Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware? xkawkxs.sys help!

Started by katemnl , Sep 07 2010 12:45 PM

  • Please log in to reply

#1
katemnl
Posted 07 September 2010 - 12:45 PM

katemnl

    New Member

  • Member
  • Pip
  • 5 posts
My computer has been seemingly randomly hitting the BSoD. I really appreciate any help with this. I can't find anything on the problem and am quite concerned about potential harm to my computer and privacy. I don't know where it came from as I don't remember actively downloading anything at the time. (I don't use P2P file sharing applications on this computer.)

Avast! initially found problem files including C:\WINDOWS\system32\drivers\xkawkxs.sys. I tried quarantining from Avast! without success. I then used Malwarebytes and tried to delete. It says it needs a reboot and the file remains when I run the scan again. Trying to delete the file myself results with "Cannot read from source file or disk." GMER causes the BSoD whenever it hits the xkawkxs.sys during the scan, so, I couldn't produce a log.

Malwarebytes log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4460

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/7/2010 10:37:32 AM
mbam-log-2010-09-07 (10-37-32).txt

Scan type: Quick scan
Objects scanned: 137417
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\xkawkxs.sys (Rootkit.Bubnix) -> Delete on reboot.



OTL.txt:

OTL logfile created on: 9/7/2010 11:24:03 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Kate Melhuish\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 651.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 125.39 Gb Free Space | 87.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATE
Current User Name: Kate Melhuish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 11:22:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate Melhuish\My Documents\Downloads\OTL.exe
PRC - [2010/09/07 10:20:59 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Kate Melhuish\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/07/09 14:53:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/08 20:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/10/03 12:18:36 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/09/03 20:46:04 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/06/04 19:10:02 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2008/05/13 20:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/02/28 15:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/06/11 17:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 07:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/30 06:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/07 11:22:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate Melhuish\My Documents\Downloads\OTL.exe
MOD - [2010/07/09 14:55:25 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/07/09 14:54:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2010/07/09 14:53:59 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2008/04/14 13:00:00 | 000,203,776 | ---- | M] () -- C:\WINDOWS\ubeyuhaxovab.dll
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/03 21:15:48 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/05/25 07:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/08 20:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/01/06 19:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/30 21:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/20 20:47:46 | 001,318,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/07/08 15:41:34 | 001,191,552 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV - [2008/07/08 15:35:46 | 000,027,904 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV - [2008/04/25 09:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 21:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 21:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 12:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2005/01/13 12:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/07 23:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d=0110&m=aoa150
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...d=0110&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CA2D8622-8C1A-45FE-8D54-604EC88D9F49}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/09 14:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49}: C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49} [2010/08/17 10:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\Extensions\\{BDDE8164-027B-41F2-8F77-D20309317BC7}: C:\Documents and Settings\Simone Bolka\Local Settings\Application Data\{BDDE8164-027B-41F2-8F77-D20309317BC7}\ [2010/09/03 21:13:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/05 16:51:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 16:20:41 | 000,000,000 | ---D | M]

[2010/02/16 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\Mozilla\Extensions
[2010/01/04 16:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\Mozilla\Firefox\extensions
[2010/01/04 16:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kate Melhuish\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/02/16 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\Mozilla\Firefox\Profiles\5h8cos2r.default\extensions
[2010/02/16 14:45:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Hpijotetacoy] C:\WINDOWS\ubeyuhaxovab.DLL ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Kate Melhuish\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kate Melhuish\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 11:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\Shell - "" = AutoRun
O33 - MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\Shell - "" = AutoRun
O33 - MountPoints2\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/07 10:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/07 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/07 09:54:49 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 09:54:48 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 09:54:45 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 09:54:39 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 09:54:33 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 09:54:33 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 09:54:31 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/07 09:53:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 09:53:34 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/31 20:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/08/31 20:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Application Data\iWin
[2010/08/31 20:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/31 20:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2010/08/21 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Application Data\Malwarebytes
[2010/08/21 17:56:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/21 17:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/21 17:56:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/21 17:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/21 16:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com
[2010/08/21 16:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/21 16:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/21 16:39:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kate Melhuish\Recent
[2010/08/21 16:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/21 10:46:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/17 10:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49}
[2010/07/26 08:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\My Documents\New Folder
[2010/07/09 14:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/09 14:53:59 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/09 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/07/09 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/09 14:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/07/09 14:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Application Data\Real
[2010/06/26 20:28:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kate Melhuish\My Documents\My Videos
[2010/06/26 20:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Application Data\DivX
[2010/06/26 20:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\My Documents\DivX Movies
[2010/06/26 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/06/26 20:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/11 18:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\My Documents\CalcIV
[2010/06/11 07:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\Cooliris
[2010/01/03 18:24:00 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2010/01/03 18:24:00 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2010/01/03 18:24:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2010/01/03 18:24:00 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2010/01/03 18:23:59 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2010/01/03 18:23:59 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2010/01/03 18:23:59 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2010/01/03 18:23:59 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2010/01/03 18:23:58 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2010/01/03 18:23:57 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2010/01/03 18:23:56 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2010/01/03 18:23:56 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/04/02 12:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 07:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

========== Files - Modified Within 90 Days ==========

[2010/09/07 11:27:13 | 000,585,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\xkawkxs.sys
[2010/09/07 11:25:57 | 000,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 11:25:57 | 000,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 11:25:57 | 000,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 11:21:38 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/07 11:21:33 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/07 11:21:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 11:21:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 11:21:18 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 11:07:13 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 10:39:50 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-770284473-4287908707-3168606348-1006.job
[2010/09/07 10:24:59 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\NTREGOPT.lnk
[2010/09/07 10:24:59 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\ERUNT.lnk
[2010/09/07 10:17:56 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Kate Melhuish\NTUSER.DAT
[2010/09/07 10:17:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kate Melhuish\ntuser.ini
[2010/09/07 09:54:50 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/07 09:54:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 09:45:11 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-770284473-4287908707-3168606348-1006UA.job
[2010/09/07 09:40:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yluhexemexizodul.bin
[2010/09/07 09:40:03 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Axutuqazefij.dat
[2010/09/07 09:38:53 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\IconCache.db
[2010/09/02 21:45:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-770284473-4287908707-3168606348-1006Core.job
[2010/08/24 18:12:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/23 14:40:44 | 000,002,348 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\google chrome.lnk
[2010/08/23 14:40:44 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/22 09:39:11 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/21 18:33:05 | 000,000,461 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/21 18:33:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/21 18:33:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/21 17:56:34 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/21 16:58:16 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/21 16:57:17 | 002,398,955 | ---- | M] () -- C:\MGtools.exe
[2010/08/21 16:56:32 | 003,820,392 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\ComboFix.exe
[2010/08/21 16:45:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 16:38:10 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\CCleaner.lnk
[2010/08/04 19:57:35 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\QUIZAVERAGE.csv
[2010/07/14 18:34:47 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\webct_upload_applet.properties
[2010/07/14 18:30:11 | 000,016,270 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\CalculusProjectSuggestions.docx
[2010/07/14 13:30:49 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\.recently-used.xbel
[2010/07/14 10:58:04 | 000,014,178 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\CalculusIV.docx
[2010/07/11 09:25:28 | 000,156,998 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\AutoSave_Untitled_1.skp
[2010/07/09 14:55:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/07/09 14:53:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/07/02 20:46:22 | 000,002,842 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Help.lnk
[2010/07/02 20:46:22 | 000,002,824 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\Google Chrome Help.lnk
[2010/06/28 20:51:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\~$sing the Fear.docx
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 13:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 13:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/27 11:14:40 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\~$Book1.xlsx
[2010/06/26 20:28:13 | 000,001,497 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\Desktop\DivX Movies.lnk
[2010/06/23 15:51:30 | 000,009,995 | ---- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\Book1.xlsx
[2010/06/20 10:59:47 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kate Melhuish\My Documents\~$LCIVSyllabus.docx

========== Files Created - No Company Name ==========

[2010/09/07 10:24:59 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Desktop\NTREGOPT.lnk
[2010/09/07 10:24:59 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Desktop\ERUNT.lnk
[2010/09/07 09:54:50 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/07 09:39:37 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 09:39:02 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/21 18:09:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Axutuqazefij.dat
[2010/08/21 18:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yluhexemexizodul.bin
[2010/08/21 17:56:34 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/21 16:58:16 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/21 16:56:54 | 002,398,955 | ---- | C] () -- C:\MGtools.exe
[2010/08/21 16:56:03 | 003,820,392 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Desktop\ComboFix.exe
[2010/08/21 16:49:11 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2010/08/21 16:49:11 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/08/21 16:49:11 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2010/08/21 16:38:10 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Desktop\CCleaner.lnk
[2010/08/17 08:45:06 | 000,585,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\xkawkxs.sys
[2010/08/17 08:44:26 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cgvhed.dat
[2010/08/04 19:57:33 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\QUIZAVERAGE.csv
[2010/07/14 18:29:57 | 000,016,270 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\CalculusProjectSuggestions.docx
[2010/07/14 13:30:49 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\.recently-used.xbel
[2010/07/14 10:58:03 | 000,014,178 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\CalculusIV.docx
[2010/07/09 18:09:36 | 000,156,998 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\AutoSave_Untitled_1.skp
[2010/07/09 14:55:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/07/09 14:55:27 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-770284473-4287908707-3168606348-1006.job
[2010/07/03 15:35:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 20:46:22 | 000,002,842 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Help.lnk
[2010/07/02 20:46:22 | 000,002,824 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Desktop\Google Chrome Help.lnk
[2010/06/28 20:51:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\~$sing the Fear.docx
[2010/06/27 11:14:40 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\~$Book1.xlsx
[2010/06/26 20:28:13 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Desktop\DivX Movies.lnk
[2010/06/23 20:45:56 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\webct_upload_applet.properties
[2010/06/23 15:51:28 | 000,009,995 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\Book1.xlsx
[2010/06/20 10:59:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kate Melhuish\My Documents\~$LCIVSyllabus.docx
[2010/05/20 18:05:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/04 12:41:37 | 000,008,872 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Application Data\wklnhst.dat
[2010/01/03 19:13:14 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 18:25:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2010/01/03 18:25:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2010/01/03 18:24:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2010/01/03 18:24:55 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2010/01/03 18:24:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2010/01/03 18:24:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2010/01/03 18:24:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2010/01/03 18:23:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2010/01/03 17:59:49 | 000,001,233 | ---- | C] () -- C:\WINDOWS\SASETS.INI
[2009/01/20 16:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 19:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 16:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/14 13:00:00 | 000,203,776 | ---- | C] () -- C:\WINDOWS\ubeyuhaxovab.dll
[2008/04/14 13:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 14:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 15:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 15:45:26 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 03:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 03:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 03:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 03:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 03:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 03:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2010/09/07 09:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/03 17:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/08/31 20:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/01/18 08:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/17 08:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\BitTorrent
[2010/01/04 16:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\Foxit
[2010/05/16 06:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\gtk-2.0
[2010/03/15 08:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\ImgBurn
[2010/08/31 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\iWin
[2010/02/16 12:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\Lexmark Productivity Studio
[2010/02/09 19:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\OpenOffice.org
[2010/02/20 17:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\SecondLife
[2010/01/04 12:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\Template
[2010/03/02 20:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Melhuish\Application Data\xm1

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/01/20 11:11:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/21 18:33:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/01/20 11:11:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/07 11:21:18 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/03 19:24:49 | 000,127,347 | ---- | M] () -- C:\HW2KMelhuishcorrected.pdf
[2010/01/25 13:37:29 | 000,122,129 | ---- | M] () -- C:\HW3KMelhuish.pdf
[2010/02/03 16:37:39 | 000,127,347 | ---- | M] () -- C:\HW3KMelhuishcorrected.pdf
[2010/01/29 17:42:56 | 000,130,550 | ---- | M] () -- C:\HW4KMelhuish.pdf
[2010/02/03 19:22:52 | 000,171,107 | ---- | M] () -- C:\HW5KMelhuish.pdf
[2010/02/04 19:40:58 | 000,124,295 | ---- | M] () -- C:\HW6KMelhuish.pdf
[2010/02/08 17:57:00 | 000,132,948 | ---- | M] () -- C:\HW7KMelhuish.pdf
[2009/01/20 11:11:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/25 13:36:37 | 000,002,636 | ---- | M] () -- C:\KMelhuishHW3.txt
[2010/08/21 16:57:17 | 002,398,955 | ---- | M] () -- C:\MGtools.exe
[2009/01/20 11:11:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/07 11:21:16 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2009/01/20 15:14:20 | 000,000,079 | RHS- | M] () -- C:\Preload.aaa
[2009/01/20 11:39:06 | 000,001,623 | ---- | M] () -- C:\RHDSetup.log
[1999/11/11 00:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/20 03:03:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 03:03:20 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 03:03:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-15 16:12:42
< End of report >



Extras.txt
OTL Extras logfile created on: 9/7/2010 11:24:03 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Kate Melhuish\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 651.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 125.39 Gb Free Space | 87.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATE
Current User Name: Kate Melhuish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 7 for Students -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 7 for Students Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DCF9A8CC-6EB4-156B-7E67-BABDACF9218D}" = Family Feud
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Foxit Toolbar
"BitTorrent" = BitTorrent
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Family Feud" = Family Feud (remove only)
"Foxit Reader" = Foxit Reader
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn" = ImgBurn
"Lexmark 2500 Series" = Lexmark 2500 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"M-WIN-G 7.0.0 1148361_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"WinGimp-2.0_is1" = GIMP 2.6.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 10:13:06 PM | Computer Name = KATE | Source = Application Error | ID = 1000
Description = Faulting application texcntr.exe, version 1.0.0.0, faulting module
cryseditex.dll, version 0.7.0.0, fault address 0x0000e336.

Error - 4/29/2010 10:13:13 PM | Computer Name = KATE | Source = Application Error | ID = 1000
Description = Faulting application texcntr.exe, version 1.0.0.0, faulting module
cryseditex.dll, version 0.7.0.0, fault address 0x0000e336.

Error - 4/29/2010 10:13:43 PM | Computer Name = KATE | Source = Application Error | ID = 1000
Description = Faulting application texcntr.exe, version 1.0.0.0, faulting module
cryseditex.dll, version 0.7.0.0, fault address 0x0000e336.

[ OSession Events ]
Error - 2/12/2010 9:30:30 AM | Computer Name = KATE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 340
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/17/2010 12:21:28 PM | Computer Name = KATE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3501
seconds with 360 seconds of active time. This session ended with a crash.

Error - 5/17/2010 12:21:58 PM | Computer Name = KATE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/17/2010 12:22:47 PM | Computer Name = KATE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2010 5:24:14 PM | Computer Name = KATE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 277282
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/7/2010 1:18:55 PM | Computer Name = KATE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 9/7/2010 1:21:00 PM | Computer Name = KATE | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3
00000000, parameter4 00000000.

Error - 9/7/2010 1:40:47 PM | Computer Name = KATE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 9/7/2010 1:41:15 PM | Computer Name = KATE | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 85e19890, parameter3
85e19a04, parameter4 8060567e.

Error - 9/7/2010 1:45:28 PM | Computer Name = KATE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 9/7/2010 1:46:17 PM | Computer Name = KATE | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 86197d18, parameter3
86197e8c, parameter4 8060567e.

Error - 9/7/2010 2:19:01 PM | Computer Name = KATE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 9/7/2010 2:19:23 PM | Computer Name = KATE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f75c0000, parameter2 00000000, parameter3
a8aebafc, parameter4 00000000.

Error - 9/7/2010 2:21:30 PM | Computer Name = KATE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 9/7/2010 2:21:48 PM | Computer Name = KATE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f75c0000, parameter2 00000000, parameter3
a8ac6afc, parameter4 00000000.


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 07 September 2010 - 03:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..extensions.enabledItems: {CA2D8622-8C1A-45FE-8D54-604EC88D9F49}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49}: C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49} [2010/08/17 10:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BDDE8164-027B-41F2-8F77-D20309317BC7}: C:\Documents and Settings\Simone Bolka\Local Settings\Application Data\{BDDE8164-027B-41F2-8F77-D20309317BC7}\ [2010/09/03 21:13:41 | 000,000,000 | ---D | M]
O33 - MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\Shell - "" = AutoRun
O33 - MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\Shell - "" = AutoRun
O33 - MountPoints2\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\Shell\AutoRun - "" = Auto&Play
[2010/08/17 10:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49}
[2010/09/07 11:27:13 | 000,585,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\xkawkxs.sys
[2010/09/07 09:40:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yluhexemexizodul.bin
[2010/09/07 09:40:03 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Axutuqazefij.dat

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
katemnl
Posted 07 September 2010 - 04:33 PM

katemnl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
========== GooredScan ==========

(none)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49} -> Success!
Deleting C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49} -> Success!
Removing Orphan:
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{BDDE8164-027B-41F2-8F77-D20309317BC7} -> Success!
Deleting C:\Documents and Settings\Simone Bolka\Local Settings\Application Data\{BDDE8164-027B-41F2-8F77-D20309317BC7} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:45 16/02/2010]

C:\Documents and Settings\Kate Melhuish\Application Data\Mozilla\Firefox\Profiles\5h8cos2r.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [21:55 09/07/2010]

-=E.O.F=-









All processes killed
========== OTL ==========
Prefs.js: {CA2D8622-8C1A-45FE-8D54-604EC88D9F49}:1.9.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49}\ not found.
File C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49} not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BDDE8164-027B-41F2-8F77-D20309317BC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDDE8164-027B-41F2-8F77-D20309317BC7}\ not found.
File C:\Documents and Settings\Simone Bolka\Local Settings\Application Data\{BDDE8164-027B-41F2-8F77-D20309317BC7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b9721e-38f7-11df-9187-00242baf33c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b9721e-38f7-11df-9187-00242baf33c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b9721e-38f7-11df-9187-00242baf33c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b9721e-38f7-11df-9187-00242baf33c4}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf11f3f-4e1e-11df-918f-00242baf33c4}\ not found.
Folder C:\Documents and Settings\Kate Melhuish\Local Settings\Application Data\{CA2D8622-8C1A-45FE-8D54-604EC88D9F49}\ not found.
File move failed. C:\WINDOWS\system32\drivers\xkawkxs.sys scheduled to be moved on reboot.
C:\WINDOWS\Yluhexemexizodul.bin moved successfully.
C:\WINDOWS\Axutuqazefij.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kate Melhuish\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Kate Melhuish\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kate Melhuish
->Temp folder emptied: 1734841 bytes
->Temporary Internet Files folder emptied: 43657 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 43205036 bytes
->Flash cache emptied: 10030 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Simone Bolka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Kate Melhuish
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Simone Bolka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.11.0 log created on 09072010_142526

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\xkawkxs.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...





ComboFix 10-09-07.01 - Kate Melhuish 09/07/2010 15:08:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.551 [GMT -7:00]
Running from: c:\documents and settings\Kate Melhuish\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kate Melhuish\Local Settings\Application Data\{26BE047A-5311-4142-9EC4-7CED750C967B}
c:\documents and settings\Kate Melhuish\Local Settings\Application Data\{26BE047A-5311-4142-9EC4-7CED750C967B}\chrome.manifest
c:\documents and settings\Kate Melhuish\Local Settings\Application Data\{26BE047A-5311-4142-9EC4-7CED750C967B}\chrome\content\_cfg.js
c:\documents and settings\Kate Melhuish\Local Settings\Application Data\{26BE047A-5311-4142-9EC4-7CED750C967B}\chrome\content\overlay.xul
c:\documents and settings\Kate Melhuish\Local Settings\Application Data\{26BE047A-5311-4142-9EC4-7CED750C967B}\install.rdf
c:\windows\ubeyuhaxovab.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-07 21:57 . 2010-09-07 21:57 120 ----a-w- c:\windows\Axutuqazefij.dat
2010-09-07 21:57 . 2010-09-07 21:57 0 ----a-w- c:\windows\Yluhexemexizodul.bin
2010-09-07 21:25 . 2010-09-07 21:25 -------- d-----w- C:\_OTL
2010-09-07 17:24 . 2010-09-07 17:25 -------- d-----w- c:\program files\ERUNT
2010-09-07 16:54 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 16:54 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 16:54 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 16:54 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 16:54 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 16:54 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 16:54 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-07 16:53 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 16:53 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-01 03:49 . 2010-09-01 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-01 03:49 . 2010-09-01 03:49 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\iWin
2010-09-01 03:49 . 2010-09-01 03:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_FamilyFeud\IAF.dll
2010-09-01 03:49 . 2010-09-01 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-09-01 03:48 . 2010-09-01 03:48 -------- d-----w- c:\program files\Yahoo! Games
2010-08-22 00:56 . 2010-08-22 00:56 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\Malwarebytes
2010-08-22 00:56 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 00:56 . 2010-08-22 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 00:56 . 2010-08-22 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 00:56 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 23:59 . 2010-08-21 23:59 63488 ----a-w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 23:59 . 2010-08-21 23:59 52224 ----a-w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 23:59 . 2010-08-21 23:59 117760 ----a-w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 23:58 . 2010-08-21 23:58 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com
2010-08-21 23:58 . 2010-08-21 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-21 23:58 . 2010-08-21 23:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-21 23:56 . 2010-08-21 23:57 2398955 ----a-w- C:\MGtools.exe
2010-08-21 23:38 . 2010-08-21 23:38 -------- d-----w- c:\program files\CCleaner
2010-08-17 15:45 . 2010-09-07 22:16 585504 ----a-w- c:\windows\system32\drivers\xkawkxs.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 16:53 . 2010-02-16 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-25 01:12 . 2010-07-03 22:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 16:38 . 2010-06-27 03:28 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-22 16:07 . 2010-06-27 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-22 16:05 . 2010-06-27 03:23 -------- d-----w- c:\program files\DivX
2010-08-21 23:21 . 2010-01-16 19:53 -------- d-----w- c:\program files\Java
2010-08-17 15:44 . 2010-08-17 15:44 28 ----a-w- c:\documents and settings\LocalService\Application Data\cgvhed.dat
2010-08-07 20:40 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-09 21:55 . 2010-07-09 21:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-09 21:55 . 2010-07-09 21:55 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-09 21:55 . 2010-07-09 21:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-09 21:55 . 2010-07-09 21:55 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-09 21:55 . 2010-07-09 21:55 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-09 21:54 . 2010-01-03 23:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-09 21:53 . 2010-01-03 23:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-04 04:15 . 2010-09-04 04:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-02 39408]
"Google Update"="c:\documents and settings\Kate Melhuish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-09 202256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-09-04 425984]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\Simone Bolka\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\Kate Melhuish\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2010 9:54 AM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 2:46 PM 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 12:22 PM 30192]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [7/8/2008 3:35 PM 27904]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [7/8/2008 3:41 PM 1191552]

--- Other Services/Drivers In Memory ---

*Deregistered* - xkawkxs
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 21:45]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:46]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:46]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770284473-4287908707-3168606348-1006Core.job
- c:\documents and settings\Kate Melhuish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 23:25]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770284473-4287908707-3168606348-1006UA.job
- c:\documents and settings\Kate Melhuish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 23:25]

2010-09-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-770284473-4287908707-3168606348-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-770284473-4287908707-3168606348-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0110&m=aoa150
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-Hpijotetacoy - c:\windows\ubeyuhaxovab.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xkawkxs]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\docume~1\KATEME~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2010-09-07 15:21:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 22:21

Pre-Run: 134,562,488,320 bytes free
Post-Run: 134,448,967,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 376ED6F62E2E9F4A256670FD36D4A420
  • 0

#4
Rorschach112
Posted 08 September 2010 - 06:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/topic/285999-malware-xkawkxssys-help/

Collect::
c:\windows\Axutuqazefij.dat
c:\windows\Yluhexemexizodul.bin
c:\windows\system32\drivers\xkawkxs.sys

Driver::
xkawkxs
Suspect::

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#5
katemnl
Posted 08 September 2010 - 10:14 AM

katemnl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 10-09-07.03 - Kate Melhuish 09/08/2010 8:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.546 [GMT -7:00]
Running from: c:\documents and settings\Kate Melhuish\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kate Melhuish\Desktop\CFScript.txt

file zipped: c:\windows\Axutuqazefij.dat
file zipped: c:\windows\system32\drivers\xkawkxs.sys
file zipped: c:\windows\Yluhexemexizodul.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Axutuqazefij.dat
c:\windows\system32\drivers\xkawkxs.sys
c:\windows\Yluhexemexizodul.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XKAWKXS
-------\Service_xkawkxs


((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-07 21:25 . 2010-09-07 21:25 -------- d-----w- C:\_OTL
2010-09-07 17:24 . 2010-09-07 17:25 -------- d-----w- c:\program files\ERUNT
2010-09-07 16:54 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 16:54 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 16:54 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 16:54 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 16:54 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 16:54 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 16:54 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-07 16:53 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 16:53 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-01 03:49 . 2010-09-01 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-01 03:49 . 2010-09-01 03:49 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\iWin
2010-09-01 03:49 . 2010-09-01 03:49 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_FamilyFeud\IAF.dll
2010-09-01 03:49 . 2010-09-01 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-09-01 03:48 . 2010-09-01 03:48 -------- d-----w- c:\program files\Yahoo! Games
2010-08-22 00:56 . 2010-08-22 00:56 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\Malwarebytes
2010-08-22 00:56 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 00:56 . 2010-08-22 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-22 00:56 . 2010-08-22 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 00:56 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 23:59 . 2010-08-21 23:59 63488 ----a-w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 23:59 . 2010-08-21 23:59 52224 ----a-w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 23:59 . 2010-08-21 23:59 117760 ----a-w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 23:58 . 2010-08-21 23:58 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\SUPERAntiSpyware.com
2010-08-21 23:58 . 2010-08-21 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-21 23:58 . 2010-08-21 23:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-21 23:56 . 2010-08-21 23:57 2398955 ----a-w- C:\MGtools.exe
2010-08-21 23:38 . 2010-08-21 23:38 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 22:23 . 2010-02-21 16:42 -------- d-----w- c:\documents and settings\Kate Melhuish\Application Data\BitTorrent
2010-09-07 16:53 . 2010-02-16 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-25 01:12 . 2010-07-03 22:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 16:38 . 2010-06-27 03:28 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-22 16:07 . 2010-06-27 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-22 16:05 . 2010-06-27 03:23 -------- d-----w- c:\program files\DivX
2010-08-21 23:21 . 2010-01-16 19:53 -------- d-----w- c:\program files\Java
2010-08-17 15:44 . 2010-08-17 15:44 28 ----a-w- c:\documents and settings\LocalService\Application Data\cgvhed.dat
2010-08-07 20:40 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-09 21:55 . 2010-07-09 21:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-09 21:55 . 2010-07-09 21:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-09 21:55 . 2010-07-09 21:55 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-09 21:55 . 2010-07-09 21:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-09 21:55 . 2010-07-09 21:55 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-09 21:55 . 2010-07-09 21:55 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-09 21:54 . 2010-01-03 23:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-09 21:53 . 2010-01-03 23:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-04 04:15 . 2010-09-04 04:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-07_22.16.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-20 20:20 . 2010-09-07 22:00 63418 c:\windows\system32\perfc009.dat
+ 2009-01-20 20:20 . 2010-09-07 22:31 63418 c:\windows\system32\perfc009.dat
+ 2009-01-20 20:20 . 2010-09-07 22:31 402974 c:\windows\system32\perfh009.dat
- 2009-01-20 20:20 . 2010-09-07 22:00 402974 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-02 39408]
"Google Update"="c:\documents and settings\Kate Melhuish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-09 202256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-04 30192]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-09-04 425984]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\Simone Bolka\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\Kate Melhuish\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2010 9:54 AM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 2:46 PM 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 12:22 PM 30192]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [7/8/2008 3:35 PM 27904]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [7/8/2008 3:41 PM 1191552]
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 21:45]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:46]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:46]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770284473-4287908707-3168606348-1006Core.job
- c:\documents and settings\Kate Melhuish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 23:25]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770284473-4287908707-3168606348-1006UA.job
- c:\documents and settings\Kate Melhuish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-03 23:25]

2010-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-770284473-4287908707-3168606348-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-770284473-4287908707-3168606348-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0110&m=aoa150
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 08:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\igfxext.exe
c:\docume~1\KATEME~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2010-09-08 09:05:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 16:05
ComboFix2.txt 2010-09-07 22:21

Pre-Run: 134,212,878,336 bytes free
Post-Run: 134,206,656,512 bytes free

- - End Of File - - 1026644E720347D1C221AD4176633B1B
  • 0

#6
Rorschach112
Posted 08 September 2010 - 11:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
katemnl
Posted 12 September 2010 - 09:24 PM

katemnl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4572

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/8/2010 10:44:19 AM
mbam-log-2010-09-08 (10-44-19).txt

Scan type: Quick scan
Objects scanned: 139724
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 12, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 12, 2010 17:15:21
Records in database: 4211792
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 143381
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 06:03:40


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xkawkxs.sys.vir Infected: Rootkit.Win32.Agent.biiu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_xkawkxs_.sys.zip Infected: Rootkit.Win32.Agent.biiu 1
C:\Qoobox\Quarantine\[4]-Submit_2010-09-08_08.49.29.zip Infected: Rootkit.Win32.Agent.biiu 1
C:\System Volume Information\_restore{67C4541F-D3F2-450D-8BA3-DE79D55388CD}\RP15\A0018990.sys Infected: Rootkit.Win32.Agent.biiu 1

Selected area has been scanned.
  • 0

#8
Rorschach112
Posted 13 September 2010 - 08:46 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
katemnl
Posted 13 September 2010 - 12:25 PM

katemnl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
So, no concern that the online scan found threats?

Thanks so much for all of the help!
  • 0

#10
Rorschach112
Posted 13 September 2010 - 12:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
previous post gets rid of em
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP