Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with Win32/Sality virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 gforce422

gforce422

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 25 October 2008 - 09:45 PM

About a week ago, I noticed my laptop computer began running much more slowly than it had been in the past. I then tried to open up Windows Task Manager, and got the message, "Task Manager has been disabled by your administrator." Somewhat alarmed, I then attempted to run "regedit" to allow me to re-enable the task manager. It gave me the following error, "Registry editing has been disabled by your administrator." I then realized that Windows Firewall was turned off, and locked, with a message on the top, saying, "For your security, some settings are controlled by Group Policy".
I tried to open McAfee antivirus, and found that it would not open. I then attempted to download and install Ad Aware Antivirus, which installed, but would not open, and popped up the following message, "System error: 1810 has occurred. Description: Service is not online. Application terminates."
I then downloaded SpyBot-Search and Destroy, and installed it, but it would not run. The virus killed the application before it could initiate. None of the online scans would load for me, so finally, I downloaded and installed McAfee AVERT Stinger, which opened and proceeded to scan. It began to detect the Win32/Sality virus, but could not repair any of the files. The infected files were all .exe files, and were all located in Program Files. After this one scan, McAfee AVERT Stinger would not run again, and displayed the following message, "Stinger may be infected, cannot continue." I tried to boot in safe mode, but it would not work. I would get a BSOD and a message saying that a virus had been found, and to prevent damage to my computer, it would shut down.I scanned with MalwareBytes, and all it turned up was a task manager hijack, which it claimed it quarantined and deleted. However, I found that the file would regenerate itself after being deleted. I have on record all of the logs I have performed in Malwarebytes if necessary. Here is a portion of the log:

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

My brother then attempted to help by downloading and installing AntiSpyware2008, (www.antispyware.com) which managed to find numerous Sality files, which it quarantined. However, there were twelve files which kept on regenerating in subsequent scans, which I notated on paper. I will list them for you.

hkey_local_machine\system\currentcontrolser\services\abp470n5
hkey_local_machine\system\currentcontrolser\services\abp470n5\security Value: Security
hkey_local_machine\system\currentcontrolser\services\abp470n5\security
hkey_local_machine\system\currentcontrolser\services\abp470n5\enum Value: 0
hkey_local_machine\system\currentcontrolser\services\abp470n5\enum Value: Count
hkey_local_machine\system\currentcontrolser\services\abp470n5\enum Value: NextInstance
hkey_local_machine\system\currentcontrolser\services\abp470n5\enum
hkey_local_machine\system\currentcontrolser\services\abp470n5 Value: Type
hkey_local_machine\system\currentcontrolser\services\abp470n5 Value: Start
hkey_local_machine\system\currentcontrolser\services\abp470n5 Value: ErrorControl
hkey_local_machine\system\currentcontrolser\services\abp470n5 Value: ImagePath
hkey_local_machine\system\currentcontrolser\services\abp470n5 Value: DisplayName



After quarantining these files for the second time, I tried to view the quarantined files in AntiSpyware, but as soon as I clicked on the tab, the following error message popped up:

Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Antispyware\Antispware.exe
R6002
-floating point support not loaded


This same error pops up every time Antispyware tries to load now, so I cannot even get into the program. Now I've done a little bit more research, and found out that AntiSpyware might be a rogue program, although I don't know for sure. I'm sure you folks could tell me. I scanned AntiSpyware with Malwarebytes, and nothing was infected.

In short, I need help. :thumbsup:
I do have a backup plan if the virus is not able to be removed. New hard drives for my laptop are only about $60. :) If worse comes to worst, is there any way I could transfer some data to the new hard drive without corrupting it? I would only need to transfer some Word Perfect Documents, the contents of My Pictures, and maybe my Firefox bookmarks. Other than that, everything else can go without a fight. :) I hope I have not given any superfluous information; I kinda figured more was better in this case.

Thank you all so much in advance for helping me solve my problem!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:34 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winnvajd.exe
C:\Documents and Settings\G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winvfmf.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winhgrwf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7042 bytes

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 26 October 2008 - 08:10 AM

Hello gforce422 :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.






Let's see if you can run the two programs below:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 26 October 2008 - 01:27 PM

Thanks for the quick reply, thewall!

I tried Kaspersky first, but interestingly enough, it seems that the virus is blocking me from accessing their website. It gives me a "Page Load Error, Firefox can't find the server at www.kaspersky.com." I tried to access Kaspersky in Internet Explorer 6, and received a similar message. I went on another computer, and was able to access Kaspersky without any problems, so that ruled out the possibility of the website being down.

RSIT, however, worked just fine, so here are the logs from that program:




Logfile of random's system information tool 1.04 (written by random/random)
Run by G at 2008-10-26 14:17:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (12%) free of 33 GB
Total RAM: 502 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:30 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winnvajd.exe
C:\Documents and Settings\G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winvfmf.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winhgrwf.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winefkbai.exe
C:\Program Files\Antispyware\Antispyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\G\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\G.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7167 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - C:\Program Files\McAfee\MSK\mcapbho.dll [2007-09-19 329032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-07-24 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe []
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 279792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antispyware"=C:\Program Files\Antispyware\Antispyware.exe [2008-10-16 20205568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antispyware]
C:\Program Files\Antispyware\Antispyware.exe [2008-10-16 20205568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1417216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 534512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 279792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2006-05-22 694272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 215024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-12-13 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 363304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2007-01-16 4920872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2005-03-14 405602]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-05-15 95744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-11-16 466944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 226704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 843867]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1998-05-06 186368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-24 107520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\KEM.exe [2004-09-02 651264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1159727030\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1159727030\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1159727030\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1159727030\ee\aim6.exe:*:Enabled:AIM"
"F:\Program Files\123 Movies2iPod\123 Movies2iPod.exe"="F:\Program Files\123 Movies2iPod\123 Movies2iPod.exe:*:Enabled:123 Movies2iPod Pro"
"F:\Program Files\123Movies2IPOD\123Movies2IPOD.exe"="F:\Program Files\123Movies2IPOD\123Movies2IPOD.exe:*:Enabled:123 Movies2iPod Pro"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winrekuu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winrekuu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winxhrtmw.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winxhrtmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winhyvabv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winhyvabv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\dwdfp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\dwdfp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\epobjg.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\epobjg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winniha.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winniha.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winyxie.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winyxie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\bglyr.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\bglyr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\syyjx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\syyjx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wincltuhq.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wincltuhq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqkxlgp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqkxlgp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\cdhuo.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\cdhuo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\efpdq.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\efpdq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\sbroeb.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\sbroeb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\felx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\felx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\kkpdig.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\kkpdig.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\yoppr.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\yoppr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winypcnml.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winypcnml.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winroyl.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winroyl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winaqeu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winaqeu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wineqxkis.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wineqxkis.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\bdyeox.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\bdyeox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winjxuekx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winjxuekx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winnifdi.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winnifdi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winsvvn.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winsvvn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\mgpyu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\mgpyu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\njiv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\njiv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wincfai.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wincfai.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winvtwbo.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winvtwbo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winwujm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winwujm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\aqgsp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\aqgsp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winxrbop.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winxrbop.exe:*:Enabled:ipsec"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\osob.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\osob.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\rypx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\rypx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winbfxhmx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winbfxhmx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqapgh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqapgh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winhauumg.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winhauumg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\vkxcf.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\vkxcf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\ylnaca.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\ylnaca.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\vqoim.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\vqoim.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winjucjh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winjucjh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winrlhhej.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winrlhhej.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wingavwc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wingavwc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\ngobib.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\ngobib.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wintnji.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wintnji.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\xfaemm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\xfaemm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\nfmw.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\nfmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\glotec.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\glotec.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\opylrh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\opylrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\kwyvm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\kwyvm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wineiekt.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wineiekt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winiucp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winiucp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winssyhrq.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winssyhrq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqrkym.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqrkym.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winhffreh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winhffreh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\agdl.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\agdl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqlykvc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqlykvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\lybxhv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\lybxhv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\ldcf.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\ldcf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\apiwpc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\apiwpc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\bvfv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\bvfv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\rmdoy.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\rmdoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wtmsv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wtmsv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqceu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqceu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winldjud.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winldjud.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winkuqg.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winkuqg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\adqol.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\adqol.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winfxogpk.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winfxogpk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winxrbdii.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winxrbdii.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winypgln.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winypgln.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wintpktjm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wintpktjm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqehle.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqehle.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winchvft.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winchvft.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\xiyley.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\xiyley.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winldntpj.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winldntpj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winekxn.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winekxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\uuud.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\uuud.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\vldc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\vldc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winnlrh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winnlrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winfttea.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winfttea.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-26 14:17:12 ----D---- C:\rsit
2008-10-25 20:11:59 ----D---- C:\Program Files\Trend Micro
2008-10-24 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 19:11:44 ----D---- C:\WINDOWS\pss
2008-10-21 10:06:30 ----D---- C:\Documents and Settings\G\Application Data\Antispyware
2008-10-21 10:06:21 ----D---- C:\Program Files\Antispyware
2008-10-20 22:03:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-20 22:03:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 17:29:51 ----D---- C:\Program Files\Lavasoft
2008-10-20 17:29:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-20 17:29:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-20 16:42:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-20 09:03:30 ----D---- C:\201008_09-03-29F
2008-10-19 14:35:08 ----D---- C:\Program Files\Alwil Software
2008-10-18 20:31:46 ----A---- C:\WINDOWS\Overdub.ini
2008-10-18 20:31:00 ----D---- C:\Program Files\Blaze Audio
2008-10-18 19:58:42 ----D---- C:\Program Files\Riva
2008-10-15 03:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 03:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-13 09:03:18 ----D---- C:\131008_09-03-17F

======List of files/folders modified in the last 1 months======

2008-10-26 14:17:16 ----D---- C:\WINDOWS\Temp
2008-10-26 14:17:10 ----D---- C:\WINDOWS\Prefetch
2008-10-26 14:14:52 ----D---- C:\Program Files\Mozilla Firefox
2008-10-26 13:46:33 ----D---- C:\WINDOWS\network diagnostic
2008-10-25 20:11:59 ----RD---- C:\Program Files
2008-10-24 21:40:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 03:30:10 ----D---- C:\WINDOWS
2008-10-24 03:30:08 ----D---- C:\WINDOWS\system32\drivers
2008-10-24 03:30:01 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-10-24 03:29:34 ----D---- C:\WINDOWS\system32
2008-10-24 03:28:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 03:03:00 ----HD---- C:\WINDOWS\inf
2008-10-24 03:02:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-24 03:01:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 20:14:02 ----RASH---- C:\boot.ini
2008-10-21 20:14:02 ----A---- C:\WINDOWS\win.ini
2008-10-21 20:14:02 ----A---- C:\WINDOWS\system.ini
2008-10-21 10:40:17 ----SHD---- C:\WINDOWS\Installer
2008-10-21 10:06:31 ----SD---- C:\WINDOWS\Tasks
2008-10-20 17:29:01 ----D---- C:\Program Files\Common Files
2008-10-20 17:22:51 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-20 16:40:24 ----SD---- C:\Documents and Settings\G\Application Data\Microsoft
2008-10-20 16:37:06 ----D---- C:\i386
2008-10-20 16:12:54 ----D---- C:\dell
2008-10-20 16:11:15 ----D---- C:\Program Files\Messenger
2008-10-20 16:02:51 ----D---- C:\WINDOWS\Minidump
2008-10-20 15:57:08 ----D---- C:\WINDOWS\WinSxS
2008-10-20 09:16:50 ----D---- C:\Documents and Settings\G\Application Data\U3
2008-10-15 21:40:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 03:13:48 ----D---- C:\Program Files\McAfee
2008-10-15 03:04:29 ----A---- C:\WINDOWS\imsins.BAK
2008-10-10 09:00:27 ----D---- C:\080908_09-03-11F
2008-10-09 18:23:20 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-09 18:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-07-21 201288]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-15 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2007-10-15 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-07-24 79304]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-07-21 35240]
R3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-07-21 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S2 DellBIOS;DellBIOS; \??\C:\WINDOWS\DellBIOS.Sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-07-24 33800]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-08-24 23880]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-07-25 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 146480]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 147456]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 618792]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 456008]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 143936]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 381504]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 983040]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.04 2008-10-26 14:17:37

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\Sierra\CoolPool\Uninst.isu
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\UNINST.EXE -f"F:\Photoshop 5.0\DeIsL1.isu" -c"F:\Photoshop 5.0\Uninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Antispyware-->MsiExec.exe /X{03F85E9B-CE0A-47BA-81C4-4021729BC686}
Any Video Converter 2.6.2-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"F:\Program Files\AviSynth 2.5\Uninstall.exe"
Blaze Audio Overdub Trial-->"C:\Program Files\Blaze Audio\Overdub Trial\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CDex extraction audio-->"F:\Program Files\CDex_170b2\uninstall.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DVD Decrypter (Remove Only)-->"F:\DVD Decrypter\uninstall.exe"
DVD43 v3.9.0-->"C:\Program Files\dvd43\unins000.exe"
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
Handbrake 2.4.1-->F:\Handbrake\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Web Developer 2005 Express Edition - ENU-->MsiExec.exe /X{221125DC-6A40-4900-B844-591F5E1195B0}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
NCH Tone Generator-->C:\Program Files\NCH Software\ToneGen\uninst.exe
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic and Knuckles 2 1.0-->"C:\Program Files\Sonic and Knuckles 2\unins000.exe"
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
SONIC CD Killer !-->C:\WINDOWS\SCUNINST.EXE C:\WINDOWS\SONIC.INI
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Web Easy Professional 7-->C:\Program Files\InstallShield Installation Information\{D16AA51D-2BE9-421A-84A7-759578E64A74}\setup.exe -runfromtemp -l0x0009 -removeonly
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFF v0.28-->"F:\Program Files\WinFF\unins000.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 27 October 2008 - 04:43 PM

Your're correct about the Antispyware program, it is a rogue.
http://www.systemlookup.com/lists.php?list...Antispyware.exe

Also your McAfee antivirus is showing up as outdated. We will have to deal with this before we finish up.


Since you have sality present on your machine I need to make you aware of the following warning while at the same time letting you know this version is one of the really bad ones.



One or more of the identified infections is a backdoor agent. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the agent has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of agent, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

For the time being I will proceed on the assumption you wish to clean up your computer. If you do not and would rather reformat or reinstall let me know in your next reply.



1.)

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".




2.)

We're going to get rid of the rogue program and try to reenable your regedit. If all of the things we are doing in this post works we should be able to reenable your Task Mgr, possibly in the next pass.

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
Antispyware

If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


Then close all windows except HijackThis and click Fix Checked.



Use Windows Explorer to find and delete this folder if still present

C:\Program Files\Antispyware

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Restart your computer



When completed please provide a new RSIT log(there will be only one this time).

I also need to know if you have another machine or use of one that you can transfer programs and a way to do so such as a flash drive or something?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 27 October 2008 - 08:14 PM

I do not have have a flash drive anymore. It has found a new home in the bottom of my garbage can. :) The virus apparently spread to my flash drive launchpad, because it showed up infected on one of the virus scans I performed. (I think it was the McAfee Stinger program) Don't know if it was a false positive or not, but I couldn't risk plugging it into anything else. (I had a sandisk U3 1gb) However.... I do have a Western Digital MyBook 160 gig external hard drive, which has some data on it. (which has been plugged into the infected computer) I do not believe the virus has spread to it yet...is it possible to run a HJT log on the external hard drive to make sure it is clean? Maybe I could transfer the files I want to keep to the external drive if a reformat is necessary. I also have access to a desktop computer if necessary.

I deleted the O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 command in HJT, but apparently it cannot be deleted. Regedit is still disabled, and the file still showed up in a second HJT scan. When I checked off the "Fixed Checked" button, and then ran another scan, it appeared again. :) All of the other files, however, deleted just fine.

I also noticed that a portion of the Antispyware program is still with me, as found in the RSIT log below, under the "Scheduled tasks folder":
C:\WINDOWS\tasks\Antispyware Scheduled Scan.job. I was considering deleting it, although I want to make sure it is safe to do so. I have highlighted this string in the log below to make it easier to find.

Thank you so much for taking the time to help me, I appreciate it more than you know. :thumbsup:





Logfile of random's system information tool 1.04 (written by random/random)
Run by G at 2008-10-27 20:34:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (15%) free of 33 GB
Total RAM: 502 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:06 PM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WINMINE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\DOCUME~1\G\LOCALS~1\Temp\winhvitij.exe
C:\Documents and Settings\G\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\G.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6277 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - C:\Program Files\McAfee\MSK\mcapbho.dll [2007-09-19 329032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-07-24 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe []
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 279792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antispyware]
C:\Program Files\Antispyware\Antispyware.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1417216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 534512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 279792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2006-05-22 694272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\G\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 215024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-12-13 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 363304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2007-01-16 4920872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2005-03-14 405602]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-05-15 95744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-11-16 466944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 226704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 843867]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1998-05-06 186368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-24 107520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\KEM.exe [2004-09-02 651264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1159727030\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1159727030\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1159727030\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1159727030\ee\aim6.exe:*:Enabled:AIM"
"F:\Program Files\123 Movies2iPod\123 Movies2iPod.exe"="F:\Program Files\123 Movies2iPod\123 Movies2iPod.exe:*:Enabled:123 Movies2iPod Pro"
"F:\Program Files\123Movies2IPOD\123Movies2IPOD.exe"="F:\Program Files\123Movies2IPOD\123Movies2IPOD.exe:*:Enabled:123 Movies2iPod Pro"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winrekuu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winrekuu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winxhrtmw.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winxhrtmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winhyvabv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winhyvabv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\dwdfp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\dwdfp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\epobjg.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\epobjg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winniha.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winniha.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winyxie.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winyxie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\bglyr.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\bglyr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\syyjx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\syyjx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wincltuhq.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wincltuhq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqkxlgp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqkxlgp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\cdhuo.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\cdhuo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\efpdq.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\efpdq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\sbroeb.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\sbroeb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\felx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\felx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\kkpdig.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\kkpdig.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\yoppr.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\yoppr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winypcnml.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winypcnml.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winroyl.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winroyl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winaqeu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winaqeu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wineqxkis.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wineqxkis.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\bdyeox.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\bdyeox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winjxuekx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winjxuekx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winnifdi.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winnifdi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winsvvn.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winsvvn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\mgpyu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\mgpyu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\njiv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\njiv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wincfai.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wincfai.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winvtwbo.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winvtwbo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winwujm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winwujm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\aqgsp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\aqgsp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winxrbop.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winxrbop.exe:*:Enabled:ipsec"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\osob.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\osob.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\rypx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\rypx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winbfxhmx.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winbfxhmx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqapgh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqapgh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winhauumg.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winhauumg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\vkxcf.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\vkxcf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\ylnaca.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\ylnaca.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\vqoim.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\vqoim.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winjucjh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winjucjh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winrlhhej.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winrlhhej.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wingavwc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wingavwc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\ngobib.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\ngobib.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wintnji.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wintnji.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\xfaemm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\xfaemm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\nfmw.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\nfmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\glotec.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\glotec.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\opylrh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\opylrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\kwyvm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\kwyvm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wineiekt.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wineiekt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winiucp.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winiucp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winssyhrq.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winssyhrq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqrkym.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqrkym.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winhffreh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winhffreh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\agdl.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\agdl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqlykvc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqlykvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\lybxhv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\lybxhv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\ldcf.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\ldcf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\apiwpc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\apiwpc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\bvfv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\bvfv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\rmdoy.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\rmdoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wtmsv.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wtmsv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqceu.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqceu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winldjud.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winldjud.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winkuqg.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winkuqg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\adqol.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\adqol.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winfxogpk.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winfxogpk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winxrbdii.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winxrbdii.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winypgln.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winypgln.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\wintpktjm.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\wintpktjm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winqehle.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winqehle.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winchvft.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winchvft.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\xiyley.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\xiyley.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winldntpj.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winldntpj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winekxn.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winekxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\uuud.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\uuud.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\vldc.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\vldc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winnlrh.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winnlrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\G\LOCALS~1\Temp\winfttea.exe"="C:\DOCUME~1\G\LOCALS~1\Temp\winfttea.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-27 20:18:31 ----SHD---- C:\Config.Msi
2008-10-26 14:17:12 ----D---- C:\rsit
2008-10-25 20:11:59 ----D---- C:\Program Files\Trend Micro
2008-10-24 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 19:11:44 ----D---- C:\WINDOWS\pss
2008-10-21 10:06:30 ----D---- C:\Documents and Settings\G\Application Data\Antispyware
2008-10-20 22:03:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-20 22:03:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 17:29:51 ----D---- C:\Program Files\Lavasoft
2008-10-20 17:29:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-20 17:29:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-20 16:42:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-20 09:03:30 ----D---- C:\201008_09-03-29F
2008-10-19 14:35:08 ----D---- C:\Program Files\Alwil Software
2008-10-18 20:31:46 ----A---- C:\WINDOWS\Overdub.ini
2008-10-18 20:31:00 ----D---- C:\Program Files\Blaze Audio
2008-10-18 19:58:42 ----D---- C:\Program Files\Riva
2008-10-15 03:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 03:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-13 09:03:18 ----D---- C:\131008_09-03-17F

======List of files/folders modified in the last 1 months======

2008-10-27 20:35:06 ----D---- C:\WINDOWS\Prefetch
2008-10-27 20:34:59 ----D---- C:\WINDOWS\Temp
2008-10-27 20:33:23 ----D---- C:\Program Files\Mozilla Firefox
2008-10-27 20:32:19 ----D---- C:\WINDOWS
2008-10-27 20:32:15 ----D---- C:\WINDOWS\system32\drivers
2008-10-27 20:32:00 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-10-27 20:30:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 20:28:08 ----RD---- C:\Program Files
2008-10-27 20:18:30 ----SHD---- C:\WINDOWS\Installer
2008-10-26 13:46:33 ----D---- C:\WINDOWS\network diagnostic
2008-10-24 21:40:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 03:29:34 ----D---- C:\WINDOWS\system32
2008-10-24 03:03:00 ----HD---- C:\WINDOWS\inf
2008-10-24 03:02:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-24 03:01:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 20:14:02 ----RASH---- C:\boot.ini
2008-10-21 20:14:02 ----A---- C:\WINDOWS\win.ini
2008-10-21 20:14:02 ----A---- C:\WINDOWS\system.ini
2008-10-21 10:06:31 ----SD---- C:\WINDOWS\Tasks
2008-10-20 17:29:01 ----D---- C:\Program Files\Common Files
2008-10-20 17:22:51 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-20 16:40:24 ----SD---- C:\Documents and Settings\G\Application Data\Microsoft
2008-10-20 16:37:06 ----D---- C:\i386
2008-10-20 16:12:54 ----D---- C:\dell
2008-10-20 16:11:15 ----D---- C:\Program Files\Messenger
2008-10-20 16:02:51 ----D---- C:\WINDOWS\Minidump
2008-10-20 15:57:08 ----D---- C:\WINDOWS\WinSxS
2008-10-20 09:16:50 ----D---- C:\Documents and Settings\G\Application Data\U3
2008-10-15 21:40:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 03:13:48 ----D---- C:\Program Files\McAfee
2008-10-15 03:04:29 ----A---- C:\WINDOWS\imsins.BAK
2008-10-10 09:00:27 ----D---- C:\080908_09-03-11F
2008-10-09 18:23:20 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-09 18:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-07-21 201288]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-15 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\jvsrol.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2007-10-15 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S2 DellBIOS;DellBIOS; \??\C:\WINDOWS\DellBIOS.Sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-07-24 79304]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-07-21 35240]
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-07-24 33800]
S3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-07-21 40488]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-08-24 23880]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 146480]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 147456]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 618792]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 456008]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-07-25 695624]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 143936]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 381504]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 983040]

-----------------EOF-----------------

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 27 October 2008 - 08:31 PM

You're more than welcome for the help. Glad we can do it. :thumbsup:

Bear with me on this as I am getting a lot of input from my coach due to the nature of this infection. I may appear to be a little slow getting back but I will respond as quickly as possible.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 27 October 2008 - 08:48 PM

That's OK. Take as much time as you need. :thumbsup:

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 31 October 2008 - 08:04 AM

Hi gforce422,

Just wanted to let you know I haven't forgotten you. I should have something up later today but I want to let you
know that it is going to be necessary for us to have a way to transfer programs over from another computer. A CD will work but when we start with the fix we are going to have to move along quickly or the virus will change everything we are doing as fast as we do it.

Please let me know if you the availability of a CD or another flash drive and we will then proceed.

Thanks for your patience :thumbsup:
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 31 October 2008 - 10:22 AM

Alright...I could do both, technically. I have access to blank CD's and I probably will to be able to get another flash drive...Is one necessarily more preferable than another?

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 31 October 2008 - 02:36 PM

A CD should work just fine. All we are trying to do is transfer the tools from another computer to the infected one.


I am going to give you a list of tools we will need and when you get them on a CD let me know. Don't do anything with them like putting them on the infected machine until we get ready for their use. I have a couple of other logs I need to get caught up on so I can work closely with you on this and then we will get started. It may be tomorrow my time before I post the next instructions.

Here's what we need:


Download the following programs & burn to CD:

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe <-- this is actually DrWebCureit

http://cid-6aaab341ce47c5c2.skydrive.live....FixPolicies.exe

http://www.techsupportforum.com/sectools/s...otKeyRepair.exe

If you encounter any problems just let me know.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 31 October 2008 - 05:00 PM

Everything went fine except for the last link... seemed broken. I downloaded it from the following link...if it's not the same thing, let me know. :thumbsup:

download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

Files are burned to a disc.

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 01 November 2008 - 10:11 AM

Yes, that copy should do it.


Now we will get started. It is important that all instructions be followed in the exact order they are listed and to make sure you have plenty of time to complete them once started so the virus doesn't start undoing everything we are trying to fix. When you start using the tools the listed things need to be done immediately one following the other or you will just wind back up at square one and we'll have to start over.


You can install the programs you have on your CD. When installing DrWeb it should install as Launch.exe which is what we want and that should be the name of the Icon on your Desktop. You may want to go ahead and download the ATF Cleaner that is listed below onto your CD so you'll have it. Hopefully though you should be able to access after running through the other part of the fix.


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.





1.)

Disable any antivirus programs including TeaTimer which may be running on your computer. Instructions can be found here.



This is where the fixes start

2.)
  • The first tool we'll use is FixPolicies
    FixPolicies.exe, a self-extracting ZIP archive.
    • Double-click FixPolicies.exe.
    • Click the "Install" button on the bottom toolbar of the box that will open.
    • The program will create a new Folder called FixPolicies.
    • Double-click to Open the new Folder, and then double-click the file within:
      Fix_Policies.cmd.
    • A black box will briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like.




    3.)

    We Need to Repair Safe Mode
  • Open Posted Image on your desktop.
  • Copy and paste the resultant log here in your next reply.
4.)

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer back into Safe Mode because it could be possible that files in use will be moved/deleted during reboot.




    5.)

    Run DrWeb again following the same instructions. This time save the log under a different name so it also can be posted in your next reply.




    6.)

    Please download ATF Cleaner by Atribune & save it to your desktop.[list]
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".





Now boot back into normal mode




7.)


Ok, now we are going to need the logs. The one from DrWeb(especially the initial run) are going to be very large. So you'll have to zip them up and attach them with your next reply. I'll also need a new RSIT log and there will be only one when you run it this time. You can attach the SafeBootRepair log if you would like but if you can boot into Safe Mode after using it then we know it worked, so that's up to you.


If you encounter any problems along the line stop and let me know and we'll try to work around them

Edited by thewall, 02 November 2008 - 09:30 AM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 02 November 2008 - 03:39 PM

Problem at the first step....Sality will not even let me access SpyBot, so I cannot disable Spybot OR TeaTimer. I can still access TeaTimer, though teatimer.exe.
Should I just uninstall Spybot? Delete the teatimer.exe file? What should I do?

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:53 AM

Posted 02 November 2008 - 04:34 PM

Yeah, let's try uninstalling Spybot . We can always reinstall it when we get through. Might want to make sure the TeaTimer.exe is gone afterwords just to make sure.

Then go from there.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 gforce422

gforce422
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 AM

Posted 02 November 2008 - 05:36 PM

Ok.... I followed the steps until the time came to boot into safe mode. It still will not boot into safe mode. I get a blue screen, which reads the following exactly:

A problem has been detected and windows has shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information

*** STOP: 0x0000007B (0xF88A2524, 0xC0000034, 0x00000000, 0x00000000)


____________________________________________________________________________


I thought that the CHKDSK /F might be referring to my external USB hard drive, (drive F on my computer) so I shut the hard drive off, unplugged it, and tried to restart my computer into safe mode. I got the same error message. Here is the SafeBootRepair log if you want to take a look at it.....






Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users