WiredWX Hobby Weather ToolsLog in

 


descriptionFake Microsoft Security Essentials Alert EmptyFake Microsoft Security Essentials Alert

more_horiz
I was playing a game on www.addictinggames.com when my firefox explorer closed and open a red screen from Microsoft Security Essentials. It says that my computer has a Trojan virus. I did tried to open Task Manager to stop the processing, but it is not opening. I did try to open thru the RUN: Taskmgr, but this software it is unable it to open. I did try to delete the files that are corrupted but the computer cannot find them. Please I do not know what else to do. I need help a.s.a.p.

PD. I did run the Malwarebytes Anti-Malware but it is not getting rid of it.

descriptionFake Microsoft Security Essentials Alert EmptyRe: Fake Microsoft Security Essentials Alert

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionFake Microsoft Security Essentials Alert EmptyRe: Fake Microsoft Security Essentials Alert

more_horiz
Hi,
Thanks for answering my players. I hope that we can fix this thing. Thanks again!!!!! =)
Here is the first log:

OTL logfile created on: 10/5/2010 8:54:37 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Rocio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 144.17 Gb Free Space | 62.74% Space Free | Partition Type: NTFS
Drive D: | 614.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.52 Gb Total Space | 4.98 Gb Free Space | 66.31% Space Free | Partition Type: FAT32

Computer Name: LOUIS2
Current User Name: Rocio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 07:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
PRC - [2010/10/04 14:52:16 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/19 17:29:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system\www\bcp\taskm.exe
PRC - [2009/07/16 13:51:52 | 000,090,112 | ---- | M] (windows) -- C:\WINDOWS\system\www\svchos.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/23 12:22:12 | 000,073,728 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\PrnPack.exe
PRC - [2007/08/24 11:18:16 | 000,033,280 | ---- | M] (Onyx Graphics) -- C:\Onyx\AutoUpdate\OnxUpdtService.exe
PRC - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/16 14:47:04 | 000,061,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/03/01 02:00:00 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
PRC - [2004/02/04 04:14:00 | 000,151,552 | ---- | M] (Oki Data Corporation) -- C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 07:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/11/29 12:38:10 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/27 16:13:21 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/24 11:18:16 | 000,033,280 | ---- | M] (Onyx Graphics) [Auto | Running] -- C:\Onyx\AutoUpdate\OnxUpdtService.exe -- (OnyxUpdaterService)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/15 14:48:26 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/03/01 02:00:00 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE -- (DCSLoader)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\msfwdrv.sys -- (MSFWDrv)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DM150Drv.sys -- (DM150Drv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/14 15:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 15:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/08 12:11:42 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2007/08/24 11:00:21 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/08/04 00:26:04 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/03/12 20:48:56 | 000,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 21:39:20 | 000,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/03/06 21:39:20 | 000,099,712 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/03/06 21:39:12 | 000,329,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/21 19:12:16 | 001,095,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/19 15:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/05/11 17:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/07 12:02:08 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EyeOneDp.sys -- (EyeOneDp)
DRV - [2003/10/09 17:48:58 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\Program Files\FlexiSIGN-PRO 7.0v2\Program\Par1284.sys -- (Par1284)
DRV - [2002/12/17 00:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/04/15 14:38:20 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070804
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070804

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 08:44:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 08:44:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/08/03 10:43:40 | 000,000,000 | ---D | M]

[2009/08/04 14:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Extensions
[2010/10/04 08:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions
[2010/07/16 09:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 09:57:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/28 13:51:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/04 08:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 10:31:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/07/31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2009/07/16 13:59:00 | 000,000,231 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 viabcp.com
O1 - Hosts: 127.0.0.1 www.viabcp.com
O1 - Hosts: 127.0.0.1 www.scotiabank.com.pe
O1 - Hosts: 127.0.0.1 scotiabank.com.pe
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT] C:\WINDOWS\system\www\bcp\taskm.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe (CANON INC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LH] C:\WINDOWS\system\www\svchos.exe (windows)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [PrintPack dispatcher] C:\Program Files\Software602\Print2PDF\PrnPack.exe (Software602)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GARO Status Monitor.lnk = C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\~[Filtered JS Events]~\~[Filtered JS Events]~.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe (Oki Data Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227885096328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} http://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab (DacomUpload Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Rocio\Application Data\hotfix.exe) - C:\Documents and Settings\Rocio\Application Data\hotfix.exe ()
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rocio\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rocio\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0087f151-ec51-11dc-bc4b-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{0087f151-ec51-11dc-bc4b-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06d5d723-9960-11de-beda-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{06d5d723-9960-11de-beda-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09a5551f-9e4c-11df-bff3-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{09a5551f-9e4c-11df-bff3-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09a5551f-9e4c-11df-bff3-0019d1e83d77}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found
O33 - MountPoints2\{57c61c5a-4746-11dc-bb51-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{57c61c5a-4746-11dc-bb51-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5cce9654-43b7-11de-be30-0019d1e83d77}\Shell\AutoRun\command - "" = I:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{5cce9654-43b7-11de-be30-0019d1e83d77}\Shell\explore\command - "" = I:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{5cce9654-43b7-11de-be30-0019d1e83d77}\Shell\open\command - "" = I:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{8baf1aaa-8689-11de-bec7-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{8baf1aaa-8689-11de-bec7-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8baf1aaa-8689-11de-bec7-0019d1e83d77}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9f553ef6-c46a-11dc-bc06-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{9f553ef6-c46a-11dc-bc06-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e86bf34b-85db-11df-bfdc-0019d1e83d77}\Shell - "" = AutoRun
O33 - MountPoints2\{e86bf34b-85db-11df-bfdc-0019d1e83d77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e86bf34b-85db-11df-bfdc-0019d1e83d77}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 08:54:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
[2010/09/13 08:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rocio\Desktop\Unused Desktop Shortcuts
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 08:44:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 08:43:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 08:43:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 08:43:53 | 3210,649,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 07:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rocio\Desktop\OTL.exe
[2010/10/04 17:26:11 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Rocio\ntuser.dat
[2010/10/04 17:26:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Rocio\ntuser.ini
[2010/10/04 17:15:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 16:54:13 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Microsoft Office Outlook 2003.lnk
[2010/10/04 14:52:18 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\srsf.bat
[2010/10/04 14:52:16 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
[2010/10/04 10:56:14 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Rocio\My Documents\spider.sav
[2010/10/04 09:02:44 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Microsoft Office Word 2003.lnk
[2010/10/04 08:42:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 12:50:01 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Microsoft Office Excel 2003 (2).lnk
[2010/09/30 12:37:02 | 001,512,189 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.pdf
[2010/09/30 12:34:17 | 000,180,356 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.jpg
[2010/09/30 12:10:00 | 003,689,215 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window_original.pdf
[2010/09/30 12:10:00 | 000,967,246 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE-original.pdf
[2010/09/30 12:08:58 | 004,288,309 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE- Over Door.pdf
[2010/09/30 11:53:49 | 011,648,529 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window 3 Corp Sign.pdf
[2010/09/28 12:43:53 | 000,228,801 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1080.JPG
[2010/09/28 12:37:48 | 000,911,707 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1081.JPG
[2010/09/28 10:35:53 | 000,063,849 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\allliquer.jpg
[2010/09/28 09:59:00 | 000,010,282 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\liquor.jpg
[2010/09/28 09:54:27 | 000,008,938 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\images.jpg
[2010/09/28 09:35:26 | 000,276,617 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Thomas.pdf
[2010/09/28 09:17:08 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/24 09:15:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/20 13:51:18 | 000,523,952 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\endodontic.jpg
[2010/09/20 13:43:32 | 001,090,861 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\Endodontic.ai
[2010/09/20 11:15:01 | 009,014,860 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\New Image.JPG
[2010/09/16 08:54:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/16 08:54:29 | 000,449,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/16 08:54:29 | 000,073,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/16 08:54:28 | 000,529,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/15 17:21:40 | 000,000,730 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 17:21:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 09:27:53 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\INVOICE IN BLANK2.xls
[2010/09/14 09:26:52 | 000,013,394 | ---- | M] () -- C:\Documents and Settings\Rocio\Desktop\LouisLeggio.jpg
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 14:52:16 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\srsf.bat
[2010/10/04 14:52:15 | 000,650,240 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
[2010/09/30 12:34:17 | 000,180,356 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.jpg
[2010/09/30 12:10:00 | 003,689,215 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window_original.pdf
[2010/09/30 12:10:00 | 000,967,246 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE-original.pdf
[2010/09/30 11:05:00 | 011,648,529 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF-4.5 FT X 6FT Front Window 3 Corp Sign.pdf
[2010/09/30 11:05:00 | 004,288,309 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\PDF- SIGNS TO MAKE- Over Door.pdf
[2010/09/28 14:08:48 | 001,512,189 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\LiquorWineWarehouse.pdf
[2010/09/28 11:48:45 | 000,911,707 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1081.JPG
[2010/09/28 11:48:45 | 000,228,801 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\DSCN1080.JPG
[2010/09/28 10:35:56 | 000,063,849 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\allliquer.jpg
[2010/09/28 09:59:07 | 000,010,282 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\liquor.jpg
[2010/09/28 09:54:27 | 000,008,938 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\images.jpg
[2010/09/28 09:34:27 | 000,276,617 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\Thomas.pdf
[2010/09/28 09:17:08 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/20 13:51:14 | 000,523,952 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\endodontic.jpg
[2010/09/20 11:54:07 | 001,090,861 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\Endodontic.ai
[2010/09/20 11:14:58 | 009,014,860 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\New Image.JPG
[2010/09/14 09:26:52 | 000,013,394 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\LouisLeggio.jpg
[2010/09/13 10:08:28 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Rocio\Desktop\INVOICE IN BLANK2.xls
[2010/09/01 13:43:01 | 000,905,290 | R--- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2010/04/30 09:22:09 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/01/14 11:58:25 | 004,124,332 | ---- | C] () -- C:\Program Files\FileZilla_3.3.1_win32-setup.exe
[2009/11/20 14:04:21 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2009/08/04 10:43:56 | 000,011,445 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gekulyhu.lib
[2009/08/03 10:29:26 | 000,019,978 | ---- | C] () -- C:\Program Files\Common Files\qimup.exe
[2009/08/03 10:29:26 | 000,019,861 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lejunamel.bat
[2009/08/03 10:29:26 | 000,019,795 | ---- | C] () -- C:\Program Files\Common Files\oqitivogew.dll
[2009/08/03 10:29:26 | 000,019,420 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ifalyba._sy
[2009/08/03 10:29:26 | 000,019,373 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\emocubajoj._sy
[2009/08/03 10:29:26 | 000,018,742 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ytetyfuboz.vbs
[2009/08/03 10:29:26 | 000,018,579 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enabyga._sy
[2009/08/03 10:29:26 | 000,018,493 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owagewupec.pif
[2009/08/03 10:29:26 | 000,018,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baweh.pif
[2009/08/03 10:29:26 | 000,016,999 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxolu.dll
[2009/08/03 10:29:26 | 000,015,116 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rivo.db
[2009/08/03 10:29:26 | 000,012,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cuvequj._dl
[2009/08/03 10:29:26 | 000,011,632 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\zyvel.sys
[2009/08/03 10:29:26 | 000,011,033 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\upurog._dl
[2009/08/03 10:29:26 | 000,010,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erade.lib
[2009/08/03 08:41:12 | 000,018,442 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\osedaqu.lib
[2009/08/03 08:41:12 | 000,012,776 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lamo.inf
[2009/08/02 08:58:48 | 000,012,712 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rare._sy
[2009/08/02 08:58:48 | 000,010,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lajuvyxi.inf
[2009/08/02 08:58:48 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ufag.db
[2009/08/01 10:12:41 | 000,016,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\byzyquzyxy.dl
[2009/07/31 14:57:55 | 000,018,471 | ---- | C] () -- C:\Program Files\Common Files\hodyjez.bin
[2009/07/31 14:57:55 | 000,017,811 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\eqat
[2009/07/31 14:57:55 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\umyhytahyh.pif
[2009/07/31 14:57:55 | 000,015,709 | ---- | C] () -- C:\Program Files\Common Files\enyxiqu.bin
[2009/07/31 14:57:55 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ulegajevat.vbs
[2009/07/31 14:57:55 | 000,015,457 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\pohifawuk.com
[2009/07/31 14:57:55 | 000,013,647 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\odidiw.dll
[2009/07/31 14:57:55 | 000,012,902 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\iviva.sys
[2009/07/31 14:57:55 | 000,010,494 | ---- | C] () -- C:\Program Files\Common Files\umutud.db
[2009/07/31 14:57:55 | 000,010,351 | ---- | C] () -- C:\Program Files\Common Files\abaroqydes.com
[2009/07/31 14:57:55 | 000,010,044 | ---- | C] () -- C:\WINDOWS\izamebys.sys
[2009/07/31 14:57:54 | 000,019,878 | ---- | C] () -- C:\WINDOWS\aqun.sys
[2009/07/31 14:57:54 | 000,018,161 | ---- | C] () -- C:\Program Files\Common Files\fine.pif
[2009/07/31 14:57:54 | 000,013,258 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\caqadam.bin
[2009/07/31 14:57:54 | 000,012,262 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pajutolyt.scr
[2009/06/10 13:10:33 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/18 10:30:16 | 000,005,648 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\33E9E9E8-0994-4CB7-BDB7-ECDFA558EAED.txt
[2009/04/17 13:16:41 | 000,006,838 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\33E9E9E8-0994-4CB7-BDB7-ECDFA558EAED.txt
[2009/04/15 17:02:20 | 000,005,230 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4458E9F1-7637-45F9-879A-393C721625EF.txt
[2009/04/15 15:13:19 | 000,006,846 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\4458E9F1-7637-45F9-879A-393C721625EF.txt
[2009/02/12 14:45:36 | 000,000,096 | ---- | C] () -- C:\WINDOWS\OPHA.ini
[2009/02/12 13:06:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\EZSET_SP.INI
[2008/12/24 10:07:23 | 000,036,435 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\Comma Separated Values (Windows).ADR
[2008/12/04 12:35:09 | 000,000,102 | ---- | C] () -- C:\WINDOWS\TRWONLIN.INI
[2008/11/25 17:57:29 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/07/11 11:36:31 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/04/18 10:46:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IPRLYOT.INI
[2008/04/11 09:35:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\i1Share.ini
[2008/03/08 12:11:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RIPMONNT.DLL
[2008/03/08 12:11:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2008/02/04 16:04:35 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\dvd.bmk
[2007/12/27 17:10:11 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/12/27 16:34:14 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2007/12/21 16:36:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/10 15:43:23 | 000,010,569 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/10/23 10:57:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/19 11:26:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\fusioncache.dat
[2007/10/09 10:13:58 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\wklnhst.dat
[2007/10/02 09:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/08/24 12:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jawsnt.INI
[2007/08/24 11:00:21 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/08/21 11:15:14 | 000,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/08/09 11:24:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/08/09 11:24:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/04 00:35:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/04 00:29:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/04 00:04:28 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/08/04 00:04:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/08/04 00:03:22 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 11:59:12 | 004,014,080 | ---- | C] () -- C:\WINDOWS\System32\qt-mt333.dll
[2003/02/17 16:24:24 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

descriptionFake Microsoft Security Essentials Alert EmptyRe: Fake Microsoft Security Essentials Alert

more_horiz
Here goes the second log:

OTL Extras logfile created on: 10/5/2010 8:54:37 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Rocio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 144.17 Gb Free Space | 62.74% Space Free | Partition Type: NTFS
Drive D: | 614.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.52 Gb Total Space | 4.98 Gb Free Space | 66.31% Space Free | Partition Type: FAT32

Computer Name: LOUIS2
Current User Name: Rocio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE ()
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"" =
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 DEMO Application -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Canon\imagePROGRAF Device Setup Utility\cnwids.exe" = C:\Program Files\Canon\imagePROGRAF Device Setup Utility\cnwids.exe:*:Enabled:imagePROGRAF Device Setup Utility -- (CANON INC.)
"C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe" = C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe:*:Enabled:GARO Status Monitor -- (CANON INC.)
"C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe" = C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe:*:Enabled:GARO Device Agent -- (CANON INC.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 DEMO Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3 DEMO\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\WINDOWS\system\www\svchos.exe" = C:\WINDOWS\system\www\svchos.exe:*:Enabled:des -- (windows)
"C:\WINDOWS\LMI1EC.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1EC.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Documents and Settings\Rocio\Local Settings\temp\7zS20F.tmp\SymNRT.exe" = C:\Documents and Settings\Rocio\Local Settings\temp\7zS20F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Documents and Settings\Rocio\Local Settings\temp\7zS211.tmp\SymNRT.exe" = C:\Documents and Settings\Rocio\Local Settings\temp\7zS211.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03C35FF9-CC64-48D1-B09F-69EEDE977B38}" = ClickArt 950,000 v. 2
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21614F95-2732-417C-881E-FDD545F9B4BC}" = The Print Shop 21 Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}" = SmartFTP Client
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = GARO Status Monitor
"{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}" = Intellex Player
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77712343-D69B-4175-B6A2-A1B07B3AC505}" = iPF9000 Printer Driver Extra Kit
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85AAB464-E0EE-4A3F-BD22-15150B0846B7}" = imagePROGRAF Firmware Update Tool
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92B00901-52C8-476A-AF34-490880DF077D}" = Portfolio Browser
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A5A883B-6BC7-4CE0-A372-710BD3D131A9}" = Rosetta Stone 2.2.0.0S
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AABE6285-CFC0-4F6B-81AD-DF41640189F9}" = iPF9000 Media Configuration Tool
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AEAEEAD6-38EC-4321-92A7-599367E21FF2}" = Rosetta Stone V3 DEMO
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BDF1F4-0312-4307-811B-DE5E452A7AE6}" = imagePROGRAF Device Setup Utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}" = WD FAT32 Formatter
"{DCF84385-88E3-4472-8144-E95B823FC5DB}" = The Print Shop 21
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E914671C-988D-4956-A614-32D73500DC45}" = Canon PosterArtist
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F95D9A09-1259-479B-95BF-E25EAFF13DEF}" = Print2PDF Server Edition
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"5200 Manual" = 5200 Manual
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Font Manager3.0.0.0" = Advanced Font Manager
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Canon CanoScan 4400F User Registration" = Canon CanoScan 4400F User Registration
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanonMyPrinter" = Canon My Printer
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Centricity DICOM Viewer" = Centricity DICOM Viewer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Eye-One Diagnostics_is1" = Eye-One Diagnostics
"Eye-One Match_is1" = Eye-One Match 3.6.1
"Eye-One Share" = Eye-One Share
"FileZilla Client" = FileZilla Client 3.3.1
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.480
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"i1ColorPoint 1.0" = i1ColorPoint 1.0
"i1Diagnostics_is1" = i1Diagnostics
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9A5A883B-6BC7-4CE0-A372-710BD3D131A9}" = Rosetta Stone 2.2.0.0S
"MainTop DTP" = MainTop DTP
"MainTop RIP Port" = MainTop RIP Port
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ONYX Profile Download Client 20070927-0" = ONYX Profile Download Client 20070927-0
"Photodex Presenter" = Photodex Presenter
"PosterShop 7.0" = PosterShop 7.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"Sign Wizard 6.5 Demo" = Sign Wizard 6.5 Demo
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SmartFTP FTP Library" = SmartFTP FTP Library (remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2010 8:18:51 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/1/2010 8:29:04 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/4/2010 8:42:35 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/4/2010 8:43:00 AM | Computer Name = LOUIS2 | Source = Application Error | ID = 1000
Description = Faulting application AutoUpdater.exe, version 1.5.6.0, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x00011da1.

Error - 10/4/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Application Error | ID = 1004
Description = Faulting application AutoUpdater.exe, version 1.5.6.0, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x00011da1.

Error - 10/4/2010 3:04:22 PM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:26 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:32 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:32 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 8:44:35 AM | Computer Name = LOUIS2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/4/2010 3:14:35 PM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7000
Description = The OneCare AntiSpyware and AntiVirus service failed to start due
to the following error: %%3

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7001
Description = The MSFWDrv service depends on the MSFWHLPR service which failed to
start because of the following error: %%31

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7001
Description = The OneCare Firewall service depends on the MSFWDrv service which
failed to start because of the following error: %%1068

Error - 10/5/2010 8:44:27 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 10/5/2010 8:44:32 AM | Computer Name = LOUIS2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MSFWHLPR


< End of report >

descriptionFake Microsoft Security Essentials Alert EmptyRe: Fake Microsoft Security Essentials Alert

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/10/04 14:52:16 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Rocio\Application Data\hotfix.exe
    PRC - [2009/07/19 17:29:36 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system\www\bcp\taskm.exe
    PRC - [2009/07/16 13:51:52 | 000,090,112 | ---- | M] (windows) -- C:\WINDOWS\system\www\svchos.exe
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [AT] C:\WINDOWS\system\www\bcp\taskm.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Rocio\Application Data\hotfix.exe) - C:\Documents and Settings\Rocio\Application Data\hotfix.exe ()
    [2009/11/20 14:04:21 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
    [2009/08/04 10:43:56 | 000,011,445 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gekulyhu.lib
    [2009/08/03 10:29:26 | 000,019,978 | ---- | C] () -- C:\Program Files\Common Files\qimup.exe
    [2009/08/03 10:29:26 | 000,019,861 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lejunamel.bat
    [2009/08/03 10:29:26 | 000,019,795 | ---- | C] () -- C:\Program Files\Common Files\oqitivogew.dll
    [2009/08/03 10:29:26 | 000,019,420 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ifalyba._sy
    [2009/08/03 10:29:26 | 000,019,373 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\emocubajoj._sy
    [2009/08/03 10:29:26 | 000,018,742 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ytetyfuboz.vbs
    [2009/08/03 10:29:26 | 000,018,579 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enabyga._sy
    [2009/08/03 10:29:26 | 000,018,493 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owagewupec.pif
    [2009/08/03 10:29:26 | 000,018,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baweh.pif
    [2009/08/03 10:29:26 | 000,016,999 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxolu.dll
    [2009/08/03 10:29:26 | 000,015,116 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rivo.db
    [2009/08/03 10:29:26 | 000,012,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cuvequj._dl
    [2009/08/03 10:29:26 | 000,011,632 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\zyvel.sys
    [2009/08/03 10:29:26 | 000,011,033 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\upurog._dl
    [2009/08/03 10:29:26 | 000,010,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erade.lib
    [2009/08/03 08:41:12 | 000,018,442 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\osedaqu.lib
    [2009/08/03 08:41:12 | 000,012,776 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\lamo.inf
    [2009/08/02 08:58:48 | 000,012,712 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\rare._sy
    [2009/08/02 08:58:48 | 000,010,574 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lajuvyxi.inf
    [2009/08/02 08:58:48 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\ufag.db
    [2009/08/01 10:12:41 | 000,016,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\byzyquzyxy.dl
    [2009/07/31 14:57:55 | 000,018,471 | ---- | C] () -- C:\Program Files\Common Files\hodyjez.bin
    [2009/07/31 14:57:55 | 000,017,811 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\eqat
    [2009/07/31 14:57:55 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\umyhytahyh.pif
    [2009/07/31 14:57:55 | 000,015,709 | ---- | C] () -- C:\Program Files\Common Files\enyxiqu.bin
    [2009/07/31 14:57:55 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ulegajevat.vbs
    [2009/07/31 14:57:55 | 000,015,457 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\pohifawuk.com
    [2009/07/31 14:57:55 | 000,013,647 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\odidiw.dll
    [2009/07/31 14:57:55 | 000,012,902 | ---- | C] () -- C:\Documents and Settings\Rocio\Application Data\iviva.sys
    [2009/07/31 14:57:55 | 000,010,494 | ---- | C] () -- C:\Program Files\Common Files\umutud.db
    [2009/07/31 14:57:55 | 000,010,351 | ---- | C] () -- C:\Program Files\Common Files\abaroqydes.com
    [2009/07/31 14:57:55 | 000,010,044 | ---- | C] () -- C:\WINDOWS\izamebys.sys
    [2009/07/31 14:57:54 | 000,019,878 | ---- | C] () -- C:\WINDOWS\aqun.sys
    [2009/07/31 14:57:54 | 000,018,161 | ---- | C] () -- C:\Program Files\Common Files\fine.pif
    [2009/07/31 14:57:54 | 000,013,258 | ---- | C] () -- C:\Documents and Settings\Rocio\Local Settings\Application Data\caqadam.bin
    [2009/07/31 14:57:54 | 000,012,262 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pajutolyt.scr


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionFake Microsoft Security Essentials Alert EmptyRe: Fake Microsoft Security Essentials Alert

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum