Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mabidwe.exe,soxpeca.exe

Started by george01 , Feb 24 2009 12:33 PM

  • Please log in to reply

#16
george01
Posted 27 February 2009 - 06:38 AM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Thanks for all that. I was looking when I used the Kaspersky programme. Would you recommend their Antivirus over say the free version of AVG or does anyone else really standout? - George
  • 0

Advertisements

#17
kahdah
Posted 27 February 2009 - 06:42 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes I would use Kaspersky instead of Avg if you wanted to pay for it.
  • 0

#18
george01
Posted 27 February 2009 - 12:48 PM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Have just run otscanit.exe prevx.csi and it says there is one rootkit threat: c:windows\system32\umtcdtw.sys. Should I worry about this or just ignore it. Other than that there is nothing else. - George
  • 0

#19
kahdah
Posted 27 February 2009 - 01:21 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ot list it is removing that file so once you let it finish it will be gone.
After OTlist it does the cleanup bit and you clear the restore points it will no longer pick up anything.

Run a scan after that and let me know what it finds.
  • 0

#20
george01
Posted 28 February 2009 - 10:26 AM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
OTListIt logfile created on: 28/02/2009 07:52:13 - Run 3
OTListIt2 by OldTimer - Version 2.0.1.1 Folder = C:\Documents and Settings\george\Desktop\New Folder (2)
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 64.78% Memory free
2.10 Gb Paging File | 1.72 Gb Available in Paging File | 82.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.10 Gb Total Space | 153.57 Gb Free Space | 51.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.06 Gb Total Space | 24.60 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 49.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUTFUT01
Current User Name: george
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\crypserv.exe (Kenonic Controls Ltd.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\KService\KService.exe (Kontiki Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskAgent.exe (McAfee Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPS\mps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Inc.)
PRC - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPS\mpsevh.exe (McAfee, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\george\Desktop\New Folder (2)\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (CachemanXPService [Auto | Stopped]) -- File not found
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License [Auto | Running]) -- C:\WINDOWS\system32\crypserv.exe (Kenonic Controls Ltd.)
SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (Diskeeper [Auto | Running]) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (Emproxy [On_Demand | Running]) -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.)
SRV - (EPGService [Auto | Running]) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (HauppaugeTVServer [On_Demand | Stopped]) -- C:\Program Files\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\KService\KService.exe (Kontiki Inc.)
SRV - (lxcd_device [On_Demand | Stopped]) -- C:\WINDOWS\system32\lxcdcoms.exe ()
SRV - (McAfee HackerWatch Service [Auto | Running]) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [Auto | Running]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McRedirector [Auto | Running]) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Auto | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MPS9 [Auto | Running]) -- C:\Program Files\McAfee\MPS\mps.exe (McAfee, Inc.)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Inc.)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RAIDmSvr [Auto | Stopped]) -- File not found
SRV - (SDMainSvc [Auto | Stopped]) -- File not found
SRV - (SDService [Auto | Stopped]) -- File not found
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (SMTPSVC [Auto | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec Core LC [Auto | Stopped]) -- File not found
SRV - (W3SVC [Auto | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (alcan5wn [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys (THOMSON)
DRV - (alcaudsl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aslm75 [Auto | Running]) -- C:\WINDOWS\system32\drivers\aslm75.sys ()
DRV - (ASPI [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (BlueletAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (btaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTHidEnum [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BTIAUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btiausb.sys (iAnywhere Solutions)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTNetFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (BTPROT [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btprot.sys (iAnywhere Solutions)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (DIGIRPS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\digirlpt.sys (Digi International, Inc.)
DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (Elaborate Bytes)
DRV - (ElbyCDIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HCW88BDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88rc5 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW88TSE [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88vid [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hcw88vid.sys (Hauppauge Computer Works, Inc)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (L8042Kbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech, Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (LUsbKbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LUsbKbd.Sys (Logitech, Inc.)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODLOAD [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dgtvload.sys (DiBcom)
DRV - (MODUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\dgtvcap.sys (DiBcom SA)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mr7910 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mr7910.sys (Mars Semiconductor Corp.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NWWMUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\nwwmusb.sys (Sony Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (pxscan [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (rdsdrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rdsdrv.sys ()
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RT2500 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RT2500.sys (Ralink Technology Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys ()
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tifsfilter [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (VComm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ViaIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)
DRV - (viasraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (vulfnths [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\vulfnth.sys (VIA Technologies, Inc.)
DRV - (vulfntrs [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfntr.sys (VIA Technologies, Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (WmaCDriverV32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys (Windows ® 2000/XP)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe (McAfee Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1219 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.truprint....rintActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1205572690421 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1229624400921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229624253687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - G:\autorun.inf () - [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/27 18:44:50 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\george\Desktop\SpywareBlaster.lnk
[2009/02/27 18:44:49 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/02/27 17:56:16 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup41.exe
[2009/02/27 17:34:23 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Spybot - Search & Destroy.lnk
[2009/02/27 17:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/27 17:30:19 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2009/02/27 17:22:26 | 00,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\george\Desktop\StartUpLite.exe
[2009/02/27 09:33:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logs
[2009/02/27 07:56:15 | 02,269,568 | ---- | C] () -- C:\Documents and Settings\george\Desktop\FixDownadup.exe
[2009/02/25 18:53:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\george\Desktop\New Folder (2)
[2009/02/25 16:10:57 | 00,001,842 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Diskeeper.lnk
[2009/02/25 14:51:21 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/25 13:10:40 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/25 13:04:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/25 12:37:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2009/02/24 19:13:56 | 00,165,376 | ---- | C] () -- C:\Documents and Settings\george\My Documents\OTListIt logfile.doc
[2009/02/24 13:05:40 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/02/24 12:44:50 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/02/24 12:32:00 | 00,008,184 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/24 12:31:48 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/02/24 12:30:32 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2009/02/24 12:29:46 | 00,037,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/02/24 12:29:46 | 00,034,184 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/02/24 12:29:46 | 00,032,008 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/02/24 12:29:45 | 00,170,408 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/02/24 12:29:44 | 00,071,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/02/24 12:29:42 | 00,107,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/02/24 12:29:29 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/02/24 12:29:28 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/02/24 12:29:19 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/02/24 12:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/02/24 12:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/02/24 11:41:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/02/23 19:50:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Malwarebytes
[2009/02/23 19:50:31 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/23 19:50:31 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/23 19:50:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/23 19:50:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/23 19:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/23 19:36:06 | 00,000,546 | ---- | C] () -- C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
[2009/02/23 14:24:26 | 00,000,833 | ---- | C] () -- C:\Documents and Settings\george\Desktop\Security Task Manager.lnk
[2009/02/22 19:44:14 | 00,022,536 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/02/22 19:44:13 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/02/22 19:44:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/02/22 18:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\george\Application Data\Uniblue
[2009/02/21 14:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/02/21 14:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/02/16 13:13:46 | 00,000,000 | --SD | C] -- C:\Documents and Settings\george\My Documents\My Data Sources
[2009/02/13 10:00:51 | 00,401,794 | ---- | C] () -- C:\Documents and Settings\george\My Documents\TV Theme Songs - Looney Tunes - .mp3
[2009/02/13 09:53:46 | 00,000,000 | R--D | C] -- C:\Documents and Settings\george\My Documents\My Music
[2009/02/11 16:15:30 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\george\My Documents\Passwords.doc
[2009/02/10 16:47:24 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\george\My Documents\Veg Prices.xls
[2009/02/08 10:46:43 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\george\My Documents\spider.sav
[2009/02/08 09:43:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\george\My Documents\Adobe
[2009/02/08 09:42:47 | 03,588,110 | ---- | C] () -- C:\Documents and Settings\george\Desktop\IMG_6043.JPG
[2009/02/08 09:42:47 | 02,610,442 | ---- | C] () -- C:\Documents and Settings\george\Desktop\IMG_6044.JPG
[2009/02/08 09:42:47 | 02,597,619 | ---- | C] () -- C:\Documents and Settings\george\Desktop\IMG_6042.JPG
[2009/02/08 09:42:47 | 02,569,678 | ---- | C] () -- C:\Documents and Settings\george\Desktop\IMG_6046.JPG

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/28 07:49:43 | 00,008,184 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/28 07:49:43 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/02/28 07:47:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/28 07:47:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/27 18:50:37 | 00,001,023 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/27 18:50:37 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/27 18:50:37 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/27 18:44:50 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\george\Desktop\SpywareBlaster.lnk
[2009/02/27 17:34:23 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Spybot - Search & Destroy.lnk
[2009/02/27 17:22:44 | 00,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\george\Desktop\StartUpLite.exe
[2009/02/27 17:04:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2009/02/27 17:02:05 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/27 07:56:17 | 02,269,568 | ---- | M] () -- C:\Documents and Settings\george\Desktop\FixDownadup.exe
[2009/02/25 16:10:57 | 00,001,842 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Diskeeper.lnk
[2009/02/25 16:03:26 | 00,002,307 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Excel.lnk
[2009/02/25 13:19:31 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/24 19:37:10 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Word.lnk
[2009/02/24 19:13:56 | 00,165,376 | ---- | M] () -- C:\Documents and Settings\george\My Documents\OTListIt logfile.doc
[2009/02/24 18:04:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/24 12:31:48 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/02/24 12:29:29 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/02/24 12:29:28 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/02/23 19:50:31 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/23 19:36:06 | 00,000,546 | ---- | M] () -- C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
[2009/02/23 14:24:26 | 00,000,833 | ---- | M] () -- C:\Documents and Settings\george\Desktop\Security Task Manager.lnk
[2009/02/22 19:44:14 | 00,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/02/22 19:44:08 | 00,011,280 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/22 19:19:04 | 00,687,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/22 19:19:04 | 00,169,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/22 19:19:04 | 00,005,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/21 22:43:05 | 00,001,257 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Shared Docs.lnk
[2009/02/16 13:18:21 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Loss Chart.xls
[2009/02/14 16:23:54 | 02,069,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/13 17:15:11 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/13 10:01:00 | 00,401,794 | ---- | M] () -- C:\Documents and Settings\george\My Documents\TV Theme Songs - Looney Tunes - .mp3
[2009/02/11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/11 16:15:30 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Passwords.doc
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/10 16:47:25 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\george\My Documents\Veg Prices.xls
[2009/02/08 10:46:43 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\george\My Documents\spider.sav
[2009/02/08 09:40:48 | 02,569,678 | ---- | M] () -- C:\Documents and Settings\george\Desktop\IMG_6046.JPG
[2009/02/08 09:39:58 | 02,610,442 | ---- | M] () -- C:\Documents and Settings\george\Desktop\IMG_6044.JPG
[2009/02/08 09:39:36 | 0
  • 0

#21
george01
Posted 28 February 2009 - 10:31 AM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Sorry, forgot to add note. This file only shows up when you boot the computer up. This Prevx programme runs strainght away, finds this file then displays on the screen, of course cannot delete it using the Prevx prgramme as it is a 'Scan and Buy' variety. Not even sure what the file is. I ran OTScanit then rebooted and the same info came up. Shall I just ignore it? George
  • 0

#22
kahdah
Posted 28 February 2009 - 02:33 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmm ok let's try this then:

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otli
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files
c:windows\system32\umtcdtw.sys

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#23
george01
Posted 01 March 2009 - 02:19 AM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
I ran the programme as advised. When I clicked on run fix it rebooted almost immediatley. When it came back up there was no log on the screen. - George
  • 0

#24
kahdah
Posted 01 March 2009 - 07:29 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Does the threat still show up from Prevx?

Check here for the log:
C:\_Otlistit\MovedFiles\look for any text files in there from yesterday's date.
Post those results here.
  • 0

#25
george01
Posted 01 March 2009 - 12:59 PM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Yes, it still shows up when you boot up.

Cannot find any trace of the Otlistit\moved files. Am I looking in the right place.?

George
  • 0

Advertisements

#26
kahdah
Posted 01 March 2009 - 01:29 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:windows\system32\umtcdtw.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
  • 0

#27
george01
Posted 01 March 2009 - 01:48 PM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Please find below:

Was reading the log file and it says it can't find it. Yet when the computer booted up the Prevx programme came up with it.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:windows\system32\umtcdtw.sys"
Deletion of file "c:windows\system32\umtcdtw.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.
  • 0

#28
kahdah
Posted 01 March 2009 - 02:31 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Delete this folder and see if it still finds it.
C:\Qoobox

reboot and let me know what it finds.
  • 0

#29
george01
Posted 02 March 2009 - 01:59 AM

george01

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 131 posts
Just checked and Qoobox isn't located on the hdrive anymore. Have run regcure and spybot and neither of them pick it up. Should I just delete it from the System32 list? - George
  • 0

#30
kahdah
Posted 02 March 2009 - 07:14 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Should I just delete it from the System32 list?

Do you see the file that prevx is referring to?
If so then yes delete it.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP