Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer launching background audio ads


  • This topic is locked This topic is locked
37 replies to this topic

#1 mhicken

mhicken

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 13 August 2010 - 07:37 PM

IE 7 is launching background audio ads, but not a full browser instance. I've attached the DDS files and GMER file. I'm using Win XP SP3.

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 21 August 2010 - 07:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 August 2010 - 01:54 PM

The OTL program only created one file, OTL.txt which I've just posted here. Also, I've run GMER.exe 5 times and I keep getting the blue screen of death while it's scanning. I will continue to try to get a report and will post it here if get one.

OTL logfile created on: 8/23/2010 9:40:16 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mark Hicken\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.80 Gb Total Space | 111.58 Gb Free Space | 47.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK_LAPTOP
Current User Name: Mark Hicken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/23 09:26:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Hicken\My Documents\Downloads\OTL.exe
PRC - [2010/07/19 10:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/03 07:40:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/18 21:09:14 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/09/18 21:09:14 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/08/13 02:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$PG_DB2\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 09:26:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Hicken\My Documents\Downloads\OTL.exe
MOD - [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/01 20:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/18 21:09:14 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/13 02:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/07/08 21:22:22 | 000,068,112 | ---- | M] (McAfee) [Disabled | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/15 16:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/03/16 18:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$PG_DB2\Binn\sqlservr.exe -- (MSSQL$PG_DB2)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$PG_DB2\Binn\sqlagent.EXE -- (SQLAgent$PG_DB2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/30 21:28:03 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/27 15:15:18 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/04/02 21:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/03/31 21:22:34 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/03/24 14:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/16 18:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/16 18:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/26 14:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/02/26 14:08:34 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/02/22 14:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/02/11 16:10:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/02/11 15:41:54 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2009/02/11 15:41:50 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/02/11 15:41:50 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/02/11 15:41:46 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/02/11 15:41:42 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/11 15:41:40 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/10/28 14:39:44 | 000,089,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/14 05:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 05:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/14 20:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/28 11:24:38 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/09 12:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.wsj.com
IE - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://online.wsj.com/home/us"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 12:58:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 15:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 16:35:22 | 000,000,000 | ---D | M]

[2009/12/04 16:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Extensions
[2010/08/22 11:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Firefox\Profiles\qdqiauf9.default\extensions
[2010/04/27 12:42:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Firefox\Profiles\qdqiauf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/04 09:14:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Firefox\Profiles\qdqiauf9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/17 07:35:28 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Firefox\Profiles\qdqiauf9.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/02/04 09:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Firefox\Profiles\qdqiauf9.default\extensions\FFToolbar@upromise
[2010/04/27 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Mozilla\Firefox\Profiles\qdqiauf9.default\extensions\staged-xpis
[2010/08/22 11:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/31 09:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2010/01/31 09:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
[2010/07/23 09:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/08/20 08:36:00 | 000,097,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFPDFConverter.dll
[2010/03/11 10:06:04 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/03/11 10:06:04 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/03/11 10:06:17 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2010/03/11 10:06:23 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/03/11 10:06:03 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/29 11:09:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/12/05 19:43:36 | 000,000,832 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 69.50.2.28 ex17.myhostedexchange.com ex17
O1 - Hosts: 69.50.2.28 EX17.hostedexchange.local EX17
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-839977424-2625545825-1478708936-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839977424-2625545825-1478708936-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.4 206.13.29.12 206.13.30.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e76a724-e127-11de-8d25-002564728c83}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/21 08:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Draft Analyzer 2010
[2010/08/19 23:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Footballdiehards.com
[2010/08/19 12:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Application Data\DraftAnalyzer
[2010/08/16 16:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/16 16:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/16 16:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/16 12:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/08/16 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2010/08/16 11:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/08/16 11:11:52 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/08/14 16:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Application Data\SUPERAntiSpyware.com
[2010/08/14 16:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/14 16:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/14 16:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/11 19:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/11 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/11 16:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/08/11 15:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/11 12:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/10 16:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/10 16:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/10 16:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\Microsoft Help
[2010/08/10 16:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/08/06 13:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\IGC
[2010/08/06 13:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\IGC
[2010/08/03 17:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Application Data\Peachtree
[2010/08/03 17:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/08/03 17:32:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2010/08/03 17:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Peach
[2010/08/03 17:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2010/08/03 17:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pervasive Software
[2010/08/03 17:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/08/03 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sage
[2010/08/03 17:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeachInst
[2010/08/03 17:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\.unison
[2010/08/03 17:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010/08/03 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unison
[2010/07/23 09:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 09:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 09:50:53 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/23 09:50:53 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/23 09:50:53 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/23 09:50:53 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/30 11:25:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/06/30 11:24:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/30 11:24:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/30 11:24:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/22 15:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/06/22 14:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\PCHealth
[2010/06/11 06:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2010/06/07 14:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/06/03 19:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Application Data\Google
[2010/06/03 19:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\Temp
[2010/06/03 18:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips 2009
[2010/06/02 19:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Application Data\Ventrilo
[2010/06/02 19:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/06/02 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/01 13:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Application Data\Malwarebytes
[2010/06/01 13:54:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/01 13:54:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/01 13:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/01 13:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/30 09:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\Blizzard Entertainment
[2010/05/29 11:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/05/29 10:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft.a0d98555.temp
[2010/05/28 19:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft.28afbfaf.temp
[2010/05/26 19:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft.cc41a16d.temp
[2010/05/26 17:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft.temp
[2010/05/26 17:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/26 17:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/23 09:27:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 11:46:45 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 11:45:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/22 11:45:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 11:45:27 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 08:33:58 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Mark Hicken\NTUSER.DAT
[2010/08/21 08:33:18 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Draft Analyzer 2010.lnk
[2010/08/20 17:36:50 | 010,733,990 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\My Documents\20100820173624.pdf
[2010/08/20 13:25:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mark Hicken\ntuser.ini
[2010/08/20 10:35:19 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2010/08/20 08:18:46 | 000,130,774 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\csl.ddt
[2010/08/19 23:03:53 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Footballdiehards.com DDT.lnk
[2010/08/19 17:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/19 12:42:10 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2010/08/19 07:48:44 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegSERVO.job
[2010/08/18 11:27:47 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/17 17:27:54 | 000,001,066 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/17 17:27:54 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/17 17:27:54 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/08/17 12:26:17 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/17 12:02:13 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/08/17 11:55:26 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD8660DN.DAT
[2010/08/17 11:26:22 | 000,010,335 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Accounting Software - Inventory Mgmt Needs.docx
[2010/08/16 13:00:29 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2007 (2).lnk
[2010/08/16 12:31:09 | 113,735,312 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\regbackup.reg
[2010/08/16 12:31:08 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Free Window Registry Repair.lnk
[2010/08/16 12:26:58 | 000,002,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Knowledge Center.lnk
[2010/08/16 12:26:58 | 000,002,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Business Checks and Forms.lnk
[2010/08/16 12:18:06 | 000,000,811 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/14 16:23:41 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/14 16:15:41 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\HijackThis.lnk
[2010/08/13 17:25:53 | 000,005,505 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Attach.zip
[2010/08/13 17:25:53 | 000,005,505 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Attach.rar
[2010/08/13 17:14:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\defogger_reenable
[2010/08/13 13:51:26 | 000,027,358 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/13 13:51:13 | 000,013,215 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\My Documents\OUTLOOK.EXE.xlsx
[2010/08/13 11:34:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 13:47:30 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 13:21:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 13:19:43 | 000,565,936 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 13:19:43 | 000,486,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 13:19:43 | 000,088,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 16:43:02 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/11 11:09:53 | 000,001,152 | ---- | M] () -- C:\reregisterie.cmd
[2010/08/11 11:09:16 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\reregisterie.cmd
[2010/08/10 17:56:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/06 17:52:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/08/06 14:03:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/06 13:08:18 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free DWG Viewer.lnk
[2010/08/06 10:45:35 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Shortcut to Scan.lnk
[2010/08/04 14:23:00 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\2010 CSL Rules - Final(1).doc
[2010/08/04 11:29:45 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\My Documents\SSB_Hicken.lnk
[2010/08/04 10:58:03 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\My Documents\Shortcut to 1data on 'ssb_corp' (Z).lnk
[2010/08/04 09:58:32 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/04 09:58:30 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/08/03 17:34:28 | 000,037,289 | ---- | M] () -- C:\WINDOWS\PeachWLog.XML
[2010/08/03 17:33:35 | 000,001,734 | ---- | M] () -- C:\WINDOWS\PPA170.ini
[2010/08/03 17:33:13 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Premium Accounting 2010 Automatic Backup Configuration.lnk
[2010/08/03 17:33:13 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Premium Accounting 2010.lnk
[2010/08/03 17:25:57 | 000,004,633 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/03 17:18:55 | 000,000,548 | ---- | M] () -- C:\WINDOWS\System32\Microsoft.VC90.MFC.manifest
[2010/08/03 17:18:55 | 000,000,524 | ---- | M] () -- C:\WINDOWS\System32\Microsoft.VC90.CRT.manifest
[2010/08/03 17:18:33 | 000,007,358 | ---- | M] () -- C:\WINDOWS\support.ICO
[2010/08/03 17:18:33 | 000,007,358 | ---- | M] () -- C:\WINDOWS\forms.ICO
[2010/08/03 17:18:33 | 000,005,222 | ---- | M] () -- C:\WINDOWS\ADOBE.ICO
[2010/08/03 17:18:33 | 000,000,766 | ---- | M] () -- C:\WINDOWS\ACTGPR2.ICO
[2010/08/03 17:16:02 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Synchronize TO SSB Server.lnk
[2010/08/03 17:12:45 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\SSB Documents (Local).lnk
[2010/08/03 16:48:39 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\SSB Server Documents.lnk
[2010/08/01 01:01:05 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/27 17:34:56 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\2010 CSL Rules - Draft.doc
[2010/07/16 16:42:55 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/30 12:01:12 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/22 13:57:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\WavXMapDrive.bat
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/17 11:27:56 | 010,507,751 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\Matthess_SS_pkg_20100616.rar
[2010/06/15 02:32:24 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/11 06:24:43 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/06/09 11:19:28 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/06/02 19:01:55 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/06/02 19:01:55 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/26 17:17:11 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Mark Hicken\Desktop\World of Warcraft Installer.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/21 08:33:18 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Draft Analyzer 2010.lnk
[2010/08/20 15:38:07 | 010,733,990 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\My Documents\20100820173624.pdf
[2010/08/20 08:18:46 | 000,130,774 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\csl.ddt
[2010/08/19 23:03:53 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Footballdiehards.com DDT.lnk
[2010/08/17 11:55:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/08/16 17:44:44 | 000,010,335 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Accounting Software - Inventory Mgmt Needs.docx
[2010/08/16 16:04:18 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/16 12:31:08 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Free Window Registry Repair.lnk
[2010/08/16 12:30:27 | 113,735,312 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\regbackup.reg
[2010/08/16 12:23:50 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegSERVO.job
[2010/08/14 16:23:41 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/14 16:15:41 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\HijackThis.lnk
[2010/08/13 17:27:26 | 000,005,505 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Attach.zip
[2010/08/13 17:25:53 | 000,005,505 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Attach.rar
[2010/08/13 17:20:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\gmer.exe
[2010/08/13 17:14:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\defogger_reenable
[2010/08/13 13:51:13 | 000,013,215 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\My Documents\OUTLOOK.EXE.xlsx
[2010/08/11 14:57:41 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2010/08/11 11:09:53 | 000,001,152 | ---- | C] () -- C:\reregisterie.cmd
[2010/08/11 11:09:16 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\reregisterie.cmd
[2010/08/10 17:34:38 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/10 16:47:10 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2007 (2).lnk
[2010/08/10 16:46:48 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2010/08/06 17:52:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/08/06 13:08:18 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free DWG Viewer.lnk
[2010/08/06 10:45:35 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Shortcut to Scan.lnk
[2010/08/04 14:23:00 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\2010 CSL Rules - Final(1).doc
[2010/08/04 11:29:20 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\My Documents\SSB_Hicken.lnk
[2010/08/04 10:58:03 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\My Documents\Shortcut to 1data on 'ssb_corp' (Z).lnk
[2010/08/03 17:33:14 | 000,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Knowledge Center.lnk
[2010/08/03 17:33:14 | 000,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Business Checks and Forms.lnk
[2010/08/03 17:33:13 | 000,007,358 | ---- | C] () -- C:\WINDOWS\support.ICO
[2010/08/03 17:33:13 | 000,007,358 | ---- | C] () -- C:\WINDOWS\forms.ICO
[2010/08/03 17:33:13 | 000,005,222 | ---- | C] () -- C:\WINDOWS\ADOBE.ICO
[2010/08/03 17:33:13 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Premium Accounting 2010 Automatic Backup Configuration.lnk
[2010/08/03 17:33:13 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Premium Accounting 2010.lnk
[2010/08/03 17:33:13 | 000,000,766 | ---- | C] () -- C:\WINDOWS\ACTGPR2.ICO
[2010/08/03 17:19:06 | 000,037,289 | ---- | C] () -- C:\WINDOWS\PeachWLog.XML
[2010/08/03 17:19:05 | 000,000,548 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC90.MFC.manifest
[2010/08/03 17:19:05 | 000,000,524 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC90.CRT.manifest
[2010/08/03 17:16:43 | 000,014,355 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\unison.log
[2010/08/03 17:09:34 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\SSB Documents (Local).lnk
[2010/08/03 17:04:55 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Synchronize TO SSB Server.lnk
[2010/08/03 16:48:27 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\SSB Server Documents.lnk
[2010/07/27 17:34:56 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\2010 CSL Rules - Draft.doc
[2010/06/17 11:27:51 | 010,507,751 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\Matthess_SS_pkg_20100616.rar
[2010/06/08 23:05:35 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/06/03 19:17:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/03 19:17:53 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/02 19:01:55 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/06/02 19:01:49 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/26 17:17:11 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Desktop\World of Warcraft Installer.lnk
[2010/05/17 01:17:27 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 11:03:22 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/14 15:44:27 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/12/07 12:04:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\fusioncache.dat
[2009/12/05 23:05:26 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/12/05 19:26:26 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\xobni_installer_updater.log
[2009/12/05 18:33:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.dll
[2009/12/05 18:04:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDIB4.dll
[2009/12/04 17:09:15 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/04 16:43:09 | 000,000,811 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/04 16:27:19 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/04 15:54:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark Hicken\Local Settings\Application Data\WavXMapDrive.bat
[2009/11/30 22:40:07 | 000,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/30 21:42:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/30 21:27:47 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/11/30 21:21:47 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/08/13 02:41:18 | 000,001,734 | ---- | C] () -- C:\WINDOWS\PPA170.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/15 07:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/25 14:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005/01/17 00:10:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/08/09 09:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2003/10/28 12:46:02 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2003/10/24 10:46:12 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2003/04/25 10:10:00 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2009/11/30 21:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2009/11/30 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/11/30 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/08/03 17:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2009/12/10 16:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/12/04 17:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/12/05 20:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iOpus-i-M
[2009/12/05 18:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2010/08/03 17:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/08/16 12:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegSERVO
[2010/02/13 13:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/22 14:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/04/08 17:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/05 18:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/30 21:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Broadcom
[2009/11/30 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/11/30 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2010/02/02 09:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/02/01 21:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Binverse
[2010/06/03 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\BitTorrent
[2009/11/30 21:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Broadcom
[2010/08/23 09:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\DraftAnalyzer
[2010/04/21 14:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Facebook
[2010/04/07 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Opera
[2009/12/05 17:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\PDF Software
[2009/12/05 18:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\PDF Writer
[2010/08/03 17:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Peachtree
[2009/12/05 19:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Trillian
[2010/06/22 14:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Wave Systems Corp
[2010/03/11 10:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\webex
[2009/11/30 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Windows Desktop Search
[2009/12/04 16:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Hicken\Application Data\Windows Search
[2009/11/30 21:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBDataServiceUser18\Application Data\Broadcom
[2009/11/30 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBDataServiceUser18\Application Data\Wave Systems Corp
[2009/11/30 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBDataServiceUser18\Application Data\Windows Desktop Search
[2010/08/10 17:56:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/15 02:32:24 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/08/01 01:01:05 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/08/19 07:48:44 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\RegSERVO.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/06/23 19:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 02:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 02:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 02:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/12/05 22:33:00 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
[2010/08/10 17:11:26 | 000,013,073 | ---- | M] () -- C:\aaw7boot.log
[2008/04/25 14:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/17 17:27:54 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2008/01/18 23:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/04/25 14:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/30 22:49:17 | 000,006,054 | RH-- | M] () -- C:\dell.sdr
[2010/08/22 11:45:27 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/25 14:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2002/01/05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2009/12/16 16:34:13 | 000,000,625 | ---- | M] () -- C:\MIS_ERR.LOG
[2008/04/25 14:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/04 15:24:28 | 000,005,861 | ---- | M] () -- C:\OutlookFolderList.txt
[2010/08/22 11:45:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/03 17:26:28 | 002,858,784 | ---- | M] () -- C:\PSQL_v10_Install.log
[2010/08/11 11:09:53 | 000,001,152 | ---- | M] () -- C:\reregisterie.cmd
[2009/12/07 12:54:59 | 000,000,658 | ---- | M] () -- C:\Shortcut to SavedData.lnk

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/10/22 12:21:14 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 02:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:AGP440.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 02:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:atapi.sys
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/07/20 19:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Dell\DBRM\osmedia\I386\IASTOR.SYS
[2009/04/27 15:15:18 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\drivers\storage\R213316\IaStor.sys
[2009/02/11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/04/27 15:15:18 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 08:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\Program Files\Dell\DBRM\osmedia\I386\NVGTS.SYS

< MD5 for: NVRD32.SYS >
[2008/01/21 08:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\Program Files\Dell\DBRM\osmedia\I386\NVRD32.SYS

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/14 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2009/02/06 04:11:05 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=8B6F8816B9D3C59D3D545F4DDCC33B7C -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >





#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 23 August 2010 - 06:11 PM

Hello, mhicken.

I think you likely have an MBR infection, but let's run two more scans to confirm. You can run these instead of GMER.



Step 1

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 August 2010 - 06:23 PM

No errors that I could see in either scan.

RKUnhooker:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB7E5A000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6279168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF2E8000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF058000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xB7C1D000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1953792 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA3CD7000 C:\WINDOWS\system32\drivers\sthda.sys 1486848 bytes (IDT, Inc., IDT PC Audio)
0xB7A2D000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x9D4A6000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 897024 bytes
0xB9E2A000 iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D54000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9C81A000 C:\WINDOWS\system32\drivers\btaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xB7B1E000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x9D5B4000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB793F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9D730000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9D342000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9C7B1000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB79F5000 C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys 229376 bytes (-, SRS Premium Sound driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 212992 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9D581000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xB7BEB000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 204800 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB799D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7B99000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x9D3E9000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D27000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9B08E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9D624000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7DFA000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9D693000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9D6BB000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9D6E2000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA3CB3000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7E22000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB981C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D671000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9D64F000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134528 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0A000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xA3C6D000 C:\WINDOWS\system32\drivers\IntcHdmi.sys 131072 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9C89B000 C:\WINDOWS\system32\DRIVERS\btwdndis.sys 122880 bytes (Broadcom Corporation., Bluetooth LAN Access Server Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA3C97000 C:\WINDOWS\system32\drivers\AESTAud.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xB9D0D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE1000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB79DE000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9D215000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7BD7000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB7E46000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9D789000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0x9C637000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB9DF8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB79CD000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB7BC6000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x9DEAA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA108000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0x9E560000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB93F6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA248000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB84C7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9406000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA2977000 C:\WINDOWS\system32\DRIVERS\btwhid.sys 53248 bytes (Broadcom Corporation., Bluetooth Virtual HID Minidriver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA268000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9E580000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA0F8000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9C8E9000 C:\WINDOWS\System32\Drivers\btwusb.sys 40960 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB9416000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9E540000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA298000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0x9E5B0000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0x9C57F000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9E5A0000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9C6E9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9E570000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xA2859000 C:\WINDOWS\system32\DRIVERS\btwmodem.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xA2851000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0x9E510000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0x9E500000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9E528000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA5B26000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA348000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xBA480000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E508000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA478000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9E520000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9E518000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9DDF8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9C7AD000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9D71C000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9CE5000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9E99C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9D718000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9E9A4000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9F31C000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA26ED000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA594000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9F314000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA644000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA642000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA646000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA648000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA62A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6C8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6C6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0x9E42B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================


MBRCheck:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200800c

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E2A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E0A000 fltMgr.sys
0xB9DF8000 sr.sys
0xB9DE1000 KSecDD.sys
0xB9D54000 Ntfs.sys
0xB9D27000 NDIS.sys
0xBA0F8000 PBADRV.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D0D000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA248000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB981C000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB7E5A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7E46000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7E22000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7DFA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7C1D000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB7BEB000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB7BD7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB7BC6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA268000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB7B99000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA278000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7B1E000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA498000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA288000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA584000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA590000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA298000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7A2D000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB79F5000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
0xBA6C8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB79DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB79CD000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA338000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB799D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB793F000 \SystemRoot\system32\DRIVERS\update.sys
0xB9CE5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA420000 \SystemRoot\system32\DRIVERS\btport.sys
0xB9416000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9406000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA62A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA3CD7000 \SystemRoot\system32\drivers\sthda.sys
0xA3CB3000 \SystemRoot\system32\drivers\portcls.sys
0xB93F6000 \SystemRoot\system32\drivers\drmk.sys
0xA3C97000 \SystemRoot\system32\drivers\AESTAud.sys
0xA3C6D000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x9F31C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA642000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9E42B000 \SystemRoot\System32\Drivers\Null.SYS
0xBA644000 \SystemRoot\System32\Drivers\Beep.SYS
0x9E528000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9E520000 \SystemRoot\System32\drivers\vga.sys
0xBA646000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA648000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9E518000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9E510000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9F314000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9D789000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9D730000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9D6E2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9D6BB000 \SystemRoot\System32\Drivers\Mpfp.sys
0x9E5B0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9D693000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9D671000 \SystemRoot\System32\drivers\afd.sys
0x9E5A0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9D64F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x9E508000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9D624000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9D5B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D581000 \SystemRoot\system32\drivers\mfehidk.sys
0x9E580000 \SystemRoot\System32\Drivers\Fips.SYS
0x9E570000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E560000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9E9A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9E540000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9DEAA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9E500000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9D4A6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9D71C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9D718000 \SystemRoot\System32\drivers\Dxapi.sys
0x9DDF8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xA26ED000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA348000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9E99C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D3E9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9D342000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D215000 \SystemRoot\system32\drivers\wdmaud.sys
0xB84C7000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C8E9000 \SystemRoot\System32\Drivers\btwusb.sys
0x9C89B000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xA2859000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0xA2851000 \SystemRoot\System32\Drivers\Modem.SYS
0x9C81A000 \SystemRoot\system32\drivers\btaudio.sys
0xA2977000 \SystemRoot\system32\DRIVERS\btwhid.sys
0x9C7B1000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5B26000 \SystemRoot\system32\drivers\mfebopk.sys
0x9C637000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9C57F000 \SystemRoot\system32\drivers\mfesmfk.sys
0x9C7AD000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9B08E000 \SystemRoot\system32\drivers\kmixer.sys
0x9C6E9000 \SystemRoot\System32\Drivers\Normandy.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
840 C:\WINDOWS\system32\smss.exe
908 csrss.exe
932 C:\WINDOWS\system32\winlogon.exe
980 C:\WINDOWS\system32\services.exe
1000 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1404 C:\WINDOWS\system32\svchost.exe
1480 svchost.exe
1536 C:\WINDOWS\system32\svchost.exe
1668 svchost.exe
1684 C:\WINDOWS\system32\svchost.exe
228 C:\WINDOWS\system32\spoolsv.exe
624 svchost.exe
660 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
704 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
784 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
896 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1504 C:\Program Files\Microsoft SQL Server\MSSQL$PG_DB2\Binn\sqlservr.exe
1696 C:\WINDOWS\system32\svchost.exe
432 C:\WINDOWS\system32\svchost.exe
700 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
1296 C:\WINDOWS\system32\svchost.exe
1640 C:\Program Files\Google\Update\GoogleUpdate.exe
2100 C:\WINDOWS\system32\searchindexer.exe
2128 C:\WINDOWS\explorer.exe
2268 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
3192 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3536 C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
3544 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
3584 C:\Program Files\iTunes\iTunesHelper.exe
3720 C:\WINDOWS\system32\ctfmon.exe
3732 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
588 alg.exe
3152 C:\Program Files\iPod\bin\iPodService.exe
2920 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
536 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
632 C:\Program Files\Mozilla Firefox\firefox.exe
3960 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
2892 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
3448 C:\WINDOWS\system32\dllhost.exe
3404 msdtc.exe
1840 C:\WINDOWS\system32\svchost.exe
5860 searchfilterhost.exe
4600 C:\Documents and Settings\Mark Hicken\My Documents\Downloads\RKUnhookerLE.EXE
4604 <unknown>
4744 C:\WINDOWS\system32\searchprotocolhost.exe
4240 C:\Program Files\Internet Explorer\iexplore.exe
5316 C:\Documents and Settings\Mark Hicken\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

PhysicalDrive0 Model Number: ST9250315AS, Rev: 0003DEM1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 25 August 2010 - 05:15 PM

Hello, mhicken.
Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 August 2010 - 05:49 PM

Ok, it ran and found a couple of infected files, but upon reboot while it was creating the log file, one of the audio ads ran again. Log file attached.

Attached Files



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 26 August 2010 - 05:52 PM

Hello, mhicken.
Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    CODE
    :filefind
    ws2_32.*
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 26 August 2010 - 05:57 PM

Here you go:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:54 on 26/08/2010 by Mark Hicken (Administrator - Elevation successful)

========== filefind ==========

Searching for "ws2_32.*"
C:\I386\WS2_32.DL_ --a--- 38853 bytes [16:13 25/04/2008] [12:00 14/04/2008] 7A1DD74A2FCBEAD3402CC14182BD7A01
C:\Program Files\Dell\DBRM\osmedia\I386\WS2_32.DL_ --a--- 38853 bytes [05:43 01/12/2009] [09:00 14/04/2008] 7A1DD74A2FCBEAD3402CC14182BD7A01
C:\Qoobox\Quarantine\C\WINDOWS\system32\ws2_32.dll.vir --a--- 27136 bytes [16:16 25/04/2008] [11:11 06/02/2009] 8B6F8816B9D3C59D3D545F4DDCC33B7C
C:\WINDOWS\system32\ws2_32.dll --a--- 23552 bytes [16:16 25/04/2008] [12:00 14/04/2008] F6126FADAC84C8DBA71D0C6753C014E2

-=End Of File=-

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 26 August 2010 - 06:10 PM

Do you have a windows CD handy?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 26 August 2010 - 06:30 PM

yes.

#12 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 26 August 2010 - 06:33 PM

What do I need to do?

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 27 August 2010 - 05:12 PM

Hello, mhicken.

OK, that file is bad and there are no suitable replacements on your hard drive. So....we need to get that off of your CD and into the Windows directory. We need to do this in the Recovery Console which Combofix installed.

See here on how to enter the Recovery Console:
How to install and use the Windows XP Recovery Console

Restart your computer and logon to the Recovery Console.
Put your Windows CD into the CD drive.

Type each of the following bolded commands exactly as shown, pressing Enter at the end of each line.
The italics tell you what to expect after you press Enter.

ren C:\WINDOWS\system32\ws2_32.dll ws2_32.old
you should just get a fresh prompt

Replace X with the letter of your CD drive.
expand X:\i386\ws2_32.dl_ c:\windows\system32\
you should be notified that 1 file was expanded

Do this line ONLY you got an error in the expand step above so you can reboot. Let me know if you run this line.
ren C:\WINDOWS\system32\ws2_32.old ws2_32.dll

Run this line when you're done:
exit
system will reboot

Did everything work OK? Still having symptoms?



etavares

Edited by etavares, 27 August 2010 - 05:13 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:58 PM

Posted 27 August 2010 - 05:14 PM

PS> i won't be around after the next hour or so until Sunday morning, so if you want to wait to do this, we can. this can result in an unbootable computer if not followed exactly. we can recover it if that happens.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 mhicken

mhicken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 28 August 2010 - 03:03 PM

Ok, I was able to replace this file from the cd and rebooted and within 5 minutes an audio ad played again. Damn, this one is persistent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users