Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD with "ox1000008e(oxc0000005, 0x804f8e80, 0xb9f61a94, 0x000000

Started by Rich Wallace , Dec 08 2011 11:41 AM

  • Please log in to reply

#1
Rich Wallace
Posted 08 December 2011 - 11:41 AM

Rich Wallace

    New Member

  • Member
  • Pip
  • 1 posts
Hi all!

System is running WinXP Home SP3.
Client states the BSOD started in late November (2011) and after booting up, BSOD's in about three minutes. I have been able to reproduce with reported results.

I have run Malwarebytes' only in Safe Mode as the reboot with BSOD will kick in while in regular mode. Scan found some issues, but mostly browser add-ons that have been cleaned up. Still unable to locate root issue.

Here is the OTL log:

OTL logfile created on: 12/8/2011 10:30:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Malware_Cleanup
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 359.57 Mb Available Physical Memory | 70.51% Memory free
1.22 Gb Paging File | 1.14 Gb Available in Paging File | 93.30% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 91.52 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 696.24 Gb Free Space | 74.74% Space Free | Partition Type: NTFS

Computer Name: D56WSZ91 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 10:23:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Malware_Cleanup\OTL.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/28 10:46:27 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\sqlesw32.dll
MOD - [2004/08/04 03:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - File not found [On_Demand | Stopped] -- -- (CA_LIC_CLNT)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/11/28 10:46:27 | 000,162,304 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\sqlcsw32.dll -- (SqlCSS)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/23 09:39:40 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\309\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2005/02/23 15:56:12 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2004/04/07 10:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/08/17 06:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1637448945-1350835239-854875492-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-1637448945-1350835239-854875492-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-1637448945-1350835239-854875492-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/03/21 08:28:56 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



Hosts file not found
O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
O2 - BHO: (Mapit Toolbar) - {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mapit Toolbar) - {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Mapit Toolbar) - {46A21652-3F93-437D-AAC0-CAA1F6713DA0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Mapit Toolbar) - {46A21652-3F93-437D-AAC0-CAA1F6713DA0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] "C:\Program Files\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1637448945-1350835239-854875492-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\309\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\309\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\sqlesw32: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
O20 - Winlogon\Notify\Sqlseses: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 10:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\NirSoft BlueScreenView
[2011/12/08 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/12/08 10:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/06 22:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/12/06 21:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/12/06 21:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 21:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/06 21:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/12/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/12/06 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Corel
[2011/12/06 20:23:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/12/06 20:23:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/12/06 20:23:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/12/06 20:23:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CCWin
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/12/06 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/12/06 19:56:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/06 19:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/11/28 11:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/27 21:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/11/27 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/27 16:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\PriceGong
[2011/11/27 16:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2011/11/27 16:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mapit
[2011/11/27 16:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Coupons.com
[2011/11/19 06:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/16 13:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/16 13:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/16 13:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/16 12:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\5E36C
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 10:10:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 10:06:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/08 10:04:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 10:00:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 09:40:47 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/08 09:40:46 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/08 08:11:36 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\dll.dll
[2011/12/06 21:51:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 19:57:03 | 000,000,304 | RHS- | M] () -- C:\boot.ini
[2011/12/06 19:41:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/06 19:40:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/11/30 07:42:32 | 000,296,595 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/11/28 12:03:47 | 000,100,926 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/28 12:03:47 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/28 10:46:27 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\sqlesw32.dll
[2011/11/28 10:41:10 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/11/28 10:41:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/11/28 08:41:09 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/11/28 08:41:09 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/11/28 08:35:19 | 000,000,245 | -HS- | M] () -- C:\BOOT.BAK
[2011/11/28 07:40:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/11/28 07:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/11/28 06:40:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/11/28 06:40:38 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/11/28 05:40:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/11/28 05:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/11/28 04:44:58 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/11/28 04:44:53 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/11/28 03:41:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/11/28 03:41:24 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/11/28 02:41:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/11/28 02:41:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/11/28 01:41:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/28 01:41:14 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/28 00:49:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/28 00:49:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/27 23:41:27 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/11/27 23:41:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/11/27 22:41:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/11/27 22:41:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/11/27 21:40:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/11/27 21:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/11/27 20:40:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/11/27 20:40:36 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/11/27 18:40:56 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/11/27 18:40:49 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/11/27 17:42:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/11/27 17:42:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/11/27 16:41:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/11/27 16:41:07 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/11/27 15:52:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 15:40:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/11/27 15:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/11/27 14:40:47 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/11/27 14:40:46 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/11/27 13:40:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/11/27 13:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/11/27 13:36:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SDH24u.com.b
[2011/11/27 13:36:17 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\SDH24u.com_
[2011/11/27 13:36:17 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\SDH24u.com
[2011/11/27 13:36:17 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jw26oNSeH.dat
[2011/11/27 13:32:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/11/23 02:29:57 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/11/19 06:03:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/14 11:21:38 | 000,007,520 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/11/14 11:21:38 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\B4FBF8641D.sys
[2011/11/12 06:03:18 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/12 03:12:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/12 03:11:41 | 000,442,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/12 03:11:41 | 000,072,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/12 03:07:36 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/24 14:15:04 | 000,000,821 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2100/02/16 16:09:06 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.INI
[2011/12/06 22:11:45 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\dll.dll
[2011/12/06 21:51:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 20:24:03 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2011/12/06 20:24:03 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/12/06 20:24:02 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/12/06 20:24:02 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/12/06 20:24:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/12/06 20:24:02 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/06 20:24:02 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/06 20:23:58 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/12/06 20:23:58 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/12/06 20:23:58 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/12/06 19:56:55 | 000,000,245 | -HS- | C] () -- C:\BOOT.BAK
[2011/12/06 19:56:53 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2011/11/28 12:03:47 | 000,100,926 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/28 12:03:47 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/28 10:46:27 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\sqlesw32.dll
[2011/11/28 07:40:36 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\SDH24u.com
[2011/11/27 13:36:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SDH24u.com.b
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/11/27 13:32:03 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jw26oNSeH.dat
[2011/11/27 13:32:02 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\SDH24u.com_
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/11/27 13:32:02 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/11/27 13:32:02 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/11/19 06:03:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 13:50:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 19:29:02 | 000,296,595 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/09/28 03:02:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/27 15:23:10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/09/27 15:23:09 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/09/27 15:22:24 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2009/11/14 18:56:54 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/10/31 13:23:59 | 000,157,529 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009/10/31 13:23:59 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009/03/14 13:25:15 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2008/12/06 09:03:23 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/12/06 09:03:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/12/06 09:03:23 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/12/06 09:03:23 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/12/06 09:03:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/12/06 09:03:23 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/12/06 09:03:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/06 09:03:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/06 09:03:22 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/12/06 09:03:22 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/12/06 09:03:22 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/12/06 09:03:22 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/12/06 09:03:22 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/12/06 09:03:22 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/12/06 09:03:22 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/12/06 09:03:22 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/12/06 09:00:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4400.ini
[2008/08/17 14:10:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/12/12 17:09:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/12/08 12:49:07 | 000,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2007/12/08 12:47:38 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2007/03/05 06:45:02 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/17 10:58:43 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B4FBF8641D.sys
[2006/05/30 09:10:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\CRIBBAGE.INI
[2006/05/26 12:24:27 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/25 10:23:30 | 000,002,262 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/05/24 21:15:47 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1D64F8FBB4.sys
[2006/05/24 21:15:46 | 000,007,520 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/23 14:44:14 | 000,004,214 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2006/05/15 22:30:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/15 22:26:14 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/15 22:21:48 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/15 22:19:54 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/15 22:15:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/15 21:54:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/15 21:54:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/15 21:54:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 11:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 10:57:15 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 10:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:51:20 | 000,442,888 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 10:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:51:20 | 000,072,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 10:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 10:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 10:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 10:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 10:50:53 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2004/03/17 06:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 06:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2002/04/10 13:11:04 | 000,000,173 | ---- | C] () -- C:\WINDOWS\X83_DS.ini
[2002/03/04 22:33:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/03 12:40:11 | 000,172,095 | ---- | C] () -- C:\WINDOWS\WaitPrintReg.exe
[2001/05/28 12:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[2001/03/05 14:07:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/01/05 13:34:30 | 000,016,812 | ---- | C] () -- C:\WINDOWS\System32\lxas2kpm.dll
[2001/01/05 12:08:02 | 000,008,427 | ---- | C] () -- C:\WINDOWS\System32\lxas2kui.dll
[2000/10/24 09:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/10/24 14:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2006/05/25 10:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2006/05/25 10:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/12/06 14:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/12/06 09:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\james beyerlein\Application Data\Leadertech
[2008/08/20 16:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\james beyerlein\Application Data\Netscape
[2011/12/06 22:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\james beyerlein\Application Data\PriceGong
[2011/08/11 06:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/11/28 10:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PriceGong
[2011/11/28 00:49:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/28 04:44:58 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/11/28 05:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/11/28 05:40:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/11/28 06:40:38 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/11/28 06:40:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/11/28 07:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/11/28 07:40:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/11/28 08:41:09 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/11/28 08:41:09 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/08 09:40:46 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/11/28 00:49:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/08 09:40:47 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/11/28 10:41:10 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/11/28 10:41:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/11/27 13:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/11/27 13:40:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/11/27 14:40:46 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/11/28 01:41:14 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/11/27 14:40:47 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/11/27 15:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/11/27 15:40:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/11/27 16:41:07 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/11/27 16:41:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/11/27 17:42:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/11/27 17:42:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/11/27 18:40:49 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/11/27 18:40:56 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/06 19:40:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/11/28 01:41:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/06 19:41:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/11/27 20:40:36 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/11/27 20:40:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/11/27 21:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/11/27 21:40:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/11/27 22:41:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/11/27 22:41:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/11/27 23:41:27 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/11/27 23:41:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/11/28 02:41:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/11/28 02:41:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/11/28 03:41:24 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/11/28 03:41:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/11/28 04:44:53 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >

Thank you in advance!
-Rich

P.S. Blue Scree View and HiJackThis logs available upon request.

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 09 December 2011 - 12:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think it is Zero Access with a few friends.

See all of these tasks:
[2011/11/28 00:49:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/28 04:44:58 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/11/28 05:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/11/28 05:40:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/11/28 06:40:38 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/11/28 06:40:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/11/28 07:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/11/28 07:40:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/11/28 08:41:09 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/11/28 08:41:09 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/08 09:40:46 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/11/28 00:49:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/08 09:40:47 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/11/28 10:41:10 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/11/28 10:41:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/11/27 13:32:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/11/27 13:32:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/11/27 13:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/11/27 13:40:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/11/27 14:40:46 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/11/28 01:41:14 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/11/27 14:40:47 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/11/27 15:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/11/27 15:40:38 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/11/27 16:41:07 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/11/27 16:41:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/11/27 17:42:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/11/27 17:42:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/11/27 18:40:49 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/11/27 18:40:56 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/06 19:40:54 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/11/28 01:41:40 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/06 19:41:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/11/27 20:40:36 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/11/27 20:40:42 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/11/27 21:40:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/11/27 21:40:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/11/27 22:41:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/11/27 22:41:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/11/27 23:41:27 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/11/27 23:41:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/11/28 02:41:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/11/28 02:41:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/11/28 03:41:24 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/11/28 03:41:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/11/28 04:44:53 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

These are all set up to run some malware program. Usually it's the same file so open one up in Control Panel, Scheduled Tasks, and see what it is doing. Then delete all of the tasks but leave whatever file it is trying to run just in case it is being called for elsewhere but tell me what it is.

These two registry entries and the file that they refer to:
O20 - Winlogon\Notify\sqlesw32: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()
O20 - Winlogon\Notify\Sqlseses: DllName - (sqlesw32.dll) - C:\WINDOWS\System32\sqlesw32.dll ()

will need to go but we will get them later

These two services are also bad:

SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/11/28 10:46:27 | 000,162,304 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\WINDOWS\system32\sqlcsw32.dll -- (SqlCSS)

The top one is probably really there but hiding. You can see the bottom one is running the same file that the registry entries. But let's make sure ZA is out of the picture before we try anything else.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP