PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

View previous topic View next topic Go down

PART01 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command"

Post by rjwest007 on Sat May 19, 2012 2:15 pm

PART 01

My small USB drive was exposed to an 'autorun.inf' infection at my workplace, and possibly "Con-ficker". I unplugged my other 2 (500 Gbyte each) portable HDDs quickly, as it seemed to grow worse at each refresh action on the small USB drive.

The small USB, I thought I'd cleaned by using Run-cmd line- attrib -s -r -h etc...., the bigger HDDs, too! However, once at home... when I've tried to open one of the 500Gb HDDs with "My Computer" on my at-home desktop PC, all files except a hidden "recycler" folder and hidden "desktop.ini" file had disappeared, although when I (next step) tried to scan in-depth with NOD-32 antivirus program, they still appear to being scanned, displaying their proper folders and individual file-names and so on. Also, doing a "properties" check on "My computer" shows the appropriate level of free vs used disc space. I disconnected the large portable drives immediately, and did full NOD32 scans on the PC. Nothing showing.

However, when checking as per the subject line indicates... 'attrib' returns that it is not recognized as a command! Hmmm. Not sure what gives... but the 2- 500Gbyte drives won't be re-plugged into any PC until I solve my at-home PC problem. Any suggestions?

FOLLOWS OTL logfile.txt contents:

OTL logfile created on: 19/5/2012 18:26:42 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041E | Country: Thailand | Language: THA | Date Format: d/M/yyyy

2.49 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.40% Memory free
4.34 Gb Paging File | 3.75 Gb Available in Paging File | 86.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 17.48 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 10.05 Gb Free Space | 26.99% Space Free | Partition Type: NTFS

Computer Name: PC201201121620 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/19 17:42:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
PRC - [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/12 15:36:52 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/10/28 18:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 18:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/06 17:16:42 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/04/18 16:18:28 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2010/11/22 22:07:48 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/06/24 09:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2002/12/31 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/29 22:08:04 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/22 16:15:29 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/22 16:15:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/22 16:15:06 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/04/22 16:13:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/22 13:21:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/22 10:02:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/22 10:02:07 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/05 14:06:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/02/05 11:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 11:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012/01/22 15:52:49 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/19 18:10:50 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/10/28 18:35:28 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/10/28 18:35:28 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/28 18:35:26 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2010/10/14 16:55:09 | 000,081,920 | R--- | M] () -- C:\WINDOWS\system32\mvusbews.dll
MOD - [2010/10/14 09:04:26 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/10/14 09:04:08 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009/10/26 07:33:34 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/07/29 08:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/04/29 22:08:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/28 18:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/06 17:16:42 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/11/22 22:07:48 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2010/07/27 11:24:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/24 09:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbohci.sys -- (usbohci)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\SMBHC.sys -- (SMBHC)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\SMBALI.sys -- (SMBALI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/28 18:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/10/28 18:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/09 12:57:10 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 08:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 08:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/10/14 16:55:06 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/10/26 07:33:40 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/02/23 11:40:06 | 000,195,072 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/01/09 14:52:32 | 000,040,960 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rts5161ccid.sys -- (USBCCID)
DRV - [2002/12/31 19:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2002/12/31 19:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001/08/17 13:47:50 | 000,013,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inport.sys -- (Inport)
DRV - [1999/10/30 03:35:08 | 000,024,348 | R--- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (eawdmfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/29 22:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/12 15:31:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5

[2012/01/13 07:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/19 17:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ws0gcrnm.default\extensions
[2012/03/16 12:30:14 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ws0gcrnm.default\extensions\firefox@ghostery.com
[2012/01/13 07:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/29 22:08:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/28 08:18:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/28 08:18:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/07/27 11:34:05 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C91D898-239B-4737-8F07-515F887EAA4F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/26 18:14:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\J:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FC88681F-4735-4f2f-9514-C21BAC737CF8} - rundll32.exe advpack.dll,LaunchINFSection MU.inf,MUWeb.Install
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2028/01/12 15:19:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Xvoice.dll
[2012/05/19 17:52:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/19 16:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EnglishTextsEtc-Digitized=AsOf-15-18May12
[2012/05/17 23:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\UncleTom'sTest
[2012/04/29 22:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
[2012/04/29 22:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/29 22:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/27 07:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EnglishTextsEtc-Digitized=AsOf-14May12
[2012/04/26 08:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2012/04/26 08:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2012/04/24 23:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2012/04/24 23:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
[2012/04/22 09:57:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/22 08:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\A'Dossier

========== Files - Modified Within 30 Days ==========

[2028/01/12 15:19:12 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Xvoice.dll
[2012/05/19 18:29:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{32044253-36F4-42CC-94BE-47177A80F9F6}.job
[2012/05/19 16:55:30 | 000,445,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/19 16:55:30 | 000,072,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 16:51:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/05/19 16:51:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/19 16:51:13 | 2675,445,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 12:09:47 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/19 12:09:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/18 22:17:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 22:04:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/05/10 22:04:46 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/28 20:23:43 | 000,000,210 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2012/04/26 19:16:56 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/22 13:18:54 | 002,218,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/22 10:03:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/04/18 03:49:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/17 00:37:58 | 000,013,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/04/17 00:37:52 | 000,017,944 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/04/17 00:37:50 | 004,022,504 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2012/04/01 22:45:33 | 000,000,992 | ---- | C] () -- C:\WINDOWS\posteriza.INI
[2012/04/01 21:26:15 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2012/04/01 21:26:15 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2012/04/01 21:26:15 | 000,043,520 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2012/04/01 21:25:59 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2012/04/01 21:23:33 | 000,284,160 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2012/01/27 05:33:45 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/01/23 05:31:24 | 000,161,280 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2012/01/22 17:53:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/22 17:53:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/19 17:56:21 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2012/01/19 17:56:19 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/01/17 14:11:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/01/17 14:11:24 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/01/17 14:11:24 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/17 14:11:23 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/01/17 05:23:09 | 000,000,210 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2012/01/17 05:22:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2012/01/17 05:22:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2012/01/17 05:22:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2012/01/17 05:22:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2012/01/17 05:22:43 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2012/01/16 16:38:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/12 16:23:43 | 000,040,960 | R--- | C] () -- C:\WINDOWS\LoadDll.dll
[2010/07/27 12:38:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/27 12:22:10 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 11:55:37 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/27 11:51:05 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/07/27 11:51:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/07/27 11:39:01 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Thsdict.ini
[2010/07/27 11:38:51 | 003,080,237 | ---- | C] () -- C:\WINDOWS\System32\msowc.dll
[2010/07/27 11:38:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\thsd1735.dll
[2010/07/27 11:22:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 11:19:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/27 00:53:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/27 00:51:34 | 002,218,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/26 18:22:40 | 000,921,665 | ---- | C] () -- C:\WINDOWS\System32\msvcrt-ruby18.dll
[2010/07/26 18:22:40 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2010/07/26 18:22:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2010/07/26 18:22:40 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\pythonw.exe
[2010/07/26 18:22:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\python.exe
[2010/07/26 18:22:40 | 000,020,537 | ---- | C] () -- C:\WINDOWS\System32\rubyw.exe
[2010/07/26 18:22:40 | 000,020,536 | ---- | C] () -- C:\WINDOWS\System32\ruby.exe
[2010/07/26 18:20:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 18:11:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2010/07/26 18:17:18 | 000,010,992 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\netfxsl.log

< %USERPROFILE%\Desktop\*.exe >
[2012/04/17 00:34:42 | 010,920,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dMC-R14.2-Ref-Registered.exe
[2011/07/03 20:00:28 | 000,709,632 | ---- | M] (e-Presencia) -- C:\Documents and Settings\Administrator\Desktop\posteriza.exe
[2011/12/20 06:46:20 | 003,245,936 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB971029-x86-ENU.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/17 08:57:45 | 012,413,349 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Mozilla Firefox\CC3update.exe
[2012/04/29 22:08:05 | 000,125,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/04/29 22:08:06 | 000,129,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
[2012/04/29 22:08:06 | 000,157,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
[2012/04/29 22:08:02 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/04/29 22:08:01 | 000,285,624 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/07/27 11:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/07/27 11:15:42 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2010/07/27 11:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/04/08 22:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\AltoMP3 Gold
[2012/04/01 19:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2012/02/05 16:41:41 | 000,000,000 | ---D | M] -- C:\Program Files\CleanUp!
[2012/01/24 18:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/26 18:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/07/26 18:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Desktop
[2012/04/24 23:21:05 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2010/07/27 11:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\EnglilshToThai
[2012/01/12 15:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2012/01/23 05:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\Expstudio
[2012/04/08 22:17:09 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter
[2012/03/08 16:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free WMA to MP3 Converter
[2012/04/29 22:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\GNU
[2010/07/27 11:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2012/04/01 21:24:56 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2012/04/17 00:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Illustrate
[2012/04/01 19:56:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/01/29 17:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2012/04/22 10:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/01/17 14:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2012/01/17 14:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2012/01/19 17:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2012/02/05 16:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\Leawo
[2012/05/17 23:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark X1100 Series
[2012/02/03 13:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/27 11:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/07/26 18:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/27 12:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/27 11:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/27 12:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/07/27 11:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/05 22:26:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/27 12:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/02/03 13:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/04/29 22:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/04/29 22:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2010/07/27 12:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/07/26 18:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/26 18:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/27 11:36:59 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/07/26 18:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/26 18:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/02/03 13:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/26 18:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/04/03 18:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2012/01/19 17:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/07/27 11:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\ThaiSoftware Enterprise
[2010/07/27 11:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\ThaiToEnglish
[2010/07/27 11:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2012/01/19 17:51:37 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/07/27 11:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Typing Master
[2010/07/27 11:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Ultra Video Converter
[2010/07/26 18:31:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/01/16 11:04:46 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2012/01/12 15:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\USB Disk Security
[2010/07/26 18:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Utilities
[2012/01/19 17:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/07/27 11:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2012/04/01 19:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2012/01/19 19:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/26 18:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/26 18:13:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/27 11:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/07/26 18:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/02/05 16:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Youtube Downloader HD

< MD5 for: ATAPI.SYS >
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2002/12/31 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2002/12/31 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2002/12/31 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-22 03:03:41

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/29 22:08:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/29 22:08:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/29 22:08:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 19:30:27 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 19:30:27 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 19:30:27 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2002/12/31 19:00:00 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2002/12/31 19:00:00 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/29 22:08:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/29 22:08:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/29 22:08:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/29 22:08:05 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 19:30:27 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 19:30:27 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 19:30:27 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2002/12/31 19:00:00 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2002/12/31 19:00:00 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012/01/19 17:34:15 | 000,000,637 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\?Torrent.lnk) -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/01/19 17:34:15 | 000,000,637 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\?Torrent.lnk) -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:05D195EC

< End of report >

SEE PART02 for other TEXTFILE logs



rjwest007
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-05-19
OS OS : XP Pro ver 2002 svc pack 3
Points Points : 16676
# Likes # Likes : 0

View user profile

Back to top Go down

PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by rjwest007 on Sat May 19, 2012 2:18 pm

OTL Extras logfile created on: 19/5/2012 18:26:42 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041E | Country: Thailand | Language: THA | Date Format: d/M/yyyy

2.49 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.40% Memory free
4.34 Gb Paging File | 3.75 Gb Available in Paging File | 86.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.28 Gb Total Space | 17.48 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 10.05 Gb Free Space | 26.99% Space Free | Partition Type: NTFS

Computer Name: PC201201121620 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0010-041E-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Thai) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-041E-0000-0000000FF1CE}" = Microsoft Office Access MUI (Thai) 2007
"{90120000-0015-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Thai) 2007
"{90120000-0016-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Thai) 2007
"{90120000-0018-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-041E-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Thai) 2007
"{90120000-0019-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-041E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Thai) 2007
"{90120000-001A-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Thai) 2007
"{90120000-001B-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_ENTERPRISE_{0ED7C31A-FB21-4F8E-BD16-921A5E69B2C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041E-0000-0000000FF1CE}" = Microsoft Office Proofing (Thai) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-041E-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Thai) 2007
"{90120000-0044-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Thai) 2007
"{90120000-006E-041E-0000-0000000FF1CE}_ENTERPRISE_{CEB4C8D4-2A39-45FD-B201-FBC950549C59}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041E-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Thai) 2007
"{90120000-00A1-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-041E-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Thai) 2007
"{90120000-0114-041E-0000-0000000FF1CE}_ENTERPRISE_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}" = NWZ-B160 WALKMAN Guide
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F16D52A8-6A90-4D4B-A0DE-B28DA832F0BC}" = ESET NOD32 Antivirus
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"CleanUp!" = CleanUp!
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Expstudio Audio Editor FREE" = Expstudio Audio Editor FREE
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GOM Player" = GOM Player
"HashTab" = HashTab
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"Side 9 Screensaver" = Side 9 Screensaver
"SpywareBlaster_is1" = SpywareBlaster 4.5
"ST6UNST #1" = EnglishToThai
"ST6UNST #2" = Thai Translator Tool
"ThaiSoftware Dictionary V5.0" = ThaiSoftware Dictionary V5.0
"The KMPlayer" = The KMPlayer (remove only)
"Typing Master" = Typing Master 1.0
"Ultra Video Converter_is1" = Ultra Video Converter 4.6.0504
"Unlocker" = Unlocker 1.8.8
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/5/2012 11:17:59 | Computer Name = PC201201121620 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 18/5/2012 11:19:25 | Computer Name = PC201201121620 | Source = Service Control Manager | ID = 7000
Description =

Error - 18/5/2012 11:19:56 | Computer Name = PC201201121620 | Source = Windows Update Agent | ID = 16
Description =

Error - 19/5/2012 1:42:52 | Computer Name = PC201201121620 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 19/5/2012 1:44:29 | Computer Name = PC201201121620 | Source = Service Control Manager | ID = 7000
Description =

Error - 19/5/2012 5:25:40 | Computer Name = PC201201121620 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 19/5/2012 5:29:17 | Computer Name = PC201201121620 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 19/5/2012 5:30:35 | Computer Name = PC201201121620 | Source = Service Control Manager | ID = 7000
Description =

Error - 19/5/2012 5:51:28 | Computer Name = PC201201121620 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 19/5/2012 5:52:54 | Computer Name = PC201201121620 | Source = Service Control Manager | ID = 7000
Description =

[ System Events ]
Error - 28/4/2012 9:23:41 | Computer Name = PC201201121620 | Source = Print | ID = 6161
Description = The document Copy from Lexmark X1100 Series All-In-One owned by Administrator
failed to print on printer Lexmark X1100 Series. Data type: RAW. Size of the spool
file in bytes: 2462704. Number of bytes printed: 4. Total number of pages in the
document: 0. Number of pages printed: 0. Client machine: \\PC201201121620. Win32
error code returned by the print processor: 535 (0x217).

Error - 29/4/2012 11:28:01 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 29/4/2012 11:28:23 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 30/4/2012 5:27:16 | Computer Name = PC201201121620 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0017086031E2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 30/4/2012 8:18:48 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 30/4/2012 8:18:56 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 30/4/2012 8:19:03 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 30/4/2012 9:20:37 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 30/4/2012 11:27:07 | Computer Name = PC201201121620 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/5/2012 12:33:55 | Computer Name = PC201201121620 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0017086031E2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET NOD32 Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.5
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````End of Log````````````

rjwest007
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-05-19
OS OS : XP Pro ver 2002 svc pack 3
Points Points : 16676
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by Dr Jay on Sat May 19, 2012 2:39 pm

Please test your DNS Resolution by visiting here: [You must be registered and logged in to see this link.]

Tell me if that is green or not...

Also for this site: [You must be registered and logged in to see this link.]

Tell me if you see all six images at the top...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by rjwest007 on Sun May 20, 2012 2:23 am

Dear D-Master Jau:
DNS checker was "GREEN". Conficker eye-chart was ALL SIX SHOWING.

However...
I got a "Dork-Bot" infection warning on an attempt to NOD-32 scan the 500Gb drives.... that's bad, I think. It didn't show the 1st time through. Thanks for your help, incidently. -rj

rjwest007
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-05-19
OS OS : XP Pro ver 2002 svc pack 3
Points Points : 16676
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by Dr Jay on Mon May 21, 2012 3:09 pm

Would you post the ESET recent scan log?

It should be available in Tools > Scan Logs


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by rjwest007 on Tue May 22, 2012 12:34 pm

DragonMasterJay:
I believe I've resolved all issues with my Home Desktop PC, after running numerous scans with NOD32, Malbytes, AdAware, and a few others... Now, they're squeaky-clean for certain. Thanks.

Now, the big issue are the 2each, 500Gb portable drives. I think it was the Dorkbot that tossed all files into some invisible limbo... but they are STILL THERE. NOD32 still scans them by (former) name, every single file... it takes the appropriate amount of time for each one, too. WindowsXP still reports the proper free space vs used space. I've removed all Malicious code in them, apparently, thus it is only to recover the data, reassigning VISIBLE address/names... uh, I'm mostly illiterate about such subjects, obviously. And "a little knowledge is the most dangerous thing".

Here in Thailand, no-one wants to even try... "Format! Begin again!" Unfortunately, I spent a full year putting teaching materials into those F-ing drives... if you can tell the next steps... as you've noted above, I'd be trying to recover with my PC using XP pro svc pack 3... any suggestions? I'm wringing my hands over this, and shouting at my house-keeper, which is never a good sign for me. So... you want a NOD32 scan-log of these two trouble-some drives? Thanks, again!

rjwest007
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-05-19
OS OS : XP Pro ver 2002 svc pack 3
Points Points : 16676
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by Dr Jay on Wed May 23, 2012 9:12 pm

So you want to format and reinstall your operating system?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by rjwest007 on Sun May 27, 2012 4:39 am

DragonMaster Jay:
Heavens, no, I don't want to format/re-install... if that entails losing my "precious data" on those 2- 500Gb portable HDDs! I was merely saying that the technical expertise (and level of concern for dopey clients like me) of the average Computer Tech person (in Thailand) is such that he utterly capitulates when confronted with the least complications; he heads towards the most convenient and expedient course of action. For himself, that is.

I'm such a babe in the woods with this computer stuff. Thanks for your help and understanding, D-M Jay, on behalf of We-Who-Believe-In-CPU-VooDoo... I think I've found a solution, now. Would you give me your opinion, and critique my action-plan?

1) Next paycheck I go for a quality 1 terabyte portable HDD.
2) I recover the data from my 2ea - 500 Gbyte drives using "Stellar Phoenix Data Recovery" program, and put it on the 1-TByte drive.
3) Thoroughly scan the recovered data (on the 1-Tbyte) with every Anti-Virus, Anti-Malware program I can lay hands on.
4) Format the 2 ea - 500 Gbyte drives, then refill them with their former data... using these for my daily office and home-work.
5) Get a good disc-image (for recovery purposes) from the big portable drive, then Zip up the 1-Tbyte of data at a 1:1 compression ratio, then lock it up in a dark, cool, dry file cabinet.
6) Format my home computer, re-install with the same O/S as my workplace computer, and establish a regular protocol of in-depth Anti-Virus and Mal-ware scans and regular synchronizing of both their file contents.

Does that sound reasonable? Forgive me if I've wasted your time... but I swear... until yesterday I had never USED a file/data recovery program. Now I have and... IT WORKS!!! I've had such a fright over possibly losing that data, such that I plan to isolate MY data from EVERYBODY ELSE.

Incidently, it was a very sexy young woman at work who batted her eye-lashes at me and convinced me to (stupidly) insert my plugs into her USB port, setting off this cyber-syphilitic farce. I confess! Never again, without protection first! I've learned a valuable lesson here.

Perhaps we can mark this file "RESOLVED"?
So, what do you think?
Thanks, once again
RJW

rjwest007
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-05-19
OS OS : XP Pro ver 2002 svc pack 3
Points Points : 16676
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by Dr Jay on Tue May 29, 2012 7:09 pm

It may sound reasonable, if you don't want my help. However, it sounds like more of a mess to me.

Even more bizarre with this:
Incidently, it was a very sexy young woman at work who batted her eye-lashes at me and convinced me to (stupidly) insert my plugs into her USB port, setting off this cyber-syphilitic farce. I confess! Never again, without protection first! I've learned a valuable lesson here.

Anyway, there are many different ways to back up your data and then format and reinstall your OS.

It is done only on your "home" drive, which is where your OS is. You can move all important data to the other hard drives, and then commence operations of format and reinstall. I have various tutorials to easily help you do that!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by rjwest007 on Sun Jun 24, 2012 2:36 am

Dragon Master Jay:
Thank you. Please direct me to the tutorials applicable.
-rjwest

PS. The cyber-sex reference/analogy was an attempt at humor... sorry if I'm not funny! Even less funny if deep analysis is applied...

rjwest007
Novice
Novice

Posts Posts : 6
Joined Joined : 2012-05-19
OS OS : XP Pro ver 2002 svc pack 3
Points Points : 16676
# Likes # Likes : 0

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by Dr Jay on Sun Jun 24, 2012 7:04 pm

Not a problem.

This should help:

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: PART02 Autorun.inf exposure+Run>cmd>attrib-returns "not recognized as...command

Post by Dr Jay on Sat Jun 30, 2012 7:59 pm

Are you still with us? Please update us on your situation.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum