Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Vundo !grb


  • This topic is locked This topic is locked
20 replies to this topic

#1 SophiXx

SophiXx

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 May 2009 - 12:11 PM

Hiya,

Recently I got infected with this Trojan and I am having trouble getting rid of it. Scans say it is removed but Firefox pop-ups keep appearing and McAfee keeps finding new ones. I haven't downloaded any new programs (knowingly) recently so I don't know how I got it.

I would really appreciate it if anyone can help me out!

Sophie


DDS (Ver_09-05-14.01) - NTFSx86
Run by SOPHIE WALSH at 17:28:28.78 on 15/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.99 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Sky Alerts\skinker.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Leicester City - DNA\app.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\SOPHIE WALSH\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 82.94.187.199:1080 local;*.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9051c2ba-ad1d-450d-b9d4-878effd9d670} - c:\windows\system32\dugevasu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} -
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Sky Alerts] "c:\program files\sky alerts\skinker.exe"
uRun: [Leicester City - Desktop News Alerts] c:\program files\leicester city - dna\launch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CONNECTScheduler] "c:\program files\sony\connectautoupdate\CONNECTScheduler.exe" /RUN_SCHEDULER
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl05a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [yigumiliye] Rundll32.exe "c:\windows\system32\pasebewu.dll",s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [bc6b74ba] rundll32.exe "c:\windows\system32\yetusuya.dll",b
mRun: [CPMbf584726] Rundll32.exe "c:\windows\system32\lifuremi.dll",a
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\sophie~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\sophie~1\startm~1\programs\startup\skyale~1.lnk - c:\program files\sky alerts\skinker.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\wiwonahu.dll c:\windows\system32\lifuremi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lifuremi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\lifuremi.dll
LSA: Notification Packages = scecli c:\windows\system32\wiwonahu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sophie~1\applic~1\mozilla\firefox\profiles\q6mnx55g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://webmail.hermes.cam.ac.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-15 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-15 108552]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-1 55152]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-2-23 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-2-23 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-2-23 170408]

=============== Created Last 30 ================

2009-05-15 08:23 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-05-15 08:14 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-05-15 08:14 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-05-15 08:14 325,896 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-05-15 08:14 <DIR> -cd----- c:\windows\system32\drivers\Avg
2009-05-15 08:14 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-30 20:22 3,532 ac------ C:\drmHeader.bin
2009-04-17 23:06 28,160 ac------ c:\windows\system32\irmon.dll
2009-04-17 23:06 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-04-17 23:06 151,552 ac------ c:\windows\system32\irftp.exe
2009-04-17 23:06 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-04-17 23:06 8,192 ac------ c:\windows\system32\wshirda.dll
2009-04-17 23:06 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll

==================== Find3M ====================

2009-05-15 15:35 81,408 ac-sh--- c:\windows\system32\lifuremi.dll
2009-05-15 15:35 80,384 ac-sh--- c:\windows\system32\yetusuya.dll
2009-05-15 03:35 48,640 ac-sh--- c:\windows\system32\zahutova.dll
2009-05-15 03:35 81,408 ac-sh--- c:\windows\system32\hunitenu.dll
2009-05-15 03:35 79,872 ac-sh--- c:\windows\system32\fegejuno.dll
2009-05-14 14:35 79,872 -c------ c:\windows\system32\sajopolu.dll
2009-03-13 12:36 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 15:22 284,160 ac------ c:\windows\system32\pdh.dll
2009-02-20 09:10 666,112 ac------ c:\windows\system32\wininet.dll
2009-02-20 09:10 81,920 ac------ c:\windows\system32\ieencode.dll
2009-02-15 03:36 48,640 ac-sh--- c:\windows\system32\wiwonahu.dll
2009-02-15 03:36 48,640 ac-sh--- c:\windows\system32\pasebewu.dll
2009-02-15 03:36 48,640 ac-sh--- c:\windows\system32\dugevasu.dll
2009-01-15 18:00 41,248 ac------ c:\documents and settings\all users\sysinfo.zip
2008-12-23 17:39 0 ac------ c:\docume~1\sophie~1\applic~1\wklnhst.dat
2008-05-26 15:48 1,318,047 ac------ c:\documents and settings\sophie walsh\repairsetup.exe
2007-10-31 11:52 1,044,173 ac------ c:\documents and settings\sophie walsh\testmh240.exe

============= FINISH: 17:33:06.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 15 May 2009 - 03:19 PM

Hi sophiXx,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 May 2009 - 03:36 PM

Hi m0le

Thank you for your reply...i am still here!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 15 May 2009 - 03:44 PM

:thumbup2:

Remember that I will have to check all the steps with a coach first so it may take a bit of time.

You have Vundo which is quite a nasty and difficult to remove infection. Please don't run any other tools other than those I ask you to as this infection has the ability to get nastier.

Don't worry, you're in safe hands at Bleeping Computer. :)
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 18 May 2009 - 03:00 AM

Hi sophiXx,

If you have any questions about the fix please post me before you attempt anything.

First thing is...

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either xxxx or xxxx.


On with the fix now

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


And then...

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 18 May 2009 - 10:19 AM

Here's what i got from GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-18 16:14:19
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB38CB57B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB38CB4FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB38CB5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB38CB50F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB38CB53B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB38CB5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB38CB4E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB38CB58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB38CB525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB38CB551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB38CB567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB38CB5E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB38CB5B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B38CB5BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B38CB57F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B38CB5D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B38CB5E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B38CB593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B38CB5A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B38CB56B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP B38CB555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP B38CB529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP B38CB4FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP B38CB513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP B38CB53F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP B38CB4EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\Drivers\avgtdix.sys The system cannot find the path specified. !
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00710078
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710067
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710040
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710F83
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0071001B
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00710F5E
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007100A6
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00710F43
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007100D2
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00710F32
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00710F9E
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00710089
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00710FAF
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00710FC0
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007100C1
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0070001B
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00700F9B
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00700062
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00700FE5
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00700051
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00700036
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F0FA6
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0FB7
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0FD2
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F0031
.text C:\WINDOWS\system32\svchost.exe[176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0000
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01B8000A
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01B8005E
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01B80F5F
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01B80F70
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01B80F8D
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01B8002F
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01B80F16
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01B80F27
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01B80083
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01B80EEA
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01B80094
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01B80F9E
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01B80FEF
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01B80F44
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01B80FC3
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01B80FD4
.text C:\WINDOWS\Explorer.EXE[332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01B80EFB
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01B70FA5
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01B70F80
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01B70000
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01B70FD4
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01B70047
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01B70FE5
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01B7002C
.text C:\WINDOWS\Explorer.EXE[332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01B70011
.text C:\WINDOWS\Explorer.EXE[332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B6002E
.text C:\WINDOWS\Explorer.EXE[332] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B60FAD
.text C:\WINDOWS\Explorer.EXE[332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B6001D
.text C:\WINDOWS\Explorer.EXE[332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B60000
.text C:\WINDOWS\Explorer.EXE[332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B60FC8
.text C:\WINDOWS\Explorer.EXE[332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B60FE3
.text C:\WINDOWS\Explorer.EXE[332] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 01B50FD4
.text C:\WINDOWS\Explorer.EXE[332] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01B50FE5
.text C:\WINDOWS\Explorer.EXE[332] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01B50FB9
.text C:\WINDOWS\Explorer.EXE[332] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01B50FA8
.text C:\WINDOWS\Explorer.EXE[332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01AC0FEF
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F88
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A8007D
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80FA3
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80FCA
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80047
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A800B3
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A800A2
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A80F49
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A800E2
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A80F2E
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80062
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80F77
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80036
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A80025
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A80F5A
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F94
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F97
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920022
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FBC
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00910FB7
.text C:\WINDOWS\system32\svchost.exe[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01540000
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01540F8A
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01540F9B
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01540FAC
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0154005F
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0154003D
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 015400AB
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01540F63
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015400CD
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 015400BC
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01540F23
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0154004E
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01540011
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0154009A
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01540022
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01540FDB
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01540F3E
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01530FD4
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0153004A
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0153001B
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01530FEF
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01530F8D
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01530000
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01530F9E
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [73, 89] {JAE 0xffffffffffffff8b}
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01530FC3
.text C:\WINDOWS\system32\services.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01520047
.text C:\WINDOWS\system32\services.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 01520036
.text C:\WINDOWS\system32\services.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01520FC6
.text C:\WINDOWS\system32\services.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01520000
.text C:\WINDOWS\system32\services.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0152001B
.text C:\WINDOWS\system32\services.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01520FD7
.text C:\WINDOWS\system32\services.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0141000A
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0141007F
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01410F94
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01410FA5
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01410062
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01410FDB
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01410F41
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01410F52
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014100D0
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014100B5
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014100E1
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01410FC0
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0141001B
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01410F79
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01410047
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0141002C
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014100A4
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01400FB9
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01400F83
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01400FCA
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01400FEF
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01400040
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01400000
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0140002F
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01400FA8
.text C:\WINDOWS\system32\lsass.exe[896] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0053
.text C:\WINDOWS\system32\lsass.exe[896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\lsass.exe[896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\lsass.exe[896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\lsass.exe[896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0042
.text C:\WINDOWS\system32\lsass.exe[896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF001D
.text C:\WINDOWS\system32\lsass.exe[896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F7A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D0006F
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0005E
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00FA1
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00043
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D000B6
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D000A5
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000FD
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000E2
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F53
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FB2
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D0008A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D0001E
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FCD
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D000C7
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0F79
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0FC3
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0014
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE003A
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0029
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FC3
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0018
.text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90FC0
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F9008E
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F9007D
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900F7
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F900DC
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F9012A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90119
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F9014F
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90062
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90011
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F900BF
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90FDB
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9002C
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F90108
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80033
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8004E
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80022
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F91
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80FAC
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80FC7
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70F75
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70F90
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FC6
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FE3
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FAB
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02050FE5
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02050062
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02050051
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02050F77
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02050F94
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0205002F
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02050F30
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02050F41
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 020500B8
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0205009D
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02050F04
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02050040
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0205000A
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02050F52
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02050FC3
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02050FD4
.text C:\WINDOWS\System32\svchost.exe[1328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02050F1F
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02030FB9
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02030065
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02030000
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02030FD4
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02030FA8
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02030FEF
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02030040
.text C:\WINDOWS\System32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02030025
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01F70064
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!system 77C293C7 5 Bytes JMP 01F7003F
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01F7001D
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01F70FEF
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01F7002E
.text C:\WINDOWS\System32\svchost.exe[1328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01F70000
.text C:\WINDOWS\System32\svchost.exe[1328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01F5000A
.text C:\WINDOWS\System32\svchost.exe[1328] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 01F60FDE
.text C:\WINDOWS\System32\svchost.exe[1328] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01F60FEF
.text C:\WINDOWS\System32\svchost.exe[1328] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01F60FC1
.text C:\WINDOWS\System32\svchost.exe[1328] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01F60014
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00930093
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930F94
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00930062
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00930F4B
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00930F72
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00930F1F
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009300AE
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00930F0E
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930F83
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00930F30
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920FDB
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920F8D
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0092002C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920F9E
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00920FAF
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B2, 88] {MOV DL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910F9E
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910029
.text C:\WINDOWS\system32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910018
.text C:\WINDOWS\system32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00073
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00062
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00051
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00040
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A000A1
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F59
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000E8
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A000CD
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A00F3E
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F94
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00084
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00FAF
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A000BC
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0011
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F6F
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FCA
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0F8A
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0FA5
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F002C
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F75
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0F90
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FE3
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FA1
.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FD2
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70097
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70086
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70FAC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70069
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F60
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F700A8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70F3B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700D4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70F16
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70058
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F7D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F7002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F700C3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60022
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FC0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60F6F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60F94
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50F81
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50F9C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FB7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F5000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0F55
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0F66
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0040
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C002F
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0014
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0F29
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C0F44
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0EFD
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C0F18
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C00B1
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C0F83
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0065
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0FA8
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0FB9
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C0096
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B0FC3
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0F97
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0FA8
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008B004A
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0025
.text C:\WINDOWS\system32\svchost.exe[2732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0FC3
.text C:\WINDOWS\system32\svchost.exe[2732] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A004E
.text C:\WINDOWS\system32\svchost.exe[2732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0022
.text C:\WINDOWS\system32\svchost.exe[2732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[2732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A003D
.text C:\WINDOWS\system32\svchost.exe[2732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0011
.text C:\WINDOWS\system32\svchost.exe[2732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00890000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01B90FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01B90F52
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01B90051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01B90F77
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01B90F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01B9002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01B90F35
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01B9007D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01B900C4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01B900A9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01B90F10
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01B90FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01B90000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01B90062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01B90011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01B90FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01B90098
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01B70FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01B70F90
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01B70FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01B70014
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01B7004D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01B70FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01B70FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01B70FBC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B60042
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B60FB7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B6001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B60000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B60FD2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B60FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[3960] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B50FE5

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat B2387D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:5128] B2A4A1F0
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\avgrsstx.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [836] 0x6C1B0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0eb0b
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 533168
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728684B8-F03A-47FB-AE37-86CB852CE7F7}@LeaseObtainedTime 1242652539
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728684B8-F03A-47FB-AE37-86CB852CE7F7}@T1 1242652689
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728684B8-F03A-47FB-AE37-86CB852CE7F7}@T2 1242652801
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728684B8-F03A-47FB-AE37-86CB852CE7F7}@LeaseTerminatesTime 1242652839
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728684B8-F03A-47FB-AE37-86CB852CE7F7}@DhcpRetryTime 145
Reg HKLM\SYSTEM\CurrentControlSet\Services\{728684B8-F03A-47FB-AE37-86CB852CE7F7}\Parameters\Tcpip@LeaseObtainedTime 1242652539
Reg HKLM\SYSTEM\CurrentControlSet\Services\{728684B8-F03A-47FB-AE37-86CB852CE7F7}\Parameters\Tcpip@T1 1242652689
Reg HKLM\SYSTEM\CurrentControlSet\Services\{728684B8-F03A-47FB-AE37-86CB852CE7F7}\Parameters\Tcpip@T2 1242652801
Reg HKLM\SYSTEM\CurrentControlSet\Services\{728684B8-F03A-47FB-AE37-86CB852CE7F7}\Parameters\Tcpip@LeaseTerminatesTime 1242652839
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0eb0b

---- EOF - GMER 1.0.15 ----

I will just do the second one...thanks for your help

Soph

#7 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 18 May 2009 - 10:28 AM

And here is the output from OTViewIt:

OTViewIt logfile created on: 18/05/2009 16:20:37 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\SOPHIE WALSH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.97 Mb Total Physical Memory | 286.55 Mb Available Physical Memory | 32.05% Memory free
2.12 Gb Paging File | 1.35 Gb Available in Paging File | 63.71% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.93 Gb Total Space | 65.44 Gb Free Space | 44.84% Space Free | Partition Type: NTFS
Drive D: | 606.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPHIE
Current User Name: SOPHIE WALSH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/01 04:48:28 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/01 04:48:26 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
[2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
[2006/09/22 11:06:26 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/09/22 11:47:54 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/11/01 04:48:28 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2005/05/17 17:42:32 | 00,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
[2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2006/01/07 01:36:10 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
[2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[2009/03/13 12:36:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/03/15 12:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
[2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2009/01/09 16:54:42 | 02,262,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2009/04/25 23:57:16 | 00,626,688 | ---- | M] (Turtlez Ltd) -- C:\Program Files\Leicester City - DNA\app.exe
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2009/01/09 19:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
[2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[2009/01/09 20:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
[2009/03/13 12:36:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
[2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
[2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[2009/01/14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
[2005/04/23 19:12:00 | 00,802,816 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[2006/10/03 11:35:42 | 00,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2006/10/03 11:39:58 | 00,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
[2008/04/19 14:58:41 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/05/18 16:19:51 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/04/13 04:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
[2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
[2007/03/19 12:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2009/02/06 17:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
[2007/07/25 03:33:44 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/03/13 12:36:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
[2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Unknown | Running])
[2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Unknown | Running])
[2005/11/24 16:03:22 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/11/24 15:57:44 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2009/01/14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
[2006/04/11 11:08:16 | 00,079,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service [On_Demand | Stopped])
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2005/11/24 15:47:30 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/01/06 21:25:12 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2006/11/01 04:48:28 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/10/11 12:43:56 | 01,777,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
File not found -- -- (AvgTdiX [Disabled | Running])
[2006/11/03 06:34:00 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2006/08/17 13:55:16 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2008/04/14 00:16:34 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/06/13 12:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/14 00:16:30 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2009/02/06 17:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
[2009/01/15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/01 07:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/01 07:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2005/10/05 04:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/30 09:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
[2006/11/30 09:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2006/11/30 09:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/02/22 21:50:00 | 00,170,408 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
[2006/11/30 09:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
[2006/11/30 09:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 03:53:30 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008/04/14 00:16:34 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2005/07/14 23:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2008/04/14 00:06:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 00:10:48 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/14 00:10:48 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/09/22 11:06:26 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/09/22 11:47:52 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2005/12/01 07:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 00:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 82.94.187.199:1080 local;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
"provider"=yaho

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 82.94.187.199:1080 local;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{9051c2ba-ad1d-450d-b9d4-878effd9d670} (HKLM) -- C:\WINDOWS\system32\dugevasu.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"bc6b74ba"=rundll32.exe "C:\WINDOWS\system32\fovativu.dll",b ()
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER (Sony Corporation)
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
"CPMbf584726"=Rundll32.exe "c:\windows\system32\lepopoka.dll",a ()
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"yigumiliye"=Rundll32.exe "C:\WINDOWS\system32\pasebewu.dll",s ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"Leicester City - Desktop News Alerts"=C:\Program Files\Leicester City - DNA\launch.exe (Turtlez Ltd)
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe ()
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sky Alerts"="C:\Program Files\Sky Alerts\skinker.exe" (Skinkers Communications)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"Leicester City - Desktop News Alerts"=C:\Program Files\Leicester City - DNA\launch.exe (Turtlez Ltd)
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe ()
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sky Alerts"="C:\Program Files\Sky Alerts\skinker.exe" (Skinkers Communications)

========== (O4) Startup Folders ==========

[2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
[2005/04/23 19:12:00 | 00,802,816 | ---- | M] (Brother Industries, Ltd.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[2008/12/15 13:40:44 | 00,384,000 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Documents and Settings\SOPHIE WALSH\Start Menu\Programs\Startup\Sky Alerts.lnk = C:\Program Files\Sky Alerts\skinker.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoUpdateCheck"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"LinkResolveIgnoreLinkInfo"=0
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"LinkResolveIgnoreLinkInfo"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"LinkResolveIgnoreLinkInfo"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 14:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 14:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
54 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
54 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}: http://dl.tvunetworks.com/TVUAx.cab -- CTVUAxCtrl Object
{814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}: http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab -- DASWebDownload Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Value does not exist or could not be read.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12

========== (O17) DNS Name Servers ==========

{3291F7E1-0D6D-44E3-8CEF-7C8C35EBC0E9} (Servers: | Description: Dell Wireless 1390 WLAN Mini-Card)
{728684B8-F03A-47FB-AE37-86CB852CE7F7} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\wiwonahu.dll c:\windows\system32\lepopoka.dll
>[2009/02/15 03:36:02 | 00,048,640 | -HS- | M] () -- C:\WINDOWS\system32\wiwonahu.dll
>[2009/05/18 12:43:38 | 00,081,920 | -HS- | M] () -- c:\WINDOWS\system32\lepopoka.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\lepopoka.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\lepopoka.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[AUTORUN] | open=menu.exe | icon=menuicon.ico | ]
[2007/08/22 12:38:20 | 00,000,045 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/18 16:19:50 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTViewIt.exe
[2009/05/18 14:05:27 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\u2rqns1l.exe
[2009/05/15 17:26:55 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\dds.scr
[2009/05/15 08:14:55 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/05/15 08:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/15 08:04:36 | 64,852,304 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515(2).exe
[2009/05/14 17:18:15 | 11,907,670 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515.exe
[2009/05/04 14:07:30 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\wmpfirefoxplugin.exe
[2009/05/03 14:10:16 | 00,012,439 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\coacj.odt
[2009/04/30 20:22:54 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2009/04/25 19:53:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SOPHIE WALSH\Desktop\City pics

========== Files - Modified Within 30 Days ==========

[2009/05/18 16:23:22 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\widobemo
[2009/05/18 16:19:51 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTViewIt.exe
[2009/05/18 14:05:27 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\u2rqns1l.exe
[2009/05/18 12:43:39 | 00,078,848 | -HS- | M] () -- C:\WINDOWS\System32\fovativu.dll
[2009/05/18 12:43:38 | 00,081,920 | -HS- | M] () -- C:\WINDOWS\System32\lepopoka.dll
[2009/05/17 22:31:51 | 00,081,920 | -HS- | M] () -- C:\WINDOWS\System32\zuyukibe.dll
[2009/05/17 22:31:50 | 00,078,848 | -HS- | M] () -- C:\WINDOWS\System32\nazatibo.dll
[2009/05/17 10:49:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 10:49:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 10:49:05 | 93,747,2000 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/17 10:31:36 | 00,078,848 | ---- | M] () -- C:\WINDOWS\System32\kedidabo.dll
[2009/05/17 10:31:35 | 00,081,920 | -HS- | M] () -- C:\WINDOWS\System32\dawivahe.dll
[2009/05/16 22:31:12 | 00,081,920 | -HS- | M] () -- C:\WINDOWS\System32\yirigewa.dll
[2009/05/16 10:30:58 | 00,081,920 | -HS- | M] () -- C:\WINDOWS\System32\kajopezi.dll
[2009/05/16 10:30:57 | 00,079,360 | -HS- | M] () -- C:\WINDOWS\System32\koyojudu.dll
[2009/05/15 17:26:59 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\dds.scr
[2009/05/15 15:35:51 | 00,081,408 | -HS- | M] () -- C:\WINDOWS\System32\lifuremi.dll
[2009/05/15 11:52:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/15 08:14:55 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/05/15 08:05:03 | 64,852,304 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515(2).exe
[2009/05/15 03:35:51 | 00,048,640 | -HS- | M] () -- C:\WINDOWS\System32\zahutova.dll
[2009/05/15 03:35:21 | 00,081,408 | -HS- | M] () -- C:\WINDOWS\System32\hunitenu.dll
[2009/05/15 03:35:21 | 00,079,872 | -HS- | M] () -- C:\WINDOWS\System32\fegejuno.dll
[2009/05/14 17:22:34 | 11,907,670 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515.exe
[2009/05/14 16:05:47 | 09,110,968 | -H-- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Local Settings\Application Data\IconCache.db
[2009/05/13 22:48:56 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/13 20:57:03 | 00,000,450 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/05/04 14:07:31 | 00,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\wmpfirefoxplugin.exe
[2009/05/03 14:10:19 | 00,012,439 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\coacj.odt
[2009/05/02 21:57:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 20:23:23 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/04/24 15:20:10 | 00,477,404 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/24 15:20:10 | 00,406,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/24 15:20:10 | 00,064,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

And here is the Extras file:

OTViewIt Extras logfile created on: 18/05/2009 16:20:37 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\SOPHIE WALSH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.97 Mb Total Physical Memory | 286.55 Mb Available Physical Memory | 32.05% Memory free
2.12 Gb Paging File | 1.35 Gb Available in Paging File | 63.71% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.93 Gb Total Space | 65.44 Gb Free Space | 44.84% Space Free | Partition Type: NTFS
Drive D: | 606.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPHIE
Current User Name: SOPHIE WALSH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 17:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
[2007/06/21 21:56:14 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/04/19 14:58:47 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2009/04/29 13:33:52 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/03/13 12:36:13 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
[2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 17:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/10/29 15:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
[2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/14 05:42:40 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 17:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 01:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 17:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 17:53:40 | 00,791,392 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}"=LG PC Suite II
"{162B71B8-8464-4680-A086-601D555B331D}"=Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java™ 6 Update 12
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}"=McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}"=Windows Live Photo Gallery
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}"=LG PC Suite II
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}"=Junk Mail filter update
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}"=Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}"=Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}"=Windows Live Family Safety
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}"=Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}"=Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}"=Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}"=Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}"=Microsoft Search Enhancement Pack
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.4
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}"=PaperPort
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}"=Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}"=Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B6F7DBE7-2FE2-458F-A738-B10832746036}"=Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}"=Brother MFL-Pro Suite
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}"=Microsoft Sync Framework Services Native v1.0 (x86)
"{C151CE54-E7EA-4804-854B-F515368B0798}"=AMD Processor Driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}"=Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}"=OpenMG Secure Module 4.4.00
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}"=Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}"=CONNECT Player Language Pack
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}"=CONNECT Player
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}"=ATI Catalyst Control Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}"=Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}"=Broadcom Management Programs
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Advanced SystemCare 3_is1"=Advanced SystemCare 3
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"CONNECTAutoUpdate"=CONNECT Auto Update
"FoxyTunesForFirefox"=FoxyTunes for Firefox
"Google Desktop"=Google Desktop
"Graboid Video"=Graboid Video 1.4
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}"=OpenMG Secure Module 4.4.00
"Leicester City - DNA_is1"=Leicester City - DNA 2.02
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla ActiveX Control v1.7.12"=Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.4-05-12-06-01"=OpenMG Limited Patch 4.4-06-13-19-01
"R for Windows 2.8.1_is1"=R for Windows 2.8.1
"RealPlayer 6.0"=RealPlayer
"SearchAssist"=SearchAssist
"Sky Alerts"=Sky Alerts (remove only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"VLC media player"=VideoLAN VLC media player 0.8.6d
"Vuze"=Vuze
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinLiveSuite_Wave3"=Windows Live Essentials
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2009 12:09:50 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 30/04/2009 04:08:31 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 02/05/2009 14:51:43 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 13/05/2009 08:20:46 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 14/05/2009 10:01:52 | Computer Name = SOPHIE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4876 (0x130c) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.101
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\widobemo

by C:\Program Files\Brother\ControlCenter2\brctrcen.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 14/05/2009 10:02:08 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 15/05/2009 12:42:54 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 16/05/2009 10:55:36 | Computer Name = SOPHIE | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 16/05/2009 10:55:46 | Computer Name = SOPHIE | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 17/05/2009 05:50:04 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ OSession Events ]
Error - 03/11/2008 16:47:25 | Computer Name = SOPHIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 04/05/2009 19:34:22 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 04/05/2009 20:15:03 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 04/05/2009 20:23:26 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 04/05/2009 20:26:27 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 18 May 2009 - 01:51 PM

Hi sophiXx,

Thanks for the logs.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    C:\WINDOWS\system32\dugevasu.dll
    c:\windows\system32\lepopoka.dll
    C:\WINDOWS\system32\pasebewu.dll
    C:\WINDOWS\system32\wiwonahu.dll
    C:\Documents and Settings\SOPHIE WALSH\Desktop\u2rqns1l.exe
    C:\WINDOWS\System32\widobemo
    C:\WINDOWS\System32\fovativu.dll
    C:\WINDOWS\System32\zuyukibe.dll
    C:\WINDOWS\System32\nazatibo.dll
    C:\WINDOWS\System32\kedidabo.dll
    C:\WINDOWS\System32\dawivahe.dll
    C:\WINDOWS\System32\yirigewa.dll
    C:\WINDOWS\System32\kajopezi.dll
    C:\WINDOWS\System32\koyojudu.dll
    C:\WINDOWS\System32\lifuremi.dll
    C:\WINDOWS\System32\zahutova.dll
    C:\WINDOWS\System32\hunitenu.dll
    C:\WINDOWS\System32\fegejuno.dll
    c:\windows\system32\sajopolu.dll
    c:\windows\system32\yetusuya.dll
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9051c2ba-ad1d-450d-b9d4-878effd9d670}]
    [-HKEY_CLASSES_ROOT\CLSID\{9051c2ba-ad1d-450d-b9d4-878effd9d670}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E}]
    [-HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CPMbf584726"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "yigumiliye"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
    SharedTaskScheduler\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please also post a fresh OTViewIt log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 May 2009 - 03:49 AM

I tried to that but OTMoveIt stops responding midway through the move. I tried leaving it but it still wasn't responding and so i trid closing it and starting again but it did the same this. When i look at task manager it reckons that there are 2 different OTMoveIts open when there is only one. What should I do?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 19 May 2009 - 12:29 PM

Hi sophiXx,

Let's try a stronger approach.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 19 May 2009 - 01:44 PM

Here's my ComboFix log

ComboFix 09-05-19.04 - SOPHIE WALSH 19/05/2009 19:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.210 [GMT 1:00]
Running from: c:\documents and settings\SOPHIE WALSH\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fetepayu.dll
c:\windows\system32\sinilusi.dll
c:\windows\system32\ugewitiw.ini
c:\windows\system32\witiwegu.dll
c:\windows\system32\zuyagewa.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-18 20:37 . 2009-05-18 20:37 -------- dc----w C:\_OTMoveIt
2009-05-18 20:23 . 2009-05-18 20:23 -------- dc----w c:\program files\ERUNT
2009-05-15 07:14 . 2009-05-18 13:03 -------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-04-30 19:22 . 2009-04-30 19:23 3532 -c--a-w C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 18:28 . 2008-09-20 21:14 -------- dc----w c:\program files\Leicester City - DNA
2009-05-14 15:25 . 2007-10-24 14:58 -------- dc----w c:\program files\Common Files\Apple
2009-04-13 08:08 . 2009-04-13 08:07 -------- dc----w c:\program files\Vuze
2009-04-08 15:24 . 2009-01-02 19:58 664 -c--a-w c:\documents and settings\SOPHIE WALSH\Local Settings\Application Data\d3d9caps.dat
2009-04-04 07:31 . 2009-04-01 13:18 -------- dc----w c:\program files\Microsoft Silverlight
2009-04-01 13:18 . 2009-04-01 13:12 -------- dc----w c:\program files\Microsoft
2009-04-01 13:18 . 2009-04-01 13:18 -------- dc----w c:\program files\Microsoft Office Outlook Connector
2009-04-01 13:18 . 2008-02-03 19:19 -------- dc----w c:\program files\Windows Live
2009-04-01 13:17 . 2009-04-01 13:17 -------- dc----w c:\program files\Microsoft Sync Framework
2009-04-01 13:16 . 2009-04-01 13:16 -------- dc----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-01 13:12 . 2009-04-01 13:12 -------- dc----w c:\program files\Windows Live SkyDrive
2009-04-01 12:48 . 2009-04-01 12:48 -------- dc----w c:\program files\Common Files\Windows Live
2009-03-25 19:48 . 2007-07-28 16:25 47792 -c--a-w c:\documents and settings\SOPHIE WALSH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 15:59 . 2009-03-25 15:59 -------- dc----w c:\program files\JRE
2009-03-25 15:59 . 2009-03-25 15:59 -------- dc----w c:\program files\OpenOffice.org 3
2009-03-25 15:57 . 2008-06-04 13:58 -------- dc----w c:\program files\OpenOffice.org 2.4
2009-03-25 15:50 . 2007-07-25 02:16 -------- dc----w c:\program files\Java
2009-03-25 15:48 . 2009-03-25 15:48 -------- dc----w c:\program files\Common Files\Java
2009-03-13 11:36 . 2008-12-22 21:36 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 11:51 284160 -c--a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-10 11:51 666112 -c--a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 11:51 81920 -c--a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Sky Alerts"="c:\program files\Sky Alerts\skinker.exe" [2005-08-01 482304]
"Leicester City - Desktop News Alerts"="c:\program files\Leicester City - DNA\launch.exe" [2006-10-10 339968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 1862144]
"CONNECTScheduler"="c:\program files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2006-03-23 75336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\SOPHIE WALSH\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Sky Alerts.lnk - c:\program files\Sky Alerts\skinker.exe [2005-8-1 482304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wiwonahu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\program files\Sky Alerts\skinker.exe"= c:\program files\Sky Alerts\skinker.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Azureus
"6881:UDP"= 6881:UDP:Azureus
"3689:TCP"= 3689:TCP:iTunes sharing

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/04/2009 14:18 55152]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Brother XP spl Service
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - clr_optimization_v2.0.50727_32
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McAfeeFramework
*Deregistered* - McShield
*Deregistered* - McTaskManager
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - SeaPort
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sprtsvc_dellsupportcenter
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wltrysvc
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9051c2ba-ad1d-450d-b9d4-878effd9d670} - c:\windows\system32\dugevasu.dll
HKLM-Run-yigumiliye - c:\windows\system32\pasebewu.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 82.94.187.199:1080 local;*.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
FF - ProfilePath - c:\documents and settings\SOPHIE WALSH\Application Data\Mozilla\Firefox\Profiles\q6mnx55g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://webmail.hermes.cam.ac.uk/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 19:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1704)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Leicester City - DNA\app.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-05-19 19:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 18:38
ComboFix2.txt 2009-01-13 00:37

Pre-Run: 72,449,495,040 bytes free
Post-Run: 72,408,653,824 bytes free

255 --- E O F --- 2009-05-14 02:04

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 20 May 2009 - 07:13 AM

Hi sophiXx,

That's done a good job but just a few more things to deal with. We should be able to run OTMoveIt now.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\windows\system32\wiwonahu.dll
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000000
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please post a fresh OTViewIt log too.
Posted Image
m0le is a proud member of UNITE

#13 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 20 May 2009 - 10:39 AM

Here's what I get

========== FILES ==========
File/Folder c:\windows\system32\wiwonahu.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"UpdatesDisableNotify"|dword:00000000 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05202009_163829

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:49 PM

Posted 21 May 2009 - 03:14 AM

Hi sophiXx,

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Please also post a new OTViewIt log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 SophiXx

SophiXx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 21 May 2009 - 08:30 AM

This is from Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 21, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 21, 2009 12:35:56
Records in database: 2209486
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 96023
Threat name: 1
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 03:02:20


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\fetepayu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sinilusi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\witiwegu.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zuyagewa.dll.vir Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\dawivahe.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\dugevasu.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\fegejuno.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\fovativu.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\hunitenu.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\kajopezi.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\kedidabo.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\koyojudu.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\lepopoka.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\lifuremi.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\nazatibo.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\pasebewu.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\wiwonahu.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\yirigewa.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\zahutova.dll Infected: Packed.Win32.Krap.q 1
C:\_OTMoveIt\MovedFiles\05182009_213710\WINDOWS\system32\zuyukibe.dll Infected: Packed.Win32.Krap.q 1

The selected area was scanned.

And from OTViewIt:

OTViewIt,txt:

OTViewIt logfile created on: 21/05/2009 14:26:02 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\SOPHIE WALSH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.97 Mb Total Physical Memory | 524.36 Mb Available Physical Memory | 58.66% Memory free
2.12 Gb Paging File | 1.16 Gb Available in Paging File | 55.03% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.93 Gb Total Space | 67.18 Gb Free Space | 46.04% Space Free | Partition Type: NTFS
Drive D: | 606.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPHIE
Current User Name: SOPHIE WALSH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/01 04:48:28 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2006/11/01 04:48:26 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
[2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
[2006/09/22 11:06:26 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/09/22 11:47:54 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/11/01 04:48:28 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/03/23 02:00:26 | 00,075,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
[2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2005/05/17 17:42:32 | 00,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
[2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2006/01/07 01:36:10 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
[2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[2008/04/14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
[2007/03/15 12:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2009/01/09 16:54:42 | 02,262,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
[2009/01/09 19:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
[2009/01/09 20:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
[2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
[2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[2009/01/14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
[2008/04/14 05:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/04/19 14:58:41 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/03/13 12:36:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2009/04/29 13:33:52 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/03/09 05:19:11 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
[2009/05/21 11:09:02 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\SOPHIE WALSH\Local Settings\Temp\jkos-SOPHIE WALSH\binaries\ScanningProcess.exe
[2009/05/21 11:09:02 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\SOPHIE WALSH\Local Settings\Temp\jkos-SOPHIE WALSH\binaries\ScanningProcess.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/05/18 16:19:51 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/04/13 04:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
[2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
[2007/03/19 12:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2009/02/06 17:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
[2007/07/25 03:33:44 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Paused])
[2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
[2005/11/24 16:03:22 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/11/24 15:57:44 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2009/01/14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
[2006/04/11 11:08:16 | 00,079,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service [On_Demand | Stopped])
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2005/11/24 15:47:30 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/01/06 21:25:12 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2006/11/01 04:48:28 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2009/03/13 12:36:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/10/11 12:43:56 | 01,777,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2006/11/03 06:34:00 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2006/08/17 13:55:16 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running])
[2008/04/14 00:16:34 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/06/13 12:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/14 00:16:30 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2009/02/06 17:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
[2009/01/15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/01 07:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/01 07:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2005/10/05 04:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/30 09:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
[2006/11/30 09:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2006/11/30 09:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/02/22 21:50:00 | 00,170,408 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
[2006/11/30 09:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
[2006/11/30 09:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 03:53:30 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008/04/14 00:16:34 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2005/07/14 23:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2008/04/14 00:06:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 00:10:48 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/14 00:10:48 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/09/22 11:06:26 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/09/22 11:47:52 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2005/12/01 07:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 00:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 82.94.187.199:1080 local;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070725
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
"provider"=yaho

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 82.94.187.199:1080 local;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER (Sony Corporation)
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"Leicester City - Desktop News Alerts"=C:\Program Files\Leicester City - DNA\launch.exe (Turtlez Ltd)
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe ()
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sky Alerts"="C:\Program Files\Sky Alerts\skinker.exe" (Skinkers Communications)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"Leicester City - Desktop News Alerts"=C:\Program Files\Leicester City - DNA\launch.exe (Turtlez Ltd)
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe ()
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sky Alerts"="C:\Program Files\Sky Alerts\skinker.exe" (Skinkers Communications)

========== (O4) Startup Folders ==========

File not found --
[2009/05/18 14:04:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
File not found -- C:\Documents and Settings\All Users\Shared Documents
[2009/02/07 19:02:17 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM
[2004/08/10 12:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Favorites
[2007/07/28 17:25:36 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/10/03 15:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\SonicStage
File not found --
[2009/01/15 18:00:54 | 00,041,248 | ---- | M] () -- C:\Documents and Settings\All Users\sysinfo.zip
[2009/03/25 17:02:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Templates
File not found --
[2004/08/10 12:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Desktop
[2004/08/10 13:08:38 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Default User\Favorites
File not found --
File not found --
[2004/08/10 12:57:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\NetHood
[2009/01/20 18:55:00 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Default User\NTUSER.DAT
[2009/01/20 18:55:00 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\Default User\ntuser.dat.LOG
[2007/07/25 03:05:26 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Default User\ntuser.ini
[2004/08/10 12:57:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\PrintHood
File not found -- C:\Documents and Settings\Default User\My Recent Documents
[2009/01/22 17:42:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\SendTo
File not found --
[2004/08/10 12:57:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Templates
File not found --
[2009/01/13 01:38:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Cookies
File not found --
[2009/05/19 19:24:18 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/05/19 20:57:50 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/08/10 13:08:16 | 00,000,020 | -HS- | M] () -- C:\Documents and Settings\LocalService\ntuser.ini
File not found --
[2009/01/13 18:22:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Cookies
File not found --
[2009/05/19 19:24:18 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/05/20 17:19:50 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/10 13:08:14 | 00,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService\ntuser.ini
File not found --
[2007/08/17 23:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SOPHIE WALSH\Contacts
[2009/05/19 20:59:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\SOPHIE WALSH\Cookies
[2009/05/21 14:24:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SOPHIE WALSH\Desktop
[2009/01/20 18:55:01 | 00,000,000 | R--D | M] -- C:\Documents and Settings\SOPHIE WALSH\Favorites
[2008/03/20 20:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SOPHIE WALSH\Incomplete
File not found --
[2008/05/25 15:20:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SOPHIE WALSH\LocalLow
File not found --
[2009/01/12 20:27:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\SOPHIE WALSH\NetHood
[2009/05/19 19:24:18 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\SOPHIE WALSH\NTUSER.DAT
[2009/05/21 14:26:34 | 00,032,768 | -H-- | M] () -- C:\Documents and Settings\SOPHIE WALSH\ntuser.dat.LOG
[2008/12/22 22:08:18 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\SOPHIE WALSH\ntuser.ini
[2004/08/10 12:57:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\SOPHIE WALSH\PrintHood
[2008/06/02 11:41:12 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\PUTTY.RND
[2009/05/20 16:07:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\SOPHIE WALSH\Recent
[2008/05/26 15:48:00 | 01,318,047 | ---- | M] (www.error-repair-pro.com ) -- C:\Documents and Settings\SOPHIE WALSH\repairsetup.exe
[2009/04/17 23:06:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\SOPHIE WALSH\SendTo
[2008/09/11 16:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SOPHIE WALSH\Shared
File not found --
[2007/11/06 20:35:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\SOPHIE WALSH\Templates
[2007/10/31 11:52:20 | 01,044,173 | ---- | M] (www.testmyhardware.com ) -- C:\Documents and Settings\SOPHIE WALSH\testmh240.exe
[2009/05/19 20:56:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SOPHIE WALSH\Tracing
[2007/09/17 21:26:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\SOPHIE WALSH\UserData

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoUpdateCheck"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"LinkResolveIgnoreLinkInfo"=0
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"LinkResolveIgnoreLinkInfo"=0
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"LinkResolveIgnoreLinkInfo"=0
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 14:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 14:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 17:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
54 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
54 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}: http://dl.tvunetworks.com/TVUAx.cab -- CTVUAxCtrl Object
{814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}: http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab -- DASWebDownload Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Value does not exist or could not be read.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13

========== (O17) DNS Name Servers ==========

{3291F7E1-0D6D-44E3-8CEF-7C8C35EBC0E9} (Servers: | Description: Dell Wireless 1390 WLAN Mini-Card)
{728684B8-F03A-47FB-AE37-86CB852CE7F7} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[AUTORUN] | open=menu.exe | icon=menuicon.ico | ]
[2007/08/22 12:38:20 | 00,000,045 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/20 16:38:01 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTMoveIt3(2).exe
[2009/05/20 16:37:14 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\erunt-setup(2).exe
[2009/05/20 16:06:20 | 57,170,078 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\leftright.zip
[2009/05/19 20:11:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/19 19:09:42 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/19 19:01:18 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/19 19:01:18 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/19 19:01:18 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/19 19:01:18 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/19 19:01:18 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/19 19:01:18 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/19 19:01:18 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/19 19:01:18 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/19 18:57:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/19 18:55:14 | 02,989,121 | R--- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\ComboFix.exe
[2009/05/18 21:37:33 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\widobemo
[2009/05/18 21:37:10 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/18 21:32:29 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTMoveIt3.exe
[2009/05/18 21:23:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/18 21:23:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\NTREGOPT.lnk
[2009/05/18 21:23:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\ERUNT.lnk
[2009/05/18 21:23:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/18 21:21:23 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\erunt-setup.exe
[2009/05/18 16:19:50 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTViewIt.exe
[2009/05/15 17:26:55 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\dds.scr
[2009/05/15 08:14:55 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/05/15 08:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/15 08:04:36 | 64,852,304 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515(2).exe
[2009/05/14 17:18:15 | 11,907,670 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515.exe
[2009/05/04 14:07:30 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\wmpfirefoxplugin.exe
[2009/05/03 14:10:16 | 00,012,439 | ---- | C] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\coacj.odt
[2009/04/30 20:22:54 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2009/04/25 19:53:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SOPHIE WALSH\Desktop\City pics

========== Files - Modified Within 30 Days ==========

[2009/05/20 16:38:01 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTMoveIt3(2).exe
[2009/05/20 16:37:36 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/20 16:37:30 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\NTREGOPT.lnk
[2009/05/20 16:37:30 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\ERUNT.lnk
[2009/05/20 16:37:14 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\erunt-setup(2).exe
[2009/05/20 16:07:14 | 57,170,078 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\leftright.zip
[2009/05/19 20:54:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/19 20:54:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/19 20:54:32 | 93,747,2000 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/19 19:29:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 19:26:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/19 19:24:07 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\widobemo
[2009/05/19 18:55:15 | 02,989,121 | R--- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\ComboFix.exe
[2009/05/18 21:32:29 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTMoveIt3.exe
[2009/05/18 21:21:24 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\erunt-setup.exe
[2009/05/18 16:19:51 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\OTViewIt.exe
[2009/05/15 17:26:59 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\dds.scr
[2009/05/15 11:52:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/15 08:14:55 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/05/15 08:05:03 | 64,852,304 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515(2).exe
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/14 17:22:34 | 11,907,670 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\avg_free_stf_en_85_329a1515.exe
[2009/05/14 16:05:47 | 09,110,968 | -H-- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Local Settings\Application Data\IconCache.db
[2009/05/13 22:48:56 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/04 14:07:31 | 00,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\SOPHIE WALSH\Desktop\wmpfirefoxplugin.exe
[2009/05/03 14:10:19 | 00,012,439 | ---- | M] () -- C:\Documents and Settings\SOPHIE WALSH\Desktop\coacj.odt
[2009/05/02 21:57:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 20:23:23 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/04/24 15:20:10 | 00,477,404 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/24 15:20:10 | 00,406,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/24 15:20:10 | 00,064,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

And Extras.txt:

OTViewIt Extras logfile created on: 21/05/2009 14:26:03 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\SOPHIE WALSH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.97 Mb Total Physical Memory | 524.36 Mb Available Physical Memory | 58.66% Memory free
2.12 Gb Paging File | 1.16 Gb Available in Paging File | 55.03% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.93 Gb Total Space | 67.18 Gb Free Space | 46.04% Space Free | Partition Type: NTFS
Drive D: | 606.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOPHIE
Current User Name: SOPHIE WALSH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 17:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
[2007/06/21 21:56:14 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/04/19 14:58:47 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2009/04/29 13:33:52 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2005/08/01 14:45:50 | 00,482,304 | ---- | M] (Skinkers Communications) -- C:\Program Files\Sky Alerts\skinker.exe
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/03/09 05:19:11 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
[2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 17:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/10/29 15:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 17:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 01:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 17:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 17:53:40 | 00,791,392 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}"=kgchlwn
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{11F3F858-4131-4FFA-A560-3FE282933B6E}"=kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}"=LG PC Suite II
"{162B71B8-8464-4680-A086-601D555B331D}"=Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java™ 6 Update 13
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}"=McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}"=Windows Live Photo Gallery
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}"=LG PC Suite II
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}"=Junk Mail filter update
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}"=fflink
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}"=Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}"=kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}"=Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}"=Windows Live Family Safety
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}"=Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}"=kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}"=Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}"=Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}"=Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}"=kgcinvt
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}"=Microsoft Search Enhancement Pack
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.4
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}"=kgcmove
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}"=PaperPort
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}"=Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}"=Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B6F7DBE7-2FE2-458F-A738-B10832746036}"=Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}"=Brother MFL-Pro Suite
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}"=Microsoft Sync Framework Services Native v1.0 (x86)
"{C151CE54-E7EA-4804-854B-F515368B0798}"=AMD Processor Driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}"=Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}"=OpenMG Secure Module 4.4.00
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}"=Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}"=CONNECT Player Language Pack
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}"=kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}"=CONNECT Player
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}"=ATI Catalyst Control Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}"=Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}"=Broadcom Management Programs
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Advanced SystemCare 3_is1"=Advanced SystemCare 3
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"CONNECTAutoUpdate"=CONNECT Auto Update
"ERUNT_is1"=ERUNT 1.1j
"FoxyTunesForFirefox"=FoxyTunes for Firefox
"Google Desktop"=Google Desktop
"Graboid Video"=Graboid Video 1.4
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}"=OpenMG Secure Module 4.4.00
"Leicester City - DNA_is1"=Leicester City - DNA 2.02
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla ActiveX Control v1.7.12"=Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.4-05-12-06-01"=OpenMG Limited Patch 4.4-06-13-19-01
"R for Windows 2.8.1_is1"=R for Windows 2.8.1
"RealPlayer 6.0"=RealPlayer
"SearchAssist"=SearchAssist
"Sky Alerts"=Sky Alerts (remove only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"VLC media player"=VideoLAN VLC media player 0.8.6d
"Vuze"=Vuze
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinLiveSuite_Wave3"=Windows Live Essentials
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2965920531-71482795-1051204677-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/05/2009 14:09:39 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 15 seconds;

Error - 19/05/2009 14:14:50 | Computer Name = SOPHIE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2104 (0x838) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.101
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\SOPHIE
WALSH\Desktop\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe by C:\WINDOWS\explorer.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 19/05/2009 14:14:54 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 20 seconds;

Error - 19/05/2009 14:19:15 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 25 seconds;

Error - 19/05/2009 14:21:13 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 30 seconds;

Error - 19/05/2009 14:21:59 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 35 seconds;

Error - 19/05/2009 14:26:30 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 19/05/2009 14:36:30 | Computer Name = SOPHIE | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 19/05/2009 14:37:08 | Computer Name = SOPHIE | Source = Application Error | ID = 1000
Description = Faulting application brsvc01a.exe, version 1.0.0.3, faulting module
unknown, version 0.0.0.0, fault address 0x0012e7e0.

Error - 19/05/2009 15:54:58 | Computer Name = SOPHIE | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ OSession Events ]
Error - 03/11/2008 16:47:25 | Computer Name = SOPHIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 21/05/2009 04:48:25 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 21/05/2009 05:34:23 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 21/05/2009 06:45:17 | Computer Name = SOPHIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.21.127.36 on
the Network Card with network address 0019B9824969.

Error - 21/05/2009 07:03:14 | Computer Name = SOPHIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.21.127.36 on
the Network Card with network address 0019B9824969.

Error - 21/05/2009 07:08:17 | Computer Name = SOPHIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.21.127.36 on
the Network Card with network address 0019B9824969.

Error - 21/05/2009 07:22:56 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SENS service.

Error - 21/05/2009 07:43:59 | Computer Name = SOPHIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.21.127.36 on
the Network Card with network address 0019B9824969.

Error - 21/05/2009 08:52:34 | Computer Name = SOPHIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.21.127.36 on
the Network Card with network address 0019B9824969.

Error - 21/05/2009 09:07:13 | Computer Name = SOPHIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 172.21.127.36 on
the Network Card with network address 0019B9824969.

Error - 21/05/2009 09:21:00 | Computer Name = SOPHIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.


< End of report >


Thanks yet again for all your help!

Soph




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users