WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] Is my boy's laptop infected?

Started by drummer , Oct 11 2009 05:02 PM

This topic is locked

8 replies to this topic

#1 drummer

Authentic Member

Authentic Member
22 posts

Posted 11 October 2009 - 05:02 PM

I am trying to clean up my son's laptop which is bahaving erratically and not doing much for his studies.

I am not even able to change the desktop as 'Display Properties' is fogged out and locked.

It won't allow updates to Adaware, to repair MSN Live Mail, or even to run your RootRepeal programme. In each case an error window opens claiming that the programme is not a valid WIN32 application.

It's way beyond my expertise. Can you help me? It has been years since I visited you guys, but as I recall, you're the best.

Obviously I can't send the RootRepeal file but, as requested, here follow the ERUNT and Attach logs:

DDS (Ver_09-06-26.01) - NTFSx86
Run by michael norman at 23:09:30.68 on 11/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1311 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\michael norman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Power2GoExpress] NA
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9b.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\michael norman\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?53f12a2f97a7480da56863e340066006
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?53f12a2f97a7480da56863e340066006
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APITRAP.DLL;c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-9-19 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-9-19 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-19 122368]
R2 Network Connections (Netman) ;Network Connections (Netman) ;c:\program files\tinyproxy\tinyproxy.exe [2008-11-2 8448]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-19 114464]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-9-19 29744]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-4-3 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2005-10-7 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2005-10-7 94064]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2005-10-7 83344]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-9-19 245760]

=============== Created Last 30 ================

2009-10-11 18:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-11 18:51 0

DDS (Ver_09-06-26.01) - NTFSx86
Run by michael norman at 23:51:56.98 on 11/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1284 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\michael norman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Power2GoExpress] NA
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9b.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\michael norman\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?53f12a2f97a7480da56863e340066006
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?53f12a2f97a7480da56863e340066006
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APITRAP.DLL;c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-9-19 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-9-19 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-19 122368]
R2 Network Connections (Netman) ;Network Connections (Netman) ;c:\program files\tinyproxy\tinyproxy.exe [2008-11-2 8448]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-19 114464]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-9-19 29744]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-4-3 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2005-10-7 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2005-10-7 94064]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2005-10-7 83344]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-9-19 245760]

=============== Created Last 30 ================

2009-10-11 18:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-11 18:51 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-11 18:50 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-10-11 18:50 1,421,736 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-10-11 18:50 18,856 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-10-11 18:50 21,760 a------- c:\windows\system32\drivers\point32.sys
2009-10-11 18:49 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-10-05 17:32 <DIR> --d----- c:\docume~1\michae~1\applic~1\MSNInstaller
2009-09-12 12:11 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2008-11-05 21:27 30 a------- c:\documents and settings\michael norman\jagex_runescape_preferences.dat

============= FINISH: 23:52:12.51 ===============

Anything you can do to help will be much appreciated.
Regards, Drummer.

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 11 October 2009 - 09:47 PM

Hello drummer,
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your logs now, I will post back shortly with instructions.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 drummer

Authentic Member

Authentic Member
22 posts

Posted 12 October 2009 - 03:11 AM

Hello OCD, Thank you for your prompt reply and for working on my problem. Regards, Drummer.

#4 OCD

SuperHelper

Malware Team
5,574 posts

Posted 12 October 2009 - 06:10 PM

Hello drummer,

You may want to print out these instructions for reference prior to proceeding.
This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
If you have any questions, or are uncertain about any steps please ask 'before' proceeding.

- - - - - Next - - - - -

Please download Sysprot Antirootkit from here

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log in your next reply.

- - - - - Next - - - - -

In you first post you ran a DDS scan. The DDS scan produces two (2) logs, DDS.txt & Attach.txt, you only provided one (1).
Please locate the Attach.txt, it should be on your desktop. Post it in the next reply.

If you are unable to locate the Attach.txt log, just re-run a new DDS scan and provide both logs along with the items requested below.

- - - - - Next - - - - -

On your next post please provide the following:
Sysprot log
Attach.txt log
Tell me how your computer is running at the moment.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#5 drummer

Authentic Member

Authentic Member
22 posts

Posted 14 October 2009 - 04:11 PM

Hi OCD,
Thank you for your response.

I am now unable to connect with the net. When I hit the Internet Explorer shortcut I just get "unable to load configuration", so I am now having to transfer software and logs via a memory stick from my PC to the effected laptop.

The logs you require follow:

DDS (Ver_09-06-26.01) - NTFSx86
Run by michael norman at 23:51:56.98 on 11/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1284 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\michael norman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MX6933B
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Power2GoExpress] NA
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9b.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\michael norman\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?53f12a2f97a7480da56863e340066006
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?53f12a2f97a7480da56863e340066006
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\progra~1\mcafee\spamki~1\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APITRAP.DLL;c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-9-19 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-9-19 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-19 122368]
R2 Network Connections (Netman) ;Network Connections (Netman) ;c:\program files\tinyproxy\tinyproxy.exe [2008-11-2 8448]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-9-19 114464]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-9-19 29744]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-4-3 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2005-10-7 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2005-10-7 94064]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2005-10-7 83344]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-9-19 245760]

=============== Created Last 30 ================

2009-10-11 18:51 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-11 18:51 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-11 18:50 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-10-11 18:50 1,421,736 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-10-11 18:50 18,856 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-10-11 18:50 21,760 a------- c:\windows\system32\drivers\point32.sys
2009-10-11 18:49 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-10-05 17:32 <DIR> --d----- c:\docume~1\michae~1\applic~1\MSNInstaller
2009-09-12 12:11 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2008-11-05 21:27 30 a------- c:\documents and settings\michael norman\jagex_runescape_preferences.dat

============= FINISH: 23:52:12.51 ===============

SysProt AntiRootkit v1.0.1.0
by swatkat

********************************************************************************
**********
********************************************************************************
**********

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 808
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PID: 1256
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1408
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1872
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1916
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 1944
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 1988
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PID: 176
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PID: 1184
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1544
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1600
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 1424
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 3320
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe
PID: 3400
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 3408
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PID: 3424
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehmsas.exe
PID: 3448
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 3468
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 3648
Hidden: No
Window Visible: No

Name: C:\WINDOWS\stsystra.exe
PID: 3716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 3940
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1472
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2224
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
PID: 2248
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
PID: 2280
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PID: 2532
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PID: 2708
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PID: 2716
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PID: 2840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\Vm_sti.exe
PID: 2936
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3148
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
PID: 4084
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 4088
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 2976
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 936
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PID: 2464
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\Program Files\Messenger\msmsgs.exe
PID: 2972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 2064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wscntfy.exe
PID: 2056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 2420
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\michael norman\Desktop\SysProt\SysProt.exe
PID: 1640
Hidden: No
Window Visible: Yes

********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \??\C:\Documents and Settings\michael norman\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 977A2000
Module End: 977AD000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E2000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E2000
Module End: 80702C80
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9F79000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9F68000
Module End: B9F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: BA4BC000
Module End: BA4BF000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: BA4C0000
Module End: BA4C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmdide.sys
Service Name: CmdIde
Module Base: BA5AE000
Module End: BA5B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\toside.sys
Service Name: TosIde
Module Base: BA5B0000
Module End: BA5B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: BA5B2000
Module End: BA5B4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: BA5B4000
Module End: BA5B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: B9F4A000
Module End: B9F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9F2B000
Module End: B9F4A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5B6000
Module End: BA5B8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9F05000
Module End: B9F2B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: BA4C4000
Module End: BA4C7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: BA671000
Module End: BA672000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0C8000
Module End: BA0D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cpqarray.sys
Service Name: Cpqarray
Module Base: BA4C8000
Module End: BA4CC000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ---
Module Base: B9EED000
Module End: B9F05000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\IASTOR.SYS
Service Name: iaStor
Module Base: B9E17000
Module End: B9EED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9DFF000
Module End: B9E17000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aha154x.sys
Service Name: Aha154x
Module Base: BA4CC000
Module End: BA4D0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sparrow.sys
Service Name: Sparrow
Module Base: BA338000
Module End: BA33D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc810.sys
Service Name: symc810
Module Base: BA4D0000
Module End: BA4D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78xx.sys
Service Name: aic78xx
Module Base: BA0D8000
Module End: BA0E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac960nt.sys
Service Name: dac960nt
Module Base: BA4D4000
Module End: BA4D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql10wnt.sys
Service Name: Ql10wnt
Module Base: BA0E8000
Module End: BA0F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amsint.sys
Service Name: amsint
Module Base: BA4D8000
Module End: BA4DB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc.sys
Service Name: asc
Module Base: BA340000
Module End: BA347000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3550.sys
Service Name: asc3550
Module Base: BA4DC000
Module End: BA4E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mraid35x.sys
Service Name: mraid35x
Module Base: BA348000
Module End: BA34D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: BA350000
Module End: BA355000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ini910u.sys
Service Name: ini910u
Module Base: BA4E0000
Module End: BA4E4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1240.sys
Service Name: ql1240
Module Base: BA0F8000
Module End: BA102000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78u2.sys
Service Name: aic78u2
Module Base: BA108000
Module End: BA116000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc8xx.sys
Service Name: symc8xx
Module Base: BA358000
Module End: BA360000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_hi.sys
Service Name: sym_hi
Module Base: BA360000
Module End: BA367000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_u3.sys
Service Name: sym_u3
Module Base: BA368000
Module End: BA370000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Service Name: abp480n5
Module Base: BA370000
Module End: BA376000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3350p.sys
Service Name: asc3350p
Module Base: BA378000
Module End: BA37E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Service Name: cd20xrnt
Module Base: BA5B8000
Module End: BA5BA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ultra.sys
Service Name: ultra
Module Base: BA118000
Module End: BA121000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: B9DE6000
Module End: B9DFF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dpti2o.sys
Service Name: dpti2o
Module Base: BA380000
Module End: BA385000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1080.sys
Service Name: ql1080
Module Base: BA128000
Module End: BA132000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1280.sys
Service Name: ql1280
Module Base: BA138000
Module End: BA144000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql12160.sys
Service Name: ql12160
Module Base: BA148000
Module End: BA154000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2.sys
Service Name: perc2
Module Base: BA388000
Module End: BA38F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2hib.sys
Service Name: perc2hib
Module Base: BA5BA000
Module End: BA5BC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\hpn.sys
Service Name: hpn
Module Base: BA390000
Module End: BA397000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cbidf2k.sys
Service Name: cbidf
Module Base: BA4E4000
Module End: BA4E8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac2w2k.sys
Service Name: dac2w2k
Module Base: B9DBA000
Module End: B9DE6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA158000
Module End: BA161000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA168000
Module End: BA175000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: B9D9A000
Module End: B9DBA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9D88000
Module End: B9D9A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA398000
Module End: BA39D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9D71000
Module End: B9D88000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9CE4000
Module End: B9D71000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9CB7000
Module End: B9CE4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sisagp.sys
Service Name: sisagp
Module Base: BA178000
Module End: BA183000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: BA188000
Module End: BA193000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA198000
Module End: BA1A7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA1A8000
Module End: BA1B5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9C9C000
Module End: B9CB7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\alim1541.sys
Service Name: alim1541
Module Base: BA1B8000
Module End: BA1C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amdagp.sys
Service Name: amdagp
Module Base: BA1C8000
Module End: BA1D3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: BA1D8000
Module End: BA1E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agpCPQ.sys
Service Name: agpCPQ
Module Base: BA1E8000
Module End: BA1F3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA238000
Module End: BA241000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: B9BB4000
Module End: B9BB8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: B914C000
Module End: B9269000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B9138000
Module End: B914C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9113000
Module End: B9138000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\yk51x86.sys
Service Name: yukonwxp
Module Base: B90D7000
Module End: B9113000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Service Name: w39n51
Module Base: B8F7A000
Module End: B90D7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA418000
Module End: BA41D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B8F57000
Module End: B8F7A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: B92B1000
Module End: B92B8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tifm21.sys
Service Name: tifm21
Module Base: B8F2F000
Module End: B8F57000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: BA248000
Module End: BA255000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: B92A9000
Module End: B92AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: B8F01000
Module End: B8F2F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA5FE000
Module End: BA600000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: B92A1000
Module End: B92A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA268000
Module End: BA273000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: AF011000
Module End: AF01E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: AF001000
Module End: AF010000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: AC834000
Module End: AC857000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: AEFF1000
Module End: AEFFB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA717000
Module End: BA718000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: AEFE1000
Module End: AEFEE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B9BC4000
Module End: B9BC7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: AC81D000
Module End: AC834000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: AEFD1000
Module End: AEFDC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: AEFC1000
Module End: AEFCD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: B14B6000
Module End: B14BB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: AC80C000
Module End: AC81D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: AEFB1000
Module End: AEFBA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: B14AE000
Module End: B14B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: B14A6000
Module End: B14AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: AC7DB000
Module End: AC80C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: AEE63000
Module End: AEE6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA66E000
Module End: BA670000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: A8DE5000
Module End: A8E3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: AADAE000
Module End: AADB2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B2CB0000
Module End: B2CBA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: 98C10000
Module End: 98D25000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: 98BEE000
Module End: 98C10000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B2C80000
Module End: B2C8F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B2C70000
Module End: B2C7F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: BA60A000
Module End: BA60C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA60C000
Module End: BA60E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: A94AA000
Module End: A94AB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA60E000
Module End: BA610000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: B2C20000
Module End: B2C26000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA610000
Module End: BA612000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA612000
Module End: BA614000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: B2C18000
Module End: B2C1D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: B2C10000
Module End: B2C18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: A9CB0000
Module End: A9CB3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: 98BBB000
Module End: 98BCE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: 98B63000
Module End: 98BBB000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\MpFirewall.sys
Service Name: ---
Module Base: 98B4F000
Module End: 98B63000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: 98B2E000
Module End: 98B4F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B2C60000
Module End: B2C69000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: 98B06000
Module End: 98B2E000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: 98AE4000
Module End: 98B06000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: B2C50000
Module End: B2C59000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: 98AB9000
Module End: 98AE4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: 98A4A000
Module End: 98AB9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: B1F55000
Module End: B1F5E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: 98A27000
Module End: 98A4A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: A905B000
Module End: A905E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: B1F35000
Module End: B1F3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BA4A0000
Module End: BA4A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
Service Name: NuidFltr
Module Base: BA4A8000
Module End: BA4AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Service Name: ---
Module Base: B1F25000
Module End: B1F32000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Service Name: Wdf01000
Module Base: 989AC000
Module End: 98A27000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A9053000
Module End: A9056000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Udfs.SYS
Service Name: Udfs
Module Base: 9899B000
Module End: 989AC000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 988C5000
Module End: 9899B000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: A903B000
Module End: A903E000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BA3D0000
Module End: BA3D5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BA7FA000
Module End: BA7FB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: B9291000
Module End: B9296000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: B22A5000
Module End: B22A9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: BA590000
Module End: BA594000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: 987A9000
Module End: 987D5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: 98718000
Module End: 98759000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: 9869E000
Module End: 986F0000
Hidden: No

Module Name: \SystemRoot\system32\drivers\naiavf5x.sys
Service Name: NaiAvFilter1
Module Base: 9860A000
Module End: 98626000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: 98512000
Module End: 9851C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: 9811D000
Module End: 98132000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: 981A2000
Module End: 981B1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: 97AA7000
Module End: 97AB0000
Hidden: No

********************************************************************************
**********
********************************************************************************
**********
No SSDT Hooks found

********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found

********************************************************************************
**********
********************************************************************************
**********
No IRP Hooks found

********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: YOUR-5BC8359D53.HOME:INGRESLOCK
Remote Address: CDS137.LON9.MSECN.NET:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: YOUR-5BC8359D53.HOME:1514
Remote Address: HB-IN-F147.GOOGLE.COM:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-5BC8359D53.HOME:1050
Remote Address: HB-IN-F103.GOOGLE.COM:HTTPS
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: CLOSE_WAIT

Local Address: YOUR-5BC8359D53.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-5BC8359D53:27015
Remote Address: LOCALHOST:1060
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: YOUR-5BC8359D53:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: YOUR-5BC8359D53:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: YOUR-5BC8359D53:4664
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
State: LISTENING

Local Address: YOUR-5BC8359D53:1060
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: YOUR-5BC8359D53:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: YOUR-5BC8359D53:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-5BC8359D53:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-5BC8359D53:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-5BC8359D53.HOME:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-5BC8359D53.HOME:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-5BC8359D53.HOME:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-5BC8359D53.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-5BC8359D53.HOME:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-5BC8359D53:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-5BC8359D53:1523
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-5BC8359D53:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-5BC8359D53:62558
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-5BC8359D53:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-5BC8359D53:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: YOUR-5BC8359D53:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-5BC8359D53:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-5BC8359D53:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

********************************************************************************
**********
********************************************************************************
**********
Hidden files/folders:
Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\keep_earth_rockin@hotmail.com\SharingMetadata\katywoo26@hotmail.com\DFSR\Staging\CS{5E72FD63-D2A8-49A6-D197-AFFEE683A034}\01\10-{5E72FD63-D2A8-49A6-D197-AFFEE683A
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\butterontoast@hotmail.co.uk\DFSR\Staging\CS{1D6828E6-364F-E4A4-278C-21AB738B3B87}\01\13-{1D6828E6-364F-E4A4-278C-21AB738
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\j14murphy@hotmail.co.uk\DFSR\Staging\CS{B5BC9C23-2830-53A9-2825-72CC53308B19}\01\14-{B5BC9C23-2830-53A9-2825-72CC53308B1
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\jordanian14@hotmail.com\DFSR\Staging\CS{51D9EF82-CDE5-FA89-E5B2-6FD8B2A01187}\01\15-{51D9EF82-CDE5-FA89-E5B2-6FD8B2A0118
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\jordanian14@hotmail.com\DFSR\Staging\CS{51D9EF82-CDE5-FA89-E5B2-6FD8B2A01187}\14\14-{AA65C85A-1687-4DB4-895B-50C750DDAF9
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\jordanian14@hotmail.com\DFSR\Staging\CS{51D9EF82-CDE5-FA89-E5B2-6FD8B2A01187}\23\23-{DA77E7E2-C92D-41AA-8DE0-B660301B388
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\jordanian14@hotmail.com\DFSR\Staging\CS{51D9EF82-CDE5-FA89-E5B2-6FD8B2A01187}\24\24-{DA77E7E2-C92D-41AA-8DE0-B660301B388
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\jordanian14@hotmail.com\DFSR\Staging\CS{51D9EF82-CDE5-FA89-E5B2-6FD8B2A01187}\25\25-{DA77E7E2-C92D-41AA-8DE0-B660301B388
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\leekiely25@hotmail.com\DFSR\Staging\CS{A9569E3E-8659-FE88-5F38-EF34062CDCA2}\01\73-{A9569E3E-8659-FE88-5F38-EF34062CDCA2
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\leekiely25@hotmail.com\DFSR\Staging\CS{A9569E3E-8659-FE88-5F38-EF34062CDCA2}\74\19-{DA77E7E2-C92D-41AA-8DE0-B660301B3886
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\midgetmansam@hotmail.co.uk\DFSR\Staging\CS{378F5210-62C2-89EB-79CF-5F9F92CD8474}\01\41-{378F5210-62C2-89EB-79CF-5F9F92CD
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\michaelnorman@hotmail.com\SharingMetadata\olivernye@hotmail.co.uk\DFSR\Staging\CS{2D6F04C1-410D-B0EB-83CA-7B1B902F85E3}\01\42-{2D6F04C1-410D-B0EB-83CA-7B1B902F85E
Status: Hidden

Object: C:\Documents and Settings\michael norman\Local Settings\Application Data\Microsoft\Messenger\sxc_lou_chapman@hotmail.co.uk\SharingMetadata\schott_nyc@hotmail.co.uk\DFSR\Staging\CS{23C5FDE1-84F9-4090-5C10-D882CC7F0841}\01\10-{23C5FDE1-84F9-4090-5C10-D882CC
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{C5F4720D-C49C-4992-B306-4B61FC2D2738}
Status: Access denied

Regards,
Drummer.

#6 OCD

SuperHelper

Malware Team
5,574 posts

Posted 14 October 2009 - 06:55 PM

Hello Drummer,

The DDS scan produces two (2) logs, DDS.txt & Attach.txt, you only provided one (1).
Please locate the Attach.txt, it should be on your desktop.

You seem to have over-looked this log in your last post. Can you please attempt to locate it and post it in your next reply while I review the DDS & Sysprot logs

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#7 OCD

SuperHelper

Malware Team
5,574 posts

Posted 15 October 2009 - 10:09 AM

Hi drummer,

You have been infected with a piece of malware with backdoor capability.

Please review the information I have outlined below:

It can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal
data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.
I would advise for you to disconnect this PC from the Internet, and then go to a known clean computer and change any passwords or security
information held on the infected computer. In particular, check whatever relates to online banking financial transactions, shopping, credit
cards, or sensitive personal information. It is also wise to contact your financial institutions to apprise them of your situation.
We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, we cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.
Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.
Trojans are programs that can appear to serve a legitimate purpose but actually have an unwanted or harmful effect.
A large segment of trojan programs download other harmful software components to a user's PC without his/her knowledge.
This application is most likely downloaded and installed by another application that is considered to be adware or spyware.

Knowing the above, let me know how you would like to proceed.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

- - - - - Next - - - - -

Reboot in Safe Mode with Networking:

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc.
At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

- - - - - Next - - - - -

Restore Proxy Settings

In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" (or reconfigure the Proxy server again in case you have set it previously)

- - - - - Next - - - - -

Reboot in Normal Mode

- - - - - Next - - - - -

Please download OTM by OldTimer.

Save it to your desktop.
Please click OTM and then click >> run.
Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"c94e154b-1459-4a47-966b-4b843befc7db"-

:Files
C:\Program Files\tinyproxy
c:\documents and settings\michael norman\start menu\programs\startup\PowerReg Scheduler.exe

:Services
Network Connections (Netman)

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

- - - - - Next - - - - -

Please re-run DDS and post the new logs generated.

Be sure to disable your script blocking software BEFORE running the DDS scan. Use the link below if you need assistance.

Disable any script blocking protection (How to Disable your Security Programs) < - - Important
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.

- - - - - Next - - - - -

On your next post please provide the following:

OTM log
Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#8 OCD

SuperHelper

Malware Team
5,574 posts

Posted 19 October 2009 - 10:43 AM

Hello drummer, It's been a few days, I was just checking to see if you still needed assistance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#9 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 21 October 2009 - 10:33 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Body Background

skin color theme