahzur on Sat Nov 20, 2010 1:01 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum