Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr. Watson Post Mortem - Freeze


  • Please log in to reply

#1
yardman

yardman

    Member

  • Member
  • PipPip
  • 26 posts
i think I did everthing: Ad-Aware, Spybot, etc. Below is my "hijackThis log". What should i do now. The problem is that I really can't do anything EXCEPT surf the net. If I try Control Panel, My Documents, etc. the PC freezes up. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 3:08:04 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\TimeSink\AdGateway\TSAdBot.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wintc32.exe
C:\WINDOWS\crbf32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9B7C0FD1-A979-46E0-871F-2B02FBB5AF1C} - C:\WINDOWS\apprs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [wintc32.exe] C:\WINDOWS\system32\wintc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatc...tionControl.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\crbf32.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Thanks again
email adress removed before the spambots find it - Metallica
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Hi yardman,
  • Prepare CWShredder:
    • Download CWShredder.
    • Save it to your desktop.
    • Do not run it yet. We will run it later.
  • Run Symantec's BackDoor Removal Tool:
    • Download the Backdoor.Agent.B Removal Tool from Symantec.
    • Follow Symantec's instructions for how to run it.
    • Be sure to save the log file. I will need to see it later.
    • Restart your computer.
  • Run CWShredder. Be sure to click Fix as opposed to Scan Only. It should find some things and remove them.
  • Restart your computer once more.
  • Post a new HijackThis log and the log Symantec's tool gave you.
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {9B7C0FD1-A979-46E0-871F-2B02FBB5AF1C} - C:\WINDOWS\apprs.dll

O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [wintc32.exe] C:\WINDOWS\system32\wintc32.exe

O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\crbf32.exe

Then reboot and post a new log.

Regards,
  • 0

#3
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
:tazz: Thanks, Metallica,
I think I have done what you asked. Below is the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 2:34:24 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\crbf32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TimeSink\AdGateway\TSAdBot.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wintc32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {81970AF7-966E-6A37-8990-01F3D1C5C2B2} - C:\WINDOWS\system32\iees.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [wintc32.exe] C:\WINDOWS\system32\wintc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatc...tionControl.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\crbf32.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


Here is the Symantec notebook output. I did NOT see any log file labeled "log".

Symantec Backdoor.Agent.B Removal Tool 1.0.1.2


Backdoor.Agent.B has not been found on your computer.
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Are you sure?

Nothing much changed except for some filenames.

Download and run About:Buster http://www.majorgeek...wnload4289.html
It ususally takes two runs to get cleaned.

Then run CWShredder once more.

Post back with a new HijackThis log.

Regards,
  • 0

#5
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks again, Metallica.

I was unable to run the "buster" program. Below is my last Hijackathis log. I did run "CWShredder", Symantec BackDoor....

Logfile of HijackThis v1.99.1
Scan saved at 10:24:57 AM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\crbf32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\TimeSink\AdGateway\TSAdBot.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\wintc32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {035FD008-68DD-AC7F-54F5-2A38F671E83B} - C:\WINDOWS\atlpn32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [wintc32.exe] C:\WINDOWS\system32\wintc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatc...tionControl.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\crbf32.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Yardman
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
What went wrong with About:Buster ?

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {035FD008-68DD-AC7F-54F5-2A38F671E83B} - C:\WINDOWS\atlpn32.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)

O4 - HKLM\..\Run: [wintc32.exe] C:\WINDOWS\system32\wintc32.exe

O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\crbf32.exe

Click Start >Run > type cmd > OK

When the Command prompt comes up type or paste in this command and press enter:

sc GetKeyName "Remote Procedure Call (RPC) Helper"

It will give the a name for the service.

Agan in the Command Prompt type sc delete space and then copy the name you got from the 1st command. Press enter.
You should get a success message.

If not, then the key name has some character which sc cannot translate. Let me know.

Reboot and post back with a new HijackThis log

Regards,
  • 0

#7
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Again, thanks for your help.

Reran Hijack This and checked/fixed the code you indicated.

Ran the GetKeyName RPC, BUT when I tried to run the cmd using the service name it did not work.

Below is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:03:35 AM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\TimeSink\AdGateway\TSAdBot.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\crbf32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1801F3E4-30B9-6127-58F8-3C65653A5167} - C:\WINDOWS\cral.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatc...tionControl.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\crbf32.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Yardman
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Copy the contents of the quote box to Notepad.
Name the file Bye.vbs
Save as Type : All files

Double click on Bye.vbs to run it. You'll get an already stopped message and then another message box saying Done!


 
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
  ("Select * from Win32_Service Where DisplayName = 'Remote Procedure Call (RPC) Helper'")
For Each objService in colListOfServices
If objService.State = "Stopped" then
MsgBox "Stopped Already"
Else
objService.StopService()
MsgBox "Service Stopped"

End IF
  objService.Delete()


Next

MsgBox "Done"



If you then run Services.msc you should no longer see the Remote Procedure Call (RPC) Helper Service on the list.

Run Symantec's BackDoor Removal Tool:
[list]
[*]Download the Backdoor.Agent.B Removal Tool from Symantec.
[*]Follow Symantec's instructions for how to run it.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

O2 - BHO: (no name) - {1801F3E4-30B9-6127-58F8-3C65653A5167} - C:\WINDOWS\cral.dll

Reboot and post your new HijackThis log.

Regards,
  • 0

#9
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Metallica,
When we ran the file Bye.vbs we recieved the following error message:

Windows Script Host
Script C:\Programfiles\bye.vbs
Line 6
Char 1
Error 0x8004100A
Code 8004100A
Source (null)

Please advise. Thanks.

Yardman
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Can you try this one? To satisfy my curiosity.
Copy the part in the quote box as byenow.vbs

<Begin Script to Remove "RPC Helper">

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where Name = 'Remote Procedure Call (RPC) Helper'")
For Each objService in colListOfServices
objService.StopService()
objService.Delete()
Next

MsgBox "Done"


<End Script>

Let me know.
  • 0

Advertisements


#11
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Metallica,
We received the same error message as last time. What now? Thanks.
Yardman
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
We'll have to do it manually. :tazz:

Click Start > Run > regedit > OK

The registry editor will open.
By clicking the plus signs navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Then you will notice one folder icon with a name starting with LEGACY_
Select that folder and click Registry > Export
Close the registry editor

Open the file you exported in Notepad and post the content.

Regards,
  • 0

#13
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
There must be 50 different LEGACY_ files. Do you want me to post all of the names?
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
That many? :tazz:

Sure, post them.
  • 0

#15
yardman

yardman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here are all the LEGACY_ files incase you need them.

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ABP480N5
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADPU160M
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:26 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: AFD

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AFD Networking Support Environment

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: AFD


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AGPCPQ
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AHA154X
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AIC78U2
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AIC78XX
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALG
Class Name: <NO CLASS>
Last Write Time: 3/4/2005 - 10:11 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALG\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: ALG

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Application Layer Gateway Service


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALG\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: ALG


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALIIDE
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:01 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALIM1541
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMDAGP
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:01 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT
Class Name: <NO CLASS>
Last Write Time: 9/10/2004 - 1:40 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_APPMGMT\0000
Class Name: <NO CLASS>
Last Write Time: 11/20/2004 - 3:35 PM
Value 0
Name: Service
Type: REG_SZ
Data: AppMgmt

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Application Management


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3350P
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3550
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASCTRM
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:18 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASCTRM\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: ASCTRM

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: ASCTRM

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASCTRM\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASCTRM\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: ASCTRM


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AUDIOSRV
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:23 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AUDIOSRV\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: AudioSrv

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Windows Audio


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AUDIOSRV\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: AudioSrv


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7ALRT
Class Name: <NO CLASS>
Last Write Time: 5/9/2005 - 11:54 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7ALRT\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: Avg7Alrt

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AVG7 Alert Manager Server


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7ALRT\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Avg7Alrt


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE
Class Name: <NO CLASS>
Last Write Time: 5/9/2005 - 11:54 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Avg7Core

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AVG7 Kernel

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 5/10/2005 - 1:50 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Avg7Core


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW
Class Name: <NO CLASS>
Last Write Time: 5/9/2005 - 11:54 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Avg7RsW

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AVG7 Wrap Driver

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 5/10/2005 - 1:50 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Avg7RsW


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP
Class Name: <NO CLASS>
Last Write Time: 5/9/2005 - 11:54 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Avg7RsXP

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AVG7 Rezident Driver

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 5/10/2005 - 1:50 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Avg7RsXP


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC
Class Name: <NO CLASS>
Last Write Time: 5/9/2005 - 11:54 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: Avg7UpdSvc

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AVG7 Update Service


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Avg7UpdSvc


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI
Class Name: <NO CLASS>
Last Write Time: 5/9/2005 - 11:54 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: AvgTdi

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: AVG Network Redirector

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 5/10/2005 - 1:50 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: AvgTdi


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BEEP
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:22 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BEEP\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Beep

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Beep

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BEEP\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BEEP\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Beep


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 6:49 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: BITS

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Background Intelligent Transfer Service


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: BITS


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:35 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: Browser

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Computer Browser


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Browser


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBIDF
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCEVTMGR
Class Name: <NO CLASS>
Last Write Time: 11/20/2004 - 5:19 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCEVTMGR\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: ccEvtMgr

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Symantec Event Manager


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCEVTMGR\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: ccEvtMgr


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCPROXY
Class Name: <NO CLASS>
Last Write Time: 11/20/2004 - 5:19 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCPROXY\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: ccProxy

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Symantec Network Proxy


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCPROXY\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: ccProxy


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR
Class Name: <NO CLASS>
Last Write Time: 11/20/2004 - 4:16 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: ccSetMgr

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Symantec Settings Manager


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: ccSetMgr


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CD20XRNT
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CDFS
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:22 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CDFS\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: cdfs

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: cdfs


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CDFS\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Cdfs


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CDUDF_XP
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:17 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CDUDF_XP\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: cdudf_xp

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: cdudf_xp


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CDUDF_XP\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: cdudf_xp


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDIDE
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:01 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMSYSAPP
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:30 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMSYSAPP\0000
Class Name: <NO CLASS>
Last Write Time: 11/26/2002 - 8:09 PM
Value 0
Name: Service
Type: REG_SZ
Data: COMSysApp

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: COM+ System Application


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CPQARRAY
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CREATIVE_SERVICE_FOR_CDROM_ACCESS
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:12 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CREATIVE_SERVICE_FOR_CDROM_ACCESS\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: Creative Service for CDROM Access

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Creative Service for CDROM Access


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CREATIVE_SERVICE_FOR_CDROM_ACCESS\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Creative Service for CDROM Access


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CRYPTSVC
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:23 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CRYPTSVC\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: CryptSvc

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Cryptographic Services


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CRYPTSVC\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: CryptSvc


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DAC2W2K
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DAC960NT
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DCOMLAUNCH
Class Name: <NO CLASS>
Last Write Time: 3/4/2005 - 10:08 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DCOMLAUNCH\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: DcomLaunch

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: DCOM Server Process Launcher


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DCOMLAUNCH\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: DcomLaunch


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:26 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Dhcp

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: DHCP Client


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DHCP\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Dhcp


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMBOOT
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:22 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMBOOT\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: dmboot

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: dmboot

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMBOOT\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMBOOT\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMLOAD
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:22 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMLOAD\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: dmload

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: dmload

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMLOAD\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DMLOAD\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNSCACHE
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:26 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNSCACHE\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Dnscache

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: DNS Client


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNSCACHE\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Dnscache


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DPTI2O
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 6:00 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSVC
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:23 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSVC\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: ERSvc

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Error Reporting Service


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSVC\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: ERSvc


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:28 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: EventSystem

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: COM+ Event System


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: EventSystem


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FALLBACK
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 5:57 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FALLBACK\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Fallback

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Fallback

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FALLBACK\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FALLBACK\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Fallback


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:22 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: fastfat

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: fastfat


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTFAT\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Fastfat


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 6:35 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTUSERSWITCHINGCOMPATIBILITY\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: Service
Type: REG_SZ
Data: FastUserSwitchingCompatibility

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Fast User Switching Compatibility


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FASTUSERSWITCHINGCOMPATIBILITY\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:14 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: FastUserSwitchingCompatibility


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FIPS
Class Name: <NO CLASS>
Last Write Time: 11/15/2001 - 12:22 AM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FIPS\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: Fips

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x20

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: Fips

Value 6
Name: Capabilities
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FIPS\0000\LogConf
Class Name: <NO CLASS>
Last Write Time: 11/27/2002 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FIPS\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: Fips


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FLTMGR
Class Name: <NO CLASS>
Last Write Time: 3/4/2005 - 10:08 PM
Value 0
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FLTMGR\0000
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: Service
Type: REG_SZ
Data: FltMgr

Value 1
Name: Legacy
Type: REG_DWORD
Data: 0x1

Value 2
Name: ConfigFlags
Type: REG_DWORD
Data: 0x0

Value 3
Name: Class
Type: REG_SZ
Data: LegacyDriver

Value 4
Name: ClassGUID
Type: REG_SZ
Data: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Value 5
Name: DeviceDesc
Type: REG_SZ
Data: FltMgr


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FLTMGR\0000\Control
Class Name: <NO CLASS>
Last Write Time: 5/27/2005 - 6:13 AM
Value 0
Name: ActiveService
Type: REG_SZ
Data: FltMgr


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSKS
Class Name: <NO CLASS>
Last Write Time: 11/20/2002 - 5:57 AM
Value 0
Name: NextInstance
T
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP