[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 07:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 08:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\system32\srsvc.dll
[-] 2004-08-04 08:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\system32\wscntfy.exe
[-] 2004-08-04 08:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 08:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll
[-] 2004-08-04 08:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
c:\windows\system32\appmgmts.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-11_21.45.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 22:11 . 2009-08-12 22:11 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2001-01-17 07:46 . 2009-08-12 19:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2001-01-17 07:46 . 2009-08-11 20:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2001-01-17 07:46 . 2009-08-12 19:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2001-01-17 07:46 . 2009-08-11 20:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-12 22:10 . 2009-08-12 22:10 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-12 22:10 . 2009-08-12 22:10 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-12 22:10 . 2009-08-12 22:10 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-11 21:42 . 2009-08-11 21:42 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-12 22:10 . 2009-08-12 22:10 245760 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 245760 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-12 22:10 . 2009-08-12 22:10 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-12 22:11 . 2009-08-12 22:11 245760 c:\windows\ERDNT\AutoBackup\8-12-2009\Users\00000002\UsrClass.dat
+ 2009-08-12 22:11 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\8-12-2009\ERDNT.EXE
- 2009-08-11 21:42 . 2009-08-11 21:42 4489216 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-12 22:10 . 2009-08-12 22:10 4489216 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-12 22:11 . 2009-08-12 22:11 4489216 c:\windows\ERDNT\AutoBackup\8-12-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-19 1830128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-27 413696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-22 331830]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-02-21 28675]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2001-05-29 124416]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-19 19:47 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 07:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 08:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\system32\srsvc.dll
[-] 2004-08-04 08:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\system32\wscntfy.exe
[-] 2004-08-04 08:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 08:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll
[-] 2004-08-04 08:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
c:\windows\system32\appmgmts.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-11_21.45.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 22:11 . 2009-08-12 22:11 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2001-01-17 07:46 . 2009-08-12 19:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2001-01-17 07:46 . 2009-08-11 20:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2001-01-17 07:46 . 2009-08-12 19:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2001-01-17 07:46 . 2009-08-11 20:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-12 22:10 . 2009-08-12 22:10 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-12 22:10 . 2009-08-12 22:10 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-12 22:10 . 2009-08-12 22:10 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-11 21:42 . 2009-08-11 21:42 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-12 22:10 . 2009-08-12 22:10 245760 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 245760 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-11 21:42 . 2009-08-11 21:42 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-12 22:10 . 2009-08-12 22:10 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-12 22:11 . 2009-08-12 22:11 245760 c:\windows\ERDNT\AutoBackup\8-12-2009\Users\00000002\UsrClass.dat
+ 2009-08-12 22:11 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\8-12-2009\ERDNT.EXE
- 2009-08-11 21:42 . 2009-08-11 21:42 4489216 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-12 22:10 . 2009-08-12 22:10 4489216 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-12 22:11 . 2009-08-12 22:11 4489216 c:\windows\ERDNT\AutoBackup\8-12-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-19 1830128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-27 413696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-22 331830]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-02-21 28675]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"SoundMan"="soundman.exe" - c:\windows\soundman.exe [2001-05-29 124416]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-19 19:47 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)