Fake Microsoft Security Essentials Alert

View previous topic View next topic Go down

Fake Microsoft Security Essentials Alert

Post by rocio25 on Mon Oct 04, 2010 4:35 pm

I was playing a game on [You must be registered and logged in to see this link.] when my firefox explorer closed and open a red screen from Microsoft Security Essentials. It says that my computer has a Trojan virus. I did tried to open Task Manager to stop the processing, but it is not opening. I did try to open thru the RUN: Taskmgr, but this software it is unable it to open. I did try to delete the files that are corrupted but the computer cannot find them. Please I do not know what else to do. I need help a.s.a.p.

PD. I did run the Malwarebytes Anti-Malware but it is not getting rid of it.

rocio25
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-07-02
OS OS : windows XP
Points Points : 27340
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Fake Microsoft Security Essentials Alert

Post by Belahzur on Mon Oct 04, 2010 7:10 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Fake Microsoft Security Essentials Alert

Post by rocio25 on Tue Oct 05, 2010 9:01 am

Hi,
Thanks for answering my players. I hope that we can fix this thing. Thanks again!!!!! =)
Here is the first log:

OTL logfile created on: 10/5/2010 8:54:37 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Rocio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 144.17 Gb Free Space | 62.74% Space Free | Partition Type: NTFS
Drive D: | 614.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.52 Gb Total Space | 4.98 Gb Free Space | 66.31% Space Free | Partition Type: FAT32

Computer Name: LOUIS2
Current User Name: Rocio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 07:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
PRC - [2010/10/04 14:52:16 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/19 17:29:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system\www\bcp\taskm.exe
PRC - [2009/07/16 13:51:52 | 000,090,112 | ---- | M] (windows) -- C:\WINDOWS\system\www\svchos.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/23 12:22:12 | 000,073,728 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\PrnPack.exe
PRC - [2007/08/24 11:18:16 | 000,033,280 | ---- | M] (Onyx Graphics) -- C:\Onyx\AutoUpdate\OnxUpdtService.exe
PRC - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/16 14:47:04 | 000,061,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/03/01 02:00:00 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
PRC - [2004/02/04 04:14:00 | 000,151,552 | ---- | M] (Oki Data Corporation) -- C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 07:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/11/29 12:38:10 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/27 16:13:21 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/24 11:18:16 | 000,033,280 | ---- | M] (Onyx Graphics) [Auto | Running] -- C:\Onyx\AutoUpdate\OnxUpdtService.exe -- (OnyxUpdaterService)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/03/01 02:00:00 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE -- (DCSLoader)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\msfwdrv.sys -- (MSFWDrv)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DM150Drv.sys -- (DM150Drv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/14 15:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/08 12:11:42 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2007/08/24 11:00:21 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/08/04 00:26:04 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/03/12 20:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 21:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/03/06 21:39:20 | 000,099,712 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/03/06 21:39:12 | 000,329,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/21 19:12:16 | 001,095,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/19 15:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/05/11 17:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/07 12:02:08 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EyeOneDp.sys -- (EyeOneDp)
DRV - [2003/10/09 17:48:58 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\Program Files\FlexiSIGN-PRO 7.0v2\Program\Par1284.sys -- (Par1284)
DRV - [2002/12/17 00:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/04/15 14:38:20 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 08:44:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 08:44:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/08/03 10:43:40 | 000,000,000 | ---D | M]

[2009/08/04 14:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Extensions
[2010/10/04 08:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions
[2010/07/16 09:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 09:57:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/28 13:51:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/04 08:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 10:31:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/07/31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2009/07/16 13:59:00 | 000,000,231 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 viabcp.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 scotiabank.com.pe
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT] C:\WINDOWS\system\www\bcp\taskm.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe (CANON INC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LH] C:\WINDOWS\system\www\svchos.exe (windows)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PrintPack dispatcher] C:\Program Files\Software602\Print2PDF\PrnPack.exe (Software602)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GARO Status Monitor.lnk = C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\~[Filtered JS Events]~\~[Filtered JS Events]~.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe (Oki Data Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} [You must be registered and logged in to see this link.] (DacomUpload Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Rocio\Application Data\hotfix.exe) - C:\Documents and Settings\Rocio\Application Data\hotfix.exe ()
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rocio\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rocio\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0087f151-ec51-11dc-bc4b-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{0087f151-ec51-11dc-bc4b-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06d5d723-9960-11de-beda-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{06d5d723-9960-11de-beda-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09a5551f-9e4c-11df-bff3-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{09a5551f-9e4c-11df-bff3-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09a5551f-9e4c-11df-bff3-0019d1e83d77}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found
O33 - MountPoints2\{57c61c5a-4746-11dc-bb51-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{57c61c5a-4746-11dc-bb51-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5cce9654-43b7-11de-be30-0019d1e83d77}\Shell\AutoRun\command - "" = I:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{5cce9654-43b7-11de-be30-0019d1e83d77}\Shell\explore\command - "" = I:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{5cce9654-43b7-11de-be30-0019d1e83d77}\Shell\open\command - "" = I:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{8baf1aaa-8689-11de-bec7-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{8baf1aaa-8689-11de-bec7-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8baf1aaa-8689-11de-bec7-0019d1e83d77}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9f553ef6-c46a-11dc-bc06-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{9f553ef6-c46a-11dc-bc06-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e86bf34b-85db-11df-bfdc-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{e86bf34b-85db-11df-bfdc-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e86bf34b-85db-11df-bfdc-0019d1e83d77}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 08:54:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
[2010/09/13 08:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rocio\Desktop\Unused Desktop Shortcuts
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 08:44:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 08:43:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 08:43:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 08:43:53 | 3210,649,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 07:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
[2010/10/04 17:26:11 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Rocio\ntuser.dat
[2010/10/04 17:26:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Rocio\ntuser.ini
[2010/10/04 17:15:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 16:54:13 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Microsoft Office Outlook 2003.lnk
[2010/10/04 14:52:18 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\srsf.bat
[2010/10/04 14:52:16 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
[2010/10/04 10:56:14 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Rocio\My Documents\spider.sav
[2010/10/04 09:02:44 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Microsoft Office Word 2003.lnk
[2010/10/04 08:42:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 12:50:01 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Microsoft Office Excel 2003 (2).lnk
[2010/09/30 12:37:02 | 001,512,189 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.pdf
[2010/09/30 12:34:17 | 000,180,356 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.jpg
[2010/09/30 12:10:00 | 003,689,215 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window_original.pdf
[2010/09/30 12:10:00 | 000,967,246 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE-original.pdf
[2010/09/30 12:08:58 | 004,288,309 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE- Over Door.pdf
[2010/09/30 11:53:49 | 011,648,529 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window 3 Corp Sign.pdf
[2010/09/28 12:43:53 | 000,228,801 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1080.JPG
[2010/09/28 12:37:48 | 000,911,707 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1081.JPG
[2010/09/28 10:35:53 | 000,063,849 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\allliquer.jpg
[2010/09/28 09:59:00 | 000,010,282 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\liquor.jpg
[2010/09/28 09:54:27 | 000,008,938 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\images.jpg
[2010/09/28 09:35:26 | 000,276,617 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Thomas.pdf
[2010/09/28 09:17:08 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/24 09:15:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/20 13:51:18 | 000,523,952 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\endodontic.jpg
[2010/09/20 13:43:32 | 001,090,861 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Endodontic.ai
[2010/09/20 11:15:01 | 009,014,860 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\New Image.JPG
[2010/09/16 08:54:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/16 08:54:29 | 000,449,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/16 08:54:29 | 000,073,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/16 08:54:28 | 000,529,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/15 17:21:40 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 17:21:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 09:27:53 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\INVOICE IN BLANK2.xls
[2010/09/14 09:26:52 | 000,013,394 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\LouisLeggio.jpg
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 14:52:16 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\srsf.bat
[2010/10/04 14:52:15 | 000,650,240 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
[2010/09/30 12:34:17 | 000,180,356 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.jpg
[2010/09/30 12:10:00 | 003,689,215 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window_original.pdf
[2010/09/30 12:10:00 | 000,967,246 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE-original.pdf
[2010/09/30 11:05:00 | 011,648,529 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window 3 Corp Sign.pdf
[2010/09/30 11:05:00 | 004,288,309 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE- Over Door.pdf
[2010/09/28 14:08:48 | 001,512,189 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.pdf
[2010/09/28 11:48:45 | 000,911,707 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1081.JPG
[2010/09/28 11:48:45 | 000,228,801 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1080.JPG
[2010/09/28 10:35:56 | 000,063,849 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\allliquer.jpg
[2010/09/28 09:59:07 | 000,010,282 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\liquor.jpg
[2010/09/28 09:54:27 | 000,008,938 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\images.jpg
[2010/09/28 09:34:27 | 000,276,617 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\Thomas.pdf
[2010/09/28 09:17:08 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/20 13:51:14 | 000,523,952 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\endodontic.jpg
[2010/09/20 11:54:07 | 001,090,861 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\Endodontic.ai
[2010/09/20 11:14:58 | 009,014,860 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\New Image.JPG
[2010/09/14 09:26:52 | 000,013,394 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\LouisLeggio.jpg
[2010/09/13 10:08:28 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\INVOICE IN BLANK2.xls
[2010/09/01 13:43:01 | 000,905,290 | R--- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2010/04/30 09:22:09 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/14 11:58:25 | 004,124,332 | ---- | C] () -- C:\Program Files\FileZilla_3.3.1_win32-setup.exe
[2009/11/20 14:04:21 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2009/08/04 10:43:56 | 000,011,445 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gekulyhu.lib
[2009/08/03 10:29:26 | 000,019,978 | ---- | C] () -- C:\Program Files\Common Files\qimup.exe
[2009/08/03 10:29:26 | 000,019,861 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lejunamel.bat
[2009/08/03 10:29:26 | 000,019,795 | ---- | C] () -- C:\Program Files\Common Files\oqitivogew.dll
[2009/08/03 10:29:26 | 000,019,420 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ifalyba._sy
[2009/08/03 10:29:26 | 000,019,373 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\emocubajoj._sy
[2009/08/03 10:29:26 | 000,018,742 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ytetyfuboz.vbs
[2009/08/03 10:29:26 | 000,018,579 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enabyga._sy
[2009/08/03 10:29:26 | 000,018,493 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owagewupec.pif
[2009/08/03 10:29:26 | 000,018,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baweh.pif
[2009/08/03 10:29:26 | 000,016,999 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxolu.dll
[2009/08/03 10:29:26 | 000,015,116 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rivo.db
[2009/08/03 10:29:26 | 000,012,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cuvequj._dl
[2009/08/03 10:29:26 | 000,011,632 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\zyvel.sys
[2009/08/03 10:29:26 | 000,011,033 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\upurog._dl
[2009/08/03 10:29:26 | 000,010,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erade.lib
[2009/08/03 08:41:12 | 000,018,442 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\osedaqu.lib
[2009/08/03 08:41:12 | 000,012,776 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lamo.inf
[2009/08/02 08:58:48 | 000,012,712 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rare._sy
[2009/08/02 08:58:48 | 000,010,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lajuvyxi.inf
[2009/08/02 08:58:48 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ufag.db
[2009/08/01 10:12:41 | 000,016,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\byzyquzyxy.dl
[2009/07/31 14:57:55 | 000,018,471 | ---- | C] () -- C:\Program Files\Common Files\hodyjez.bin
[2009/07/31 14:57:55 | 000,017,811 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\eqat
[2009/07/31 14:57:55 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\umyhytahyh.pif
[2009/07/31 14:57:55 | 000,015,709 | ---- | C] () -- C:\Program Files\Common Files\enyxiqu.bin
[2009/07/31 14:57:55 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ulegajevat.vbs
[2009/07/31 14:57:55 | 000,015,457 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\pohifawuk.com
[2009/07/31 14:57:55 | 000,013,647 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\odidiw.dll
[2009/07/31 14:57:55 | 000,012,902 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\iviva.sys
[2009/07/31 14:57:55 | 000,010,494 | ---- | C] () -- C:\Program Files\Common Files\umutud.db
[2009/07/31 14:57:55 | 000,010,351 | ---- | C] () -- C:\Program Files\Common Files\abaroqydes.com
[2009/07/31 14:57:55 | 000,010,044 | ---- | C] () -- C:\WINDOWS\izamebys.sys
[2009/07/31 14:57:54 | 000,019,878 | ---- | C] () -- C:\WINDOWS\aqun.sys
[2009/07/31 14:57:54 | 000,018,161 | ---- | C] () -- C:\Program Files\Common Files\fine.pif
[2009/07/31 14:57:54 | 000,013,258 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\caqadam.bin
[2009/07/31 14:57:54 | 000,012,262 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pajutolyt.scr
[2009/06/10 13:10:33 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/18 10:30:16 | 000,005,648 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\33E9E9E8-0994-4CB7-BDB7-ECDFA558EAED.txt
[2009/04/17 13:16:41 | 000,006,838 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\33E9E9E8-0994-4CB7-BDB7-ECDFA558EAED.txt
[2009/04/15 17:02:20 | 000,005,230 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4458E9F1-7637-45F9-879A-393C721625EF.txt
[2009/04/15 15:13:19 | 000,006,846 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\4458E9F1-7637-45F9-879A-393C721625EF.txt
[2009/02/12 14:45:36 | 000,000,096 | ---- | C] () -- C:\WINDOWS\OPHA.ini
[2009/02/12 13:06:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\EZSET_SP.INI
[2008/12/24 10:07:23 | 000,036,435 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\Comma Separated Values (Windows).ADR
[2008/12/04 12:35:09 | 000,000,102 | ---- | C] () -- C:\WINDOWS\TRWONLIN.INI
[2008/11/25 17:57:29 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/07/11 11:36:31 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/04/18 10:46:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IPRLYOT.INI
[2008/04/11 09:35:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\i1Share.ini
[2008/03/08 12:11:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RIPMONNT.DLL
[2008/03/08 12:11:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2008/02/04 16:04:35 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\dvd.bmk
[2007/12/27 17:10:11 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/12/27 16:34:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2007/12/21 16:36:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/10 15:43:23 | 000,010,569 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/10/23 10:57:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/19 11:26:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\fusioncache.dat
[2007/10/09 10:13:58 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\wklnhst.dat
[2007/10/02 09:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/08/24 12:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jawsnt.INI
[2007/08/24 11:00:21 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/08/21 11:15:14 | 000,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/08/09 11:24:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/08/09 11:24:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/04 00:35:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/04 00:29:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/04 00:04:28 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/08/04 00:04:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/08/04 00:03:22 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 11:59:12 | 004,014,080 | ---- | C] () -- C:\WINDOWS\System32\qt-mt333.dll
[2003/02/17 16:24:24 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

rocio25
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-07-02
OS OS : windows XP
Points Points : 27340
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Fake Microsoft Security Essentials Alert

Post by rocio25 on Tue Oct 05, 2010 9:01 am

Here goes the second log:

OTL Extras logfile created on: 10/5/2010 8:54:37 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Rocio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 144.17 Gb Free Space | 62.74% Space Free | Partition Type: NTFS
Drive D: | 614.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.52 Gb Total Space | 4.98 Gb Free Space | 66.31% Space Free | Partition Type: FAT32

Computer Name: LOUIS2
Current User Name: Rocio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE ()
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"" =
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 DEMO Application -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Canon\imagePROGRAF Device Setup Utility\cnwids.exe" = C:\Program Files\Canon\imagePROGRAF Device Setup Utility\cnwids.exe:*:Enabled:imagePROGRAF Device Setup Utility -- (CANON INC.)
"C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe" = C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe:*:Enabled:GARO Status Monitor -- (CANON INC.)
"C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe" = C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe:*:Enabled:GARO Device Agent -- (CANON INC.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 DEMO Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\WINDOWS\system\www\svchos.exe" = C:\WINDOWS\system\www\svchos.exe:*:Enabled:des -- (windows)
"C:\WINDOWS\LMI1EC.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1EC.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Documents and Settings\Rocio\Local Settings\temp\7zS20F.tmp\SymNRT.exe" = C:\Documents and Settings\Rocio\Local Settings\temp\7zS20F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Documents and Settings\Rocio\Local Settings\temp\7zS211.tmp\SymNRT.exe" = C:\Documents and Settings\Rocio\Local Settings\temp\7zS211.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03C35FF9-CC64-48D1-B09F-69EEDE977B38}" = ClickArt 950,000 v. 2
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21614F95-2732-417C-881E-FDD545F9B4BC}" = The Print Shop 21 Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}" = SmartFTP Client
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = GARO Status Monitor
"{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}" = Intellex Player
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77712343-D69B-4175-B6A2-A1B07B3AC505}" = iPF9000 Printer Driver Extra Kit
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85AAB464-E0EE-4A3F-BD22-15150B0846B7}" = imagePROGRAF Firmware Update Tool
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92B00901-52C8-476A-AF34-490880DF077D}" = Portfolio Browser
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A5A883B-6BC7-4CE0-A372-710BD3D131A9}" = Rosetta Stone 2.2.0.0S
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AABE6285-CFC0-4F6B-81AD-DF41640189F9}" = iPF9000 Media Configuration Tool
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AEAEEAD6-38EC-4321-92A7-599367E21FF2}" = Rosetta Stone V3 DEMO
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BDF1F4-0312-4307-811B-DE5E452A7AE6}" = imagePROGRAF Device Setup Utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}" = WD FAT32 Formatter
"{DCF84385-88E3-4472-8144-E95B823FC5DB}" = The Print Shop 21
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E914671C-988D-4956-A614-32D73500DC45}" = Canon PosterArtist
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F95D9A09-1259-479B-95BF-E25EAFF13DEF}" = Print2PDF Server Edition
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"5200 Manual" = 5200 Manual
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Font Manager3.0.0.0" = Advanced Font Manager
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Canon CanoScan 4400F User Registration" = Canon CanoScan 4400F User Registration
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanonMyPrinter" = Canon My Printer
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Centricity DICOM Viewer" = Centricity DICOM Viewer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Eye-One Diagnostics_is1" = Eye-One Diagnostics
"Eye-One Match_is1" = Eye-One Match 3.6.1
"Eye-One Share" = Eye-One Share
"FileZilla Client" = FileZilla Client 3.3.1
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.480
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"i1ColorPoint 1.0" = i1ColorPoint 1.0
"i1Diagnostics_is1" = i1Diagnostics
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9A5A883B-6BC7-4CE0-A372-710BD3D131A9}" = Rosetta Stone 2.2.0.0S
"MainTop DTP" = MainTop DTP
"MainTop RIP Port" = MainTop RIP Port
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ONYX Profile Download Client 20070927-0" = ONYX Profile Download Client 20070927-0
"Photodex Presenter" = Photodex Presenter
"PosterShop 7.0" = PosterShop 7.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"Sign Wizard 6.5 Demo" = Sign Wizard 6.5 Demo
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SmartFTP FTP Library" = SmartFTP FTP Library (remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2010 8:18:51 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/1/2010 8:29:04 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/4/2010 8:42:35 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/4/2010 8:43:00 AM | Computer Name = LOUIS2 | Source = Application Error | ID = 1000
Description = Faulting application AutoUpdater.exe, version 1.5.6.0, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x00011da1.

Error - 10/4/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Application Error | ID = 1004
Description = Faulting application AutoUpdater.exe, version 1.5.6.0, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x00011da1.

Error - 10/4/2010 3:04:22 PM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:26 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:32 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:32 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:35 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7000
Description = The OneCare AntiSpyware and AntiVirus service failed to start due
to the following error: %%3

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7001
Description = The MSFWDrv service depends on the MSFWHLPR service which failed to
start because of the following error: %%31

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7001
Description = The OneCare Firewall service depends on the MSFWDrv service which
failed to start because of the following error: %%1068

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 10/5/2010 8:44:32 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MSFWHLPR


< End of report >

rocio25
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-07-02
OS OS : windows XP
Points Points : 27340
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Fake Microsoft Security Essentials Alert

Post by Belahzur on Tue Oct 05, 2010 5:14 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/10/04 14:52:16 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
    PRC - [2009/07/19 17:29:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system\www\bcp\taskm.exe
    PRC - [2009/07/16 13:51:52 | 000,090,112 | ---- | M] (windows) -- C:\WINDOWS\system\www\svchos.exe
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [AT] C:\WINDOWS\system\www\bcp\taskm.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Rocio\Application Data\hotfix.exe) - C:\Documents and Settings\Rocio\Application Data\hotfix.exe ()
    [2009/11/20 14:04:21 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
    [2009/08/04 10:43:56 | 000,011,445 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gekulyhu.lib
    [2009/08/03 10:29:26 | 000,019,978 | ---- | C] () -- C:\Program Files\Common Files\qimup.exe
    [2009/08/03 10:29:26 | 000,019,861 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lejunamel.bat
    [2009/08/03 10:29:26 | 000,019,795 | ---- | C] () -- C:\Program Files\Common Files\oqitivogew.dll
    [2009/08/03 10:29:26 | 000,019,420 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ifalyba._sy
    [2009/08/03 10:29:26 | 000,019,373 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\emocubajoj._sy
    [2009/08/03 10:29:26 | 000,018,742 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ytetyfuboz.vbs
    [2009/08/03 10:29:26 | 000,018,579 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enabyga._sy
    [2009/08/03 10:29:26 | 000,018,493 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owagewupec.pif
    [2009/08/03 10:29:26 | 000,018,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baweh.pif
    [2009/08/03 10:29:26 | 000,016,999 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxolu.dll
    [2009/08/03 10:29:26 | 000,015,116 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rivo.db
    [2009/08/03 10:29:26 | 000,012,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cuvequj._dl
    [2009/08/03 10:29:26 | 000,011,632 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\zyvel.sys
    [2009/08/03 10:29:26 | 000,011,033 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\upurog._dl
    [2009/08/03 10:29:26 | 000,010,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erade.lib
    [2009/08/03 08:41:12 | 000,018,442 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\osedaqu.lib
    [2009/08/03 08:41:12 | 000,012,776 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lamo.inf
    [2009/08/02 08:58:48 | 000,012,712 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rare._sy
    [2009/08/02 08:58:48 | 000,010,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lajuvyxi.inf
    [2009/08/02 08:58:48 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ufag.db
    [2009/08/01 10:12:41 | 000,016,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\byzyquzyxy.dl
    [2009/07/31 14:57:55 | 000,018,471 | ---- | C] () -- C:\Program Files\Common Files\hodyjez.bin
    [2009/07/31 14:57:55 | 000,017,811 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\eqat
    [2009/07/31 14:57:55 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\umyhytahyh.pif
    [2009/07/31 14:57:55 | 000,015,709 | ---- | C] () -- C:\Program Files\Common Files\enyxiqu.bin
    [2009/07/31 14:57:55 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ulegajevat.vbs
    [2009/07/31 14:57:55 | 000,015,457 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\pohifawuk.com
    [2009/07/31 14:57:55 | 000,013,647 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\odidiw.dll
    [2009/07/31 14:57:55 | 000,012,902 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\iviva.sys
    [2009/07/31 14:57:55 | 000,010,494 | ---- | C] () -- C:\Program Files\Common Files\umutud.db
    [2009/07/31 14:57:55 | 000,010,351 | ---- | C] () -- C:\Program Files\Common Files\abaroqydes.com
    [2009/07/31 14:57:55 | 000,010,044 | ---- | C] () -- C:\WINDOWS\izamebys.sys
    [2009/07/31 14:57:54 | 000,019,878 | ---- | C] () -- C:\WINDOWS\aqun.sys
    [2009/07/31 14:57:54 | 000,018,161 | ---- | C] () -- C:\Program Files\Common Files\fine.pif
    [2009/07/31 14:57:54 | 000,013,258 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\caqadam.bin
    [2009/07/31 14:57:54 | 000,012,262 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pajutolyt.scr


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum