Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boot failure: stop 0x0000007B

Started by woods003 , Feb 02 2011 08:15 PM

  • This topic is locked This topic is locked

#16
woods003
Posted 04 February 2011 - 08:59 PM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
One last question, what software did you use to review the MRB backup file to determine that it was infected? Would like to understand how to deal with such issues in the future.
  • 0

Advertisements

#17
JSntgRvr
Posted 04 February 2011 - 09:36 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

One last question, what software did you use to review the MRB backup file to determine that it was infected? Would like to understand how to deal with such issues in the future.

It isn't easy. Experts use a Hex Editor program to analyze it, but in your case, I just had to download the mbrdump file and my security went over the border. Dumps can be scanned in places just as VirusTotal.

Latest infections are targeting the Master Boot Record. It can happens downloading free programs, on Peer to Peer Networks, or just a link to a non friendly site.

I would like to scan the computer with special programs to make sure all remnants are gone.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremove...ed-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#18
woods003
Posted 04 February 2011 - 11:26 PM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I will download and run combo fix in the morning....



Here is the MBMAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5681

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/4/2011 11:50:50 PM
mbam-log-2011-02-04 (23-50-50).txt

Scan type: Quick scan
Objects scanned: 183495
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\BonnieWoods\Local Settings\Application Data\MSASCui.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#19
woods003
Posted 05 February 2011 - 09:23 AM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the log from ComboFix


ComboFix 11-01-31.02 - BonnieWoods 02/05/2011 9:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2133 [GMT -5:00]
Running from: c:\documents and settings\BonnieWoods\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\BonnieWoods\Application Data\inst.exe
c:\documents and settings\BonnieWoods\My Documents\DPE.DUS
c:\windows\msnimport.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 14:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-05 14:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-02-04 21:26 . 2009-08-06 02:55 123904 ----a-w- C:\MbrFix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-02-28 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-02-28 22:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-07 245760]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-18 26112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-17 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
WinZip Quick Pick.lnk - f:\program files\WinZip\WZQKPICK.EXE [2007-2-24 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"f:\\VideoSpin\\Programs\\RM.exe"=
"f:\\VideoSpin\\Programs\\umi.exe"=
"f:\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/5/2010 9:09 PM 207280]
R1 crlscsi;crlscsi;c:\windows\SYSTEM32\DRIVERS\crlscsi.sys [3/2/2005 9:25 PM 6144]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [12/20/2010 4:36 PM 84072]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/5/2010 9:11 PM 198608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/31/2009 9:22 AM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/20/2010 4:36 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/20/2010 4:36 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/20/2010 4:37 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [12/20/2010 4:37 PM 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2008 2:21 PM 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [12/20/2010 4:36 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [12/20/2010 4:36 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [12/20/2010 4:36 PM 88544]
S2 gupdate1c9a2a26e3d600c;Google Update Service (gupdate1c9a2a26e3d600c);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 6:37 PM 133104]
S3 hpddndnt;HP DeskDirect Ethernet Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\hpddnd4.sys [11/5/1999 1:37 PM 35088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [12/20/2010 4:36 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [12/20/2010 4:36 PM 84264]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/10/2008 5:56 AM 365280]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 23:37]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 23:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.catawbarod.org/controls/LTOCX14N.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.catawbarod.org/controls/prntpro2.CAB
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CyberDefender Registry Cleaner - (no file)
HKLM-Run-Hot Key Kbd Daemon - SKDAEMON.EXE
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 09:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4003349153-1061598022-974140644-1005\Software\MusicMatch, Inc.\Musicmatch for WMP]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\Digital Line Detect]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\NetWaiting]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\PROSet\SupportTabKey]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\WMI]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=630YC61\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06??a\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'????a"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\WMSET10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\wmset10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\MPSTUB10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\mpstub10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}]
@DACL=(02 0000)
"FriendlyName"="Windows Media WMDM Redist Exception Pack"
"ComponentGUID"="{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}"
"Version"=dword:00090000
"Sub-Version"=dword:00010038
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\\WMDMDist.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\\wmdmdist.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\MPCD10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\mpcd10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\WMP10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\wmp10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
@DACL=(02 0000)
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
@DACL=(02 0000)
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
"ProgID"="MsScp.SCPTRANS.1"

[HKEY_LOCAL_MACHINE\software\Shutterfly\UploadControl]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\Mixer.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-02-05 10:06:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-05 15:06

Pre-Run: 7,455,207,424 bytes free
Post-Run: 7,657,549,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 75CDD0A900BC7A932D5D1F820FFD5E8F
  • 0

#20
JSntgRvr
Posted 05 February 2011 - 09:44 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file to the desktop.

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.
  • 0

#21
woods003
Posted 05 February 2011 - 10:32 AM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the second run of ComboFix dropping the csfscript file on it.

ComboFix 11-01-31.02 - BonnieWoods 02/05/2011 11:15:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2094 [GMT -5:00]
Running from: c:\documents and settings\BonnieWoods\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BonnieWoods\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\MbrFix.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MbrFix.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 14:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-05 14:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-02-28 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-02-28 22:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-07 245760]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-18 26112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-17 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
WinZip Quick Pick.lnk - f:\program files\WinZip\WZQKPICK.EXE [2007-2-24 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"f:\\VideoSpin\\Programs\\RM.exe"=
"f:\\VideoSpin\\Programs\\umi.exe"=
"f:\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/5/2010 9:09 PM 207280]
R1 crlscsi;crlscsi;c:\windows\SYSTEM32\DRIVERS\crlscsi.sys [3/2/2005 9:25 PM 6144]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [12/20/2010 4:36 PM 84072]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/5/2010 9:11 PM 198608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/31/2009 9:22 AM 88176]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/20/2010 4:36 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/20/2010 4:37 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [12/20/2010 4:37 PM 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2008 2:21 PM 24652]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [12/20/2010 4:36 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [12/20/2010 4:36 PM 88544]
S?2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/20/2010 4:36 PM 271480]
S2 gupdate1c9a2a26e3d600c;Google Update Service (gupdate1c9a2a26e3d600c);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 6:37 PM 133104]
S3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [12/20/2010 4:36 PM 55840]
S3 hpddndnt;HP DeskDirect Ethernet Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\hpddnd4.sys [11/5/1999 1:37 PM 35088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [12/20/2010 4:36 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [12/20/2010 4:36 PM 84264]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/10/2008 5:56 AM 365280]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 23:37]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 23:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.catawbarod.org/controls/LTOCX14N.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.catawbarod.org/controls/prntpro2.CAB
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 11:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4003349153-1061598022-974140644-1005\Software\MusicMatch, Inc.\Musicmatch for WMP\4.0\Browser]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\PROSet\SupportTabKey\General\Dell Customer Support]
@DACL=(02 0000)
"Order"=dword:00000001
"Url"="http://support.dell.com"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1000\SUBSYS_0E11B0DF]
@DACL=(02 0000)
"DisplayName"="Compaq NC6132 Gigabit Module"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1000\SUBSYS_0E11B0E0]
@DACL=(02 0000)
"DisplayName"="Compaq NC6133 Gigabit Module"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1000\SUBSYS_0E11B123]
@DACL=(02 0000)
"DisplayName"="Compaq NC6134 Gigabit NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1000\SUBSYS_10140119]
@DACL=(02 0000)
"DisplayName"="IBM Netfinity Gigabit Ethernet SX Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1000\SUBSYS_80861000]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 Gigabit Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1001\SUBSYS_0E11004A]
@DACL=(02 0000)
"DisplayName"="Compaq NC6136 Gigabit Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1001\SUBSYS_101401EA]
@DACL=(02 0000)
"DisplayName"="IBM Gigabit Ethernet SX Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1001\SUBSYS_80861003]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 F Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1004\SUBSYS_0E110049]
@DACL=(02 0000)
"DisplayName"="Compaq NC7132 Gigabit Upgrade Module"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1004\SUBSYS_0E11B1A4]
@DACL=(02 0000)
"DisplayName"="Compaq NC7131 Gigabit Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1004\SUBSYS_101410F2]
@DACL=(02 0000)
"DisplayName"="IBM Total Storage Gigabit Ethernet Copper Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1004\SUBSYS_80861004]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 T Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1004\SUBSYS_80862004]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 T Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1008\SUBSYS_10140269]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1008\SUBSYS_80861107]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 XT Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1008\SUBSYS_80862107]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 XT Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1008\SUBSYS_80862110]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1008\SUBSYS_80863108]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 XT Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1009\SUBSYS_10140268]
@DACL=(02 0000)
"DisplayName"="IBM iSeries Gigabit Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1009\SUBSYS_80861109]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 XF Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1009\SUBSYS_80862109]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 XF Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100C\SUBSYS_80861112]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 T Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100C\SUBSYS_80862112]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 T Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100D\SUBSYS_8086110D]
@DACL=(02 0000)
"DisplayName"="Intel® 82544GC-based Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_0E1100BD]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_10140265]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_10140267]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_1014026A]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_8086001E]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_8086002E]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100E\SUBSYS_8086003E]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_100F\SUBSYS_80861001]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1010\SUBSYS_80861011]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1010\SUBSYS_80861012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MF Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1011\SUBSYS_80861002]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MF Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1011\SUBSYS_80861003]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MF Server Adapter (LX)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1012\SUBSYS_80861012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MF Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_101D\SUBSYS_80861000]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/1000 MT Quad Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1030\SUBSYS_80861030]
@DACL=(02 0000)
"DisplayName"="Intel® InBusiness 10/100 Network Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1031\SUBSYS_10140209]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1031\SUBSYS_1014022D]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113001]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113002]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113003]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113004]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113005]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113006]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E113007]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B01E]
@DACL=(02 0000)
"DisplayName"="Compaq NC3120 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B01F]
@DACL=(02 0000)
"DisplayName"="Compaq NC3122 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B02F]
@DACL=(02 0000)
"DisplayName"="Compaq NC1120 Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B04A]
@DACL=(02 0000)
"DisplayName"="Compaq 10/100 TX PCI Intel WOL UTP Controller"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B0C6]
@DACL=(02 0000)
"DisplayName"="Compaq NC3161 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B0C7]
@DACL=(02 0000)
"DisplayName"="Compaq NC3160 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B0D7]
@DACL=(02 0000)
"DisplayName"="Compaq NC3121 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B0DD]
@DACL=(02 0000)
"DisplayName"="Compaq NC3131 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B0DE]
@DACL=(02 0000)
"DisplayName"="Compaq NC3132 Fast Ethernet Upgrade Module"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B0E1]
@DACL=(02 0000)
"DisplayName"="Compaq NC3133 Fast Ethernet Upgrade Module"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B134]
@DACL=(02 0000)
"DisplayName"="Compaq NC3163 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B13C]
@DACL=(02 0000)
"DisplayName"="Compaq NC3162 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B144]
@DACL=(02 0000)
"DisplayName"="Compaq NC3123 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B163]
@DACL=(02 0000)
"DisplayName"="Compaq NC3134 Fast Ethernet NIC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B164]
@DACL=(02 0000)
"DisplayName"="Compaq NC3135 Fast Ethernet Upgrade Module"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_0E11B209]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Mobile LAN on Motherboard"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014005C]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_101401BC]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LAN On Motherboard"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_101401F1]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 Ethernet Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_101401F2]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 Ethernet Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10140207]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10140232]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014023F]
@DACL=(02 0000)
"DisplayName"="Intel PRO/100 S Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014105C]
@DACL=(02 0000)
"DisplayName"="IBM Netfinity 10/100 Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014305C]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 EtherJet PCI Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014405C]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 EtherJet PCI Adapter with Alert on LAN"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014505C]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 EtherJet Secure Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014605C]
@DACL=(02 0000)
"DisplayName"="IBM 10/100 EtherJet Secure Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014705C]
@DACL=(02 0000)
"DisplayName"="IBM Netfinity 10/100 Ethernet Security Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1014805C]
@DACL=(02 0000)
"DisplayName"="IBM Netfinity 10/100 Ethernet Security Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10250009]
@DACL=(02 0000)
"DisplayName"="ACER NIC-559A PRO/100+ with WOL"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1025001A]
@DACL=(02 0000)
"DisplayName"="ACER NIC-559A PRO/100+ with Alert On LAN 2*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1025001B]
@DACL=(02 0000)
"DisplayName"="ACER T62L158 PRO/100+ with Alert On LAN 2*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1028009B]
@DACL=(02 0000)
"DisplayName"="Intel 8255x-based PCI Ethernet Adapter (10/100)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10338000]
@DACL=(02 0000)
"DisplayName"="NEC PC-9821X-B06(PCI) or compatible/Intel 82557-based Ethernet"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10338016]
@DACL=(02 0000)
"DisplayName"="NEC PK-UG-X006(PCI) or compatible Fast Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_1033801F]
@DACL=(02 0000)
"DisplayName"="NEC PK-UG-X006(PCI) or compatible Fast Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10338026]
@DACL=(02 0000)
"DisplayName"="NEC PK-UG-X006(PCI) or compatible Fast Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10338063]
@DACL=(02 0000)
"DisplayName"="NEC 82559-based Fast Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10338064]
@DACL=(02 0000)
"DisplayName"="NEC 82559-based Fast Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103380C4]
@DACL=(02 0000)
"DisplayName"="NEC 82559-based Fast Ethernet Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C10C0]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C10C3]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C10CA]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C10CB]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C10E3]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C10E4]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C1200]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_103C1273]
@DACL=(02 0000)
"DisplayName"="HP NetServer 10/100TX PCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10CF1115]
@DACL=(02 0000)
"DisplayName"="Intel 8255x-based PCI Ethernet Adapter (10/100)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10CF1143]
@DACL=(02 0000)
"DisplayName"="Intel 8255x-based PCI Ethernet Adapter (10/100)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_10CF1188]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VM Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_110A0019]
@DACL=(02 0000)
"DisplayName"="Fujitsu Siemens Computers 82558-based Onboard Ethernet with WoL"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_110A0031]
@DACL=(02 0000)
"DisplayName"="Fujitsu Siemens Computers Server Onboard LAN with Intel 82558"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_110A0037]
@DACL=(02 0000)
"DisplayName"="Fujitsu Siemens Computers 82559-based Onboard Ethernet with WoL"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_110A004B]
@DACL=(02 0000)
"DisplayName"="Fujitsu Siemens Computers 82559-based Onboard Ethernet with WoL and AoL"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_110A6608]
@DACL=(02 0000)
"DisplayName"="Fujitsu Siemens Computers Server Onboard LAN with Intel 82558"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_110A6618]
@DACL=(02 0000)
"DisplayName"="Fujitsu Siemens Computers Server Onboard LAN with Intel 82559C"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_11790001]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_11790003]
@DACL=(02 0000)
"DisplayName"="Intel 8255x-based Fast Ethernet"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_144D2501]
@DACL=(02 0000)
"DisplayName"="Samsung SEM-2000 MiniPCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_144D2502]
@DACL=(02 0000)
"DisplayName"="Samsung SEM-2100iL MiniPCI LAN Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860001]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100B PCI Adapter (TX)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860002]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100B PCI Adapter (T4)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860003]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/10+ PCI Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860004]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 WfM PCI Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860005]
@DACL=(02 0000)
"DisplayName"="Intel 82557-based Integrated Ethernet PCI (10/100)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860006]
@DACL=(02 0000)
"DisplayName"="Intel 82557-based Integrated Ethernet with Wake on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860007]
@DACL=(02 0000)
"DisplayName"="Intel 82558-based Integrated Ethernet"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860008]
@DACL=(02 0000)
"DisplayName"="Intel 82558-based Integrated Ethernet with Wake on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860009]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ PCI Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086000A]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086000B]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086000C]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086000D]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Alert on LAN* 2 Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086000E]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Alert on LAN* Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086000F]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860011]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Advanced Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860013]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Advanced Management Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860030]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Management Adapter with Alert On LAN* GC"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860031]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860040]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860041]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860042]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860050]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860051]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860060]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S+ Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860070]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 M Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80860071]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 M Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861009]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086100C]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Server Adapter (PILA8470B)"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861013]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861014]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861015]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861016]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861017]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861030]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Management Adapter with Alert On LAN* G Server"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861040]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861041]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861042]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861050]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861051]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861052]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80861060]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S+ Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_808610F0]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Dual Port Server Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862009]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086200D]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 CardBus II"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086200E]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 LAN+Modem56 CardBus II"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086200F]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SR Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862010]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862011]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862013]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SR Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862014]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 R Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862015]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 R Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862016]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862017]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Combo Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862018]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SR Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862019]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SR Combo Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862100]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI Type 3A"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862101]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862102]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862103]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862104]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862105]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862106]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862107]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862108]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862200]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862201]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862202]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862203]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862204]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862205]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862206]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862207]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862208]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862402]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862407]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862408]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862409]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_8086240F]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862410]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862411]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862412]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80862413]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100+ Mini PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863000]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LAN on Motherboard"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863001]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN*"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863002]
@DACL=(02 0000)
"DisplayName"="Intel® 82559 Fast Ethernet LOM with Alert on LAN* 2"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863006]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863007]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863008]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863010]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 S Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863011]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863013]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_1229\SUBSYS_80863014]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 SP Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_0E110012]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VM Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_0E110091]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_101401CE]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_101401DC]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_101401EB]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_101401EC]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140202]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140205]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140209]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140217]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140234]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_1014023D]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140244]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140245]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140265]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10140267]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_1014026A]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_109F315D]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_109F3181]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_10CF1188]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_1179FF01]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_11867801]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_144D2503]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_144D2601]
@DACL=(02 0000)
"DisplayName"="Samsung HomePNA 1M PCI"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_144D2602]
@DACL=(02 0000)
"DisplayName"="Samsung HomePNA 1M CNR"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_14A42126]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_14A42147]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_14A42149]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_15099011]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863010]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863011]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VM Desktop Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863012]
@DACL=(02 0000)
"DisplayName"="82562EH based Phoneline Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863013]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VE Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863014]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 VM Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863015]
@DACL=(02 0000)
"DisplayName"="82562EH based Phoneline Network Connection"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863016]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Combo Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863017]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 P Mobile Adapter"

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters\VEN_8086&DEV_2449\SUBSYS_80863018]
@DACL=(02 0000)
"DisplayName"="Intel® PRO/100 Network Connection"
.
Completion time: 2011-02-05 11:27:47
ComboFix-quarantined-files.txt 2011-02-05 16:27
ComboFix2.txt 2011-02-05 15:06

Pre-Run: 7,648,145,408 bytes free
Post-Run: 7,634,718,720 bytes free

- - End Of File - - C2F3785D2BCD95B02741700E18F6881C
  • 0

#22
JSntgRvr
Posted 05 February 2011 - 11:37 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Another set of locked registry entries have appeared. Never seen these before but, the default values are saying that there aren't any 'Denied' permissions, but it also means there aren't any 'Allowed' permissions. This means that you do NOT have permissions to ... read, modify, or delete the key. Lets attempt to restore the permissions. Download the enclosed file to the desktop.

Overwrite the existing one and save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.
  • 0

#23
woods003
Posted 05 February 2011 - 05:05 PM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the log from the second run. Just to let you know first my Virus scan program keeps removing combofix from the desktop. When I downloaded to run the second CFScript it stated that there was a new version so I told it to go ahead and download it. As a piece of that process it restarted combofix and I was not sure if it still took the CFScript file in as input since for the intial run I had dropped it on the icon.

ComboFix 11-02-05.01 - BonnieWoods 02/05/2011 16:19:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2049 [GMT -5:00]
Running from: c:\documents and settings\BonnieWoods\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BonnieWoods\Desktop\CFScript2.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 16:40 . 2011-02-05 16:42 -------- d-----w- c:\documents and settings\BonnieWoods\Application Data\PCDr
2011-02-05 14:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-02-05 14:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-02-28 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-02-28 22:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-05_16.24.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-05 16:32 . 2011-02-05 16:32 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2004-12-21 03:51 . 2011-02-05 16:58 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-21 03:51 . 2011-02-05 02:53 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-02-05 16:58 . 2011-02-05 16:58 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-07 245760]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-06 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-18 26112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-17 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
WinZip Quick Pick.lnk - f:\program files\WinZip\WZQKPICK.EXE [2007-2-24 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"f:\\VideoSpin\\Programs\\RM.exe"=
"f:\\VideoSpin\\Programs\\umi.exe"=
"f:\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/5/2010 9:09 PM 207280]
R1 crlscsi;crlscsi;c:\windows\SYSTEM32\DRIVERS\crlscsi.sys [3/2/2005 9:25 PM 6144]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [12/20/2010 4:36 PM 84072]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/5/2010 9:11 PM 198608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/31/2009 9:22 AM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/20/2010 4:36 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/20/2010 4:36 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/20/2010 4:37 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [12/20/2010 4:37 PM 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2008 2:21 PM 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [12/20/2010 4:36 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [12/20/2010 4:36 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [12/20/2010 4:36 PM 88544]
S2 gupdate1c9a2a26e3d600c;Google Update Service (gupdate1c9a2a26e3d600c);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 6:37 PM 133104]
S3 hpddndnt;HP DeskDirect Ethernet Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\hpddnd4.sys [11/5/1999 1:37 PM 35088]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [12/20/2010 4:36 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [12/20/2010 4:36 PM 84264]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/10/2008 5:56 AM 365280]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 23:37]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 23:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.catawbarod.org/controls/LTOCX14N.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.catawbarod.org/controls/prntpro2.CAB
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-05 16:34:55
ComboFix-quarantined-files.txt 2011-02-05 21:34
ComboFix2.txt 2011-02-05 16:27
ComboFix3.txt 2011-02-05 15:06

Pre-Run: 7,512,252,416 bytes free
Post-Run: 7,552,098,304 bytes free

- - End Of File - - A4DCE49B0AE85FBBD750033BFEDD6111
  • 0

#24
JSntgRvr
Posted 05 February 2011 - 06:49 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Combofix can be detected as malware by certain Anti-virus applications.

The log looks clear now. How is the computer doing?
  • 0

#25
woods003
Posted 05 February 2011 - 06:57 PM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
My wife has been using it and it appeas to be running fine. I have gone through several reboots throughout the day and no issues. So far so good.

Thanks so much for your help
  • 0

Advertisements

#26
JSntgRvr
Posted 05 February 2011 - 07:03 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Congratulations.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix:

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Please download OTC by OldTimer.
  • Save it to your desktop.
  • Please double-click OTC.exe to run it. (Vista users, please right click on OTC.exe and select "Run as an Administrator")
  • This will delete the tools we used in the removal of malware, including this program.
  • If you are asked to reboot to complete the removal process then please do so
Upon restart, manually remove any remaining tools.

Create a Restore point:

  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#27
woods003
Posted 05 February 2011 - 07:24 PM

woods003

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK....I will go through the system restore process you outlined and the process to remove the utilities installed during this process.....once again thanks...
  • 0

#28
JSntgRvr
Posted 21 February 2011 - 09:46 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP