voight75

Members
  • Content count

    35
  • Joined

  • Last visited

About voight75

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Dakeyras, Ok! I have successfully reformatted my laptop. I have re-installed the McAfee Security Suite, which I believe provides me with a firewall, anti-virus etc, as you mentioned in your previous post. Thank you again for all of your help. It is very much appreciated. I will know where to come if I ever have any problems again.
  2. Dakeyras, Ok, this is what I had feared. I will back up tomorrow and then either Sunday or Monday do the reformat, using the Toshiba provided CDs. Will I lose my McAfee etc when I reformat, ie: wil I have to buy a new subscription etc? I will most likely have other questions relating to the reformat, so please keep an eye out here, as I will definitely have questions. Thank you for all of your help.
  3. Dakeyras, Here you go: [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /forceresetreg
  4. Oh, I almost forgot, the Recovery Console is installed.
  5. Dakeyras, There were no red entries found using Ice Sword. If I need to reformat/reinstall, what do I need to do to prepare? I am going to buy a couple of memory sticks to put all of my personal files on (photos, music etc) Is there anything else I need to be doing? Also, are your colleagues having as much trouble with this Rootkit as we are, or is there something especially pernicious about my situation? I appreciate all of your help. Thanks. Here is the ntblog.txt: Service Pack 3 9 25 2009 15:31:22.375 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver pcmcia.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver TVALZ.SYS Loaded driver Thpevm.SYS Loaded driver thpdrv.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\w39n51.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\drivers\tifm21.sys Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\tdcmdpst.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\drivers\iviaspi.sys Loaded driver \SystemRoot\system32\drivers\pfc.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\tbiosdrv.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\ADIHdAud.sys Loaded driver \SystemRoot\system32\drivers\AEAudio.sys Loaded driver \SystemRoot\system32\DRIVERS\Tvs.sys Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS Loaded driver \SystemRoot\System32\Drivers\meiudf.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys Loaded driver \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys Loaded driver \SystemRoot\System32\Drivers\tcusb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\mfehidk.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\tdudf.sys Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys Loaded driver \SystemRoot\system32\DRIVERS\s24trans.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Loaded driver \SystemRoot\system32\DRIVERS\netdevio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Did not load driver \SystemRoot\System32\Drivers\Serial.SYS Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Did not load driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Did not load driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\drivers\mfebopk.sys Loaded driver \SystemRoot\system32\drivers\mfeavfk.sys Loaded driver \??\C:\WINDOWS\system32\drivers\tmcomm.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\LVPr2Mon.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\Drivers\IsDrv122.sys Loaded driver \SystemRoot\system32\drivers\LVUSBSta.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  6. Dakeyras, Same problem with combofix, yet again. It just will not start the auto-scan. It loads, creates system restore, then states that scan is about to begin (may take 10 minutes etc.), then nothing at all. I let it sit for almost 40 minutes, and still nothing. This has happened every time I have tried to run combofix, except the once I ran it in Safe Mode.
  7. Dakeyras, No problem at all. Ok, here are the logs: mbr log: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK report.txt: Host Name: RICHARD OS Name: Microsoft Windows XP Professional OS Version: 5.1.2600 Service Pack 3 Build 2600 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Workstation OS Build Type: Multiprocessor Free Registered Owner: Richard Lunan Registered Organization: Product ID: 76487-OEM-0011903-00817 Original Install Date: 12/22/2006, 3:06:34 AM System Up Time: 0 Days, 0 Hours, 15 Minutes, 48 Seconds System Manufacturer: TOSHIBA System Model: Satellite U205 System type: X86-based PC Processor(s): 1 Processor(s) Installed. [01]: x86 Family 6 Model 15 Stepping 6 GenuineIntel ~1995 Mhz BIOS Version: TOSHIB - 970814 Windows Directory: C:\WINDOWS System Directory: C:\WINDOWS\system32 Boot Device: \Device\HarddiskVolume1 System Locale: en-us;English (United States) Input Locale: en-us;English (United States) Time Zone: (GMT-06:00) Central Time (US & Canada) Total Physical Memory: 2,039 MB Available Physical Memory: 1,236 MB Virtual Memory: Max Size: 2,048 MB Virtual Memory: Available: 2,001 MB Virtual Memory: In Use: 47 MB Page File Location(s): C:\pagefile.sys Domain: WORKGROUP Logon Server: \\RICHARD Hotfix(s): 197 Hotfix(s) Installed. [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: Q147222 [84]: KB887998 - QFE [85]: KB930494 - QFE [86]: SP3 - SP [87]: M928366 - Update [88]: S867460 - Update [89]: KB888316 - Update [90]: KB894553 - Update [91]: KB895678 - Update [92]: MC05Upd1 - Update [93]: KB900325 - Update [94]: Q927978 [95]: Q936181 [96]: Q954430 [97]: IDNMitigationAPIs - Update [98]: NLSDownlevelMapping - Update [99]: KB929399 [100]: KB952069_WM9 [101]: KB968816_WM9 [102]: KB973540_WM9 [103]: KB911565 [104]: KB913800 [105]: KB917734_WMP10 [106]: KB926251 [107]: KB936782_WMP10 [108]: KB936782_WMP11 [109]: KB939683 [110]: KB954154_WM11 [111]: KB959772_WM11 [112]: KB925398_WMP64 [113]: KB923689 [114]: KB941569 [115]: KB928090-IE7 - Update [116]: KB929969 - Update [117]: KB931768-IE7 - Update [118]: KB933566-IE7 - Update [119]: KB937143-IE7 - Update [120]: KB938127-IE7 - Update [121]: KB939653-IE7 - Update [122]: KB942615-IE7 - Update [123]: KB944533-IE7 - Update [124]: KB947864-IE7 - Update [125]: KB950759-IE7 - Update [126]: KB953838-IE7 - Update [127]: KB956390-IE7 - Update [128]: KB958215-IE7 - Update [129]: KB960714-IE7 - Update [130]: KB961260-IE7 - Update [131]: KB963027-IE7 - Update [132]: KB969897-IE7 - Update [133]: KB969897-IE8 - Update [134]: KB971930-IE8 - Update [135]: KB971961-IE8 - Update [136]: KB972260-IE8 - Update [137]: MSCompPackV1 - Update [138]: KB936929 - Service Pack [139]: KB923561 - Update [140]: KB938464 - Update [141]: KB938464-v2 - Update [142]: KB946648 - Update [143]: KB950760 - Update [144]: KB950762 - Update [145]: KB950974 - Update [146]: KB951066 - Update [147]: KB951072-v2 - Update [148]: KB951376 - Update [149]: KB951376-v2 - Update [150]: KB951698 - Update [151]: KB951748 - Update [152]: KB951978 - Update [153]: KB952004 - Update [154]: KB952287 - Update [155]: KB952954 - Update [156]: KB953839 - Update [157]: KB954211 - Update [158]: KB954459 - Update [159]: KB954550-v5 - Update [160]: KB954600 - Update [161]: KB955069 - Update [162]: KB955839 - Update [163]: KB956391 - Update [164]: KB956572 - Update [165]: KB956744 - Update [166]: KB956802 - Update [167]: KB956803 - Update [168]: KB956841 - Update [169]: KB956844 - Update [170]: KB957095 - Update [171]: KB957097 - Update [172]: KB958644 - Update [173]: KB958687 - Update [174]: KB958690 - Update [175]: KB959426 - Update [176]: KB960225 - Update [177]: KB960715 - Update [178]: KB960803 - Update [179]: KB960859 - Update [180]: KB961118 - Update [181]: KB961371 - Update [182]: KB961373 - Update [183]: KB961501 - Update [184]: KB967715 - Update [185]: KB968389 - Update [186]: KB968537 - Update [187]: KB969898 - Update [188]: KB970238 - Update [189]: KB970653-v3 - Update [190]: KB971557 - Update [191]: KB971633 - Update [192]: KB971657 - Update [193]: KB973346 - Update [194]: KB973354 - Update [195]: KB973507 - Update [196]: KB973815 - Update [197]: KB973869 - Update NetWork Card(s): 3 NIC(s) Installed. [01]: Intel® PRO/100 VE Network Connection Connection Name: Local Area Connection [02]: Intel® PRO/Wireless 3945ABG Network Connection Connection Name: Wireless Network Connection DHCP Enabled: Yes DHCP Server: 192.168.2.1 IP address(es) [01]: 192.168.2.2 [03]: 1394 Net Adapter Connection Name: 1394 Connection 10:33:14:406 SetPrivileges: OpenThreadToken error 1008 10:33:14:406 ForceUnloadDriver: NtUnloadDriver error 2 10:33:14:406 ForceUnloadDriver: NtUnloadDriver error 2 10:33:14:406 ForceUnloadDriver: NtUnloadDriver error 2 10:33:14:500 main: Driver KLMD successfully dropped 10:33:14:546 main: Driver KLMD successfully loaded 10:33:14:546 scanning registry ... 10:33:14:593 ScanServices: Searching service UACd.sys 10:33:14:593 ScanServices: Open/Create key error 2 10:33:14:593 ScanServices: Searching service TDSSserv.sys 10:33:14:593 ScanServices: Open/Create key error 2 10:33:14:593 ScanServices: Searching service gaopdxserv.sys 10:33:14:593 ScanServices: Open/Create key error 2 10:33:14:593 ScanServices: Searching service gxvxcserv.sys 10:33:14:593 ScanServices: Open/Create key error 2 10:33:14:593 ScanServices: Searching service MSIVXserv.sys 10:33:14:593 ScanServices: Open/Create key error 2 10:33:14:609 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000 10:33:14:812 UnhookRegistry: Kernel local addr: C00000 10:33:15:15 UnhookRegistry: KeServiceDescriptorTable addr: C8B520 10:33:15:15 UnhookRegistry: KiServiceTable addr: C0D8B0 10:33:15:62 UnhookRegistry: NtEnumerateKey service number (local): 47 10:33:15:62 UnhookRegistry: NtEnumerateKey local addr: CA1E14 10:33:15:234 KLMD_OpenDevice: Trying to open KLMD device 10:33:15:234 KLMD_GetSystemRoutineAddress: Trying to get system routine address ZwEnumerateKey 10:33:15:234 KLMD_ReadMem: Trying to ReadMemory 0x804E380F[0x4] 10:33:15:234 UnhookRegistry: NtEnumerateKey service number (kernel): 47 10:33:15:234 KLMD_ReadMem: Trying to ReadMemory 0x804E49CC[0x4] 10:33:15:234 UnhookRegistry: NtEnumerateKey real addr: 80578E14 10:33:15:234 UnhookRegistry: NtEnumerateKey calc addr: 80578E14 10:33:15:234 UnhookRegistry: No SDT hooks found on NtEnumerateKey 10:33:15:234 KLMD_ReadMem: Trying to ReadMemory 0x80578E14[0xA] 10:33:15:234 UnhookRegistry: Splicing found on NtEnumerateKey 10:33:15:234 KLMD_WriteMem: Trying to WriteMemory 0x80578E14[0xA] 10:33:15:234 UnhookRegistry: NtEnumerateKey (Splicing) unhooked successfully 10:33:15:234 completed 10:33:15:234 Files deleted on next reboot: 0 10:33:15:234 Registry node deleted on next reboot: 0 10:33:15:234
  8. Dakeyras, Ok, I have uninstalled the two programs you mentioned. I have a 2 disc set I got with my laptop (laptop is about 3 years old); the set is Toshiba Recovery andApplications/Drivers. Would Windows XP be included on that (XP was installed when I bought the laptop.) The look.txt file was blank, nothing to post.
  9. Dakeyras, Ok, I downloaded the Java updates and did the Kaspersky scan (all 3hours of it!) No other new problems etc to report. Here is the Kaspersky log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, September 23, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, September 24, 2009 00:17:03 Records in database: 2876926 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 96455 Threats found: 2 Infected objects found: 8 Suspicious objects found: 0 Scan duration: 03:17:43 File name / Threat / Threats count winlogon.exe\LMIinit.dll/winlogon.exe\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\WINDOWS\system32\LMIinit.dll/C:\WINDOWS\system32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 globalroot\Device\Ide\IdePort1\rxvnntsi\rxvnntsi\tdlwsp.dll/globalroot\Device\Ide\IdePort1\rxvnntsi\rxvnntsi\tdlwsp.dll Infected: Packed.Win32.TDSS.z 4 C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\WINDOWS\system32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 Selected area has been scanned.
  10. Ok, it worked, I hope. I submitted it to your channel in 4 parts, all sent successfully.
  11. Ok, I am submitting it to your channel in parts. First part just sent.
  12. Dakeyras, I have tried to split it up, even into 5 different pieces, and it is still too large to post. There appears to be some sort of attachment size limit for each thread, and it looks like we have used 321.18k of 500k, or am I misunderstanding that? Either way, I cannot think of a way to post these logs. Do you have an ftp site or something similar? Or could I e-mail you maybe?
  13. The Radix log is too large to post, even a s zip file, it will not allow me to attach it. What should I do?
  14. Dakeyras, Well, I appreciate your continued help. I also saw that a number of you guys were helping others who appear to have the same problem as me! I suppose the more people working on it, the sooner we will crack it, right? One side question: my desktop is becoming rather cluttered, can I remove some of the stuff I have downloaded? (At this point, everything you have asked me to download is still on my desktop. I was planning on keeping MBAM, RSIT, GMER, HiJack This and Erunt for now, but can I get rid of the other stuff for now? Here is the ProceXP log: Process PID CPU Description Company Name System Idle Process 0 93.48 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 600 Windows NT Session Manager Microsoft Corporation csrss.exe 652 Client Server Runtime Process Microsoft Corporation winlogon.exe 684 Windows NT Logon Application Microsoft Corporation services.exe 732 2.17 Services and Controller app Microsoft Corporation svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation LVComSX.exe 2452 LVCom Server Logitech Inc. Dot1XCfg.exe 2444 Intel 802.1x Server Intel Corporation COCIManager.exe 4156 Camera Control Interface Logitech Inc. mcupdmgr.exe 2732 McAfee Update Manager Service McAfee, Inc. wmiprvse.exe 4352 WMI Microsoft Corporation mcupdui.exe 2648 McAfee McUpdUI EXE McAfee, Inc. svchost.exe 1012 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1128 Generic Host Process for Win32 Services Microsoft Corporation EvtEng.exe 1188 Intel® PROSet/Wireless Event Log Intel Corporation S24EvMon.exe 1380 Wireless Management Service Intel Corporation svchost.exe 1528 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1604 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1796 Spooler SubSystem App Microsoft Corporation LVPrcSrv.exe 1896 Logitech LVPrcSrv Module. Logitech Inc. svchost.exe 1960 Generic Host Process for Win32 Services Microsoft Corporation AppleMobileDeviceService.exe 136 Apple Mobile Device Service Apple Inc. mDNSResponder.exe 272 Bonjour Service Apple Inc. CFSvcs.exe 424 Service of ConfigFree. TOSHIBA CORPORATION DVDRAMSV.exe 1036 DVD-RAM Utility Helper Service Matsushita Electric Industrial Co., Ltd. ehrecvr.exe 1544 Media Center Receiver Service Microsoft Corporation ehSched.exe 1712 Media Center Scheduler Service Microsoft Corporation lxdfcoms.exe 628 Printer Communication System McSACore.exe 1312 SiteAdvisor McAfee, Inc. mcmscsvc.exe 1500 McAfee Services McAfee, Inc. McNASvc.exe 2096 McAfee Network Agent McAfee, Inc. RegSrvc.exe 2980 Intel® PROSet/Wireless Registry Service Intel Corporation svchost.exe 3480 Generic Host Process for Win32 Services Microsoft Corporation swupdtmr.exe 3832 ThpSrv.exe 4064 TOSHIBA HDD Protection Service TOSHIBA Corporation WasherSvc.exe 592 Window Washer Engine Webroot Software, Inc. dllhost.exe 3204 COM Surrogate Microsoft Corporation svchost.exe 3596 Generic Host Process for Win32 Services Microsoft Corporation alg.exe 1868 Application Layer Gateway Service Microsoft Corporation MpfSrv.exe 3376 McAfee Personal Firewall Service McAfee, Inc. Mcshield.exe 5276 On-Access Scanner service McAfee, Inc. mcsysmon.exe 1152 McAfee SystemGuards Service McAfee, Inc. McProxy.exe 4324 McAfee Proxy Service Module McAfee, Inc. msksrver.exe 4628 McAfee Anti-Spam Server McAfee, Inc. RapportMgmtService.exe 2552 RapportMgmtService Trusteer Ltd. lsass.exe 744 LSA Shell (Export Version) Microsoft Corporation explorer.exe 404 0.72 Windows Explorer Microsoft Corporation smax4pnp.exe 2500 SMax4PNP Analog Devices, Inc. ltmoh.exe 2508 LtMoh MFC Application Agere Systems agrsmmsg.exe 2540 SoftModem Messaging Applet Agere Systems Apoint.exe 2560 Alps Pointing-device Driver Alps Electric Co., Ltd. ThpSrv.exe 2620 TOSHIBA HDD Protection Service TOSHIBA Corporation TPSODDCtl.exe 2728 TOSHIBA Corporation PadExe.exe 2760 PadTouch Main TOSHIBA TvsTray.exe 2964 TOSHIBA Virtual Sound Taskbar Module TOSHIBA Corporation NDSTray.exe 3032 ConfigFree Tray TOSHIBA CORPORATION TFncKy.exe 3064 TFncKy TOSHIBA Corporation TosHKCW.exe 3088 Wireless Hotkey TOSHIBA CORPORATION TouchED.exe 3128 TouchPad On/Off Utility TOSHIBA Corporation DDWMon.exe 3156 TOSHIBA Direct Disc Writer - Event Monitor TOSHIBA Corporation hkcmd.exe 3224 hkcmd Module Intel Corporation igfxpers.exe 3296 persistence Module Intel Corporation ZCfgSvc.exe 3328 ZeroCfgSvc MFC Application Intel Corporation iFrmewrk.exe 3340 Intel Framework MFC Application Intel Corporation LogMeInSystray.exe 3360 LogMeIn Desktop Application LogMeIn, Inc. mcagent.exe 3368 McAfee Integrated Security Platform McAfee, Inc. lxdfmon.exe 3388 Printer Device Monitor lxdfamon.exe 3456 Printer Card Transfer Monitor Communications_Helper.exe 3508 Communications Manager Logitech Inc. QuickCam10.exe 3532 Camera Software Logitech Inc. GrooveMonitor.exe 3576 GrooveMonitor Utility Microsoft Corporation QTTask.exe 3740 QuickTime Task Apple Inc. GoogleToolbarNotifier.exe 3820 GoogleToolbarNotifier Google Inc. ctfmon.exe 3976 CTF Loader Microsoft Corporation 00THotkey.exe 144 THotkey TOSHIBA Corporation LogitechDesktopMessenger.exe 956 Logitech Desktop Messenger Logitech Inc. RAMASST.exe 1672 CD Burning of Windows XP disabling tool for DVD MULTI Drive Matsushita Electric Industrial Co., Ltd. iexplore.exe 5604 Internet Explorer Microsoft Corporation iexplore.exe 4320 Internet Explorer Microsoft Corporation iexplore.exe 5164 1.47 Internet Explorer Microsoft Corporation procexp.exe 5660 Sysinternals Process Explorer Sysinternals - www.sysinternals.com psqltray.exe 3108 Protector Suite QL Tray Application Launcher UPEK Inc. TPSBattM.exe 3352 TOSHIBA Corporation ApntEx.exe 3696 Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd. RapportService.exe 5824 RapportService Trusteer Ltd.
  15. Dakeyras, Ok. My computer is no better, no worse Nothing new to report. Here is the avenger report: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate. Runscanner is attached. Here is the new RSIT log: Logfile of random's system information tool 1.06 (written by random/random) Run by Richard Lunan at 2009-09-23 09:13:00 Microsoft Windows XP Professional Service Pack 3 System drive C: has 83 GB (72%) free of 114 GB Total RAM: 2039 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:13:05 AM, on 9/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\lxdfcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Lexmark 6500 Series\lxdfmon.exe C:\Program Files\Lexmark 6500 Series\lxdfamon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\QuickTime\qttask.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ThpSrv.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\Richard Lunan\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Richard Lunan.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe" O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: 00THotkey.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0017481253713625) (0017481253713625mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\001748~1.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 13579 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-27 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] "LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608] "PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208] "ThpSrv"=thpsrv /logon [] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392] "TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592] "TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344] "PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322] "Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728] "NDSTray.exe"=NDSTray.exe [] "TFncKy"=TFncKy.exe [] "TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152] "TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976] "DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182] "LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2006-10-06 303864] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328] "lxdfmon.exe"=C:\Program Files\Lexmark 6500 Series\lxdfmon.exe [2007-06-11 455600] "lxdfamon"=C:\Program Files\Lexmark 6500 Series\lxdfamon.exe [2007-06-01 20480] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup 00THotkey.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2006-10-06 11504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "_NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-09-23 08:57:50 ----D---- C:\Avenger 2009-09-23 08:57:49 ----A---- C:\avenger.txt 2009-09-22 10:14:56 ----SD---- C:\Combo-Fix 2009-09-22 10:14:49 ----A---- C:\WINDOWS\system32\CF6370.exe 2009-09-21 19:08:34 ----SHD---- C:\RECYCLER 2009-09-21 18:06:47 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-21 13:04:33 ----D---- C:\rsit 2009-09-21 12:33:46 ----D---- C:\_OTM 2009-09-21 12:28:33 ----D---- C:\Program Files\ERUNT 2009-09-21 12:05:01 ----A---- C:\WINDOWS\msoffice.ini 2009-09-18 16:21:20 ----A---- C:\Boot.bak 2009-09-18 16:21:10 ----RASHD---- C:\cmdcons 2009-09-18 16:16:59 ----A---- C:\WINDOWS\zip.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWSC.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWREG.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\sed.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\PEV.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-18 16:16:59 ----A---- C:\WINDOWS\grep.exe 2009-09-18 16:16:23 ----D---- C:\WINDOWS\ERDNT 2009-09-18 16:15:40 ----D---- C:\Qoobox 2009-09-18 15:37:46 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt 2009-09-17 11:27:59 ----D---- C:\Program Files\Trend Micro 2009-09-17 11:01:34 ----D---- C:\Program Files\Enigma Software Group 2009-09-16 22:23:58 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Malwarebytes 2009-09-16 22:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-09-16 22:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-16 18:55:41 ----A---- C:\WINDOWS\wininit.ini 2009-09-16 18:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-16 18:16:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-09-09 15:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-09 15:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-09 15:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$ 2009-08-27 10:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ ======List of files/folders modified in the last 1 months====== 2009-09-23 09:13:04 ----D---- C:\WINDOWS\Temp 2009-09-23 09:06:59 ----D---- C:\WINDOWS 2009-09-23 09:06:50 ----D---- C:\WINDOWS\system32\drivers 2009-09-23 09:06:48 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-23 09:04:43 ----D---- C:\WINDOWS\Registration 2009-09-23 08:57:20 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-23 08:57:02 ----D---- C:\WINDOWS\Prefetch 2009-09-23 08:57:00 ----HD---- C:\WINDOWS\inf 2009-09-23 08:51:01 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-22 10:15:04 ----D---- C:\WINDOWS\system32 2009-09-22 07:46:13 ----SHD---- C:\WINDOWS\Installer 2009-09-22 07:45:41 ----D---- C:\Program Files 2009-09-22 07:45:40 ----D---- C:\Program Files\Common Files\Research In Motion 2009-09-22 07:41:06 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt 2009-09-22 07:40:11 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt 2009-09-21 18:52:35 ----A---- C:\WINDOWS\system.ini 2009-09-21 18:41:22 ----D---- C:\WINDOWS\system32\config 2009-09-21 18:30:50 ----D---- C:\WINDOWS\AppPatch 2009-09-21 18:30:47 ----D---- C:\Program Files\Common Files 2009-09-21 14:18:16 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Skype 2009-09-21 12:13:18 ----D---- C:\Program Files\Pure Networks 2009-09-21 12:13:18 ----D---- C:\Program Files\Common Files\AOL 2009-09-21 12:11:35 ----SD---- C:\WINDOWS\Tasks 2009-09-21 12:11:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-09-21 12:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL 2009-09-21 12:05:34 ----A---- C:\WINDOWS\win.ini 2009-09-21 12:05:17 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\AOL 2009-09-21 11:58:28 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\skypePM 2009-09-18 16:21:21 ----RASH---- C:\boot.ini 2009-09-16 22:38:55 ----D---- C:\Program Files\DIGStream 2009-09-16 20:02:34 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-16 19:34:18 ----D---- C:\Program Files\Internet Explorer 2009-09-12 17:56:32 ----D---- C:\WINDOWS\network diagnostic 2009-09-09 15:02:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-09 15:02:03 ----A---- C:\WINDOWS\imsins.BAK 2009-09-09 15:01:58 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-09 15:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-09 15:00:59 ----D---- C:\WINDOWS\ehome 2009-09-08 09:29:13 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe 2009-08-24 10:42:14 ----D---- C:\Program Files\McAfee ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-22 21275] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552] R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [] R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys [] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568] R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys [] R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060] R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2006-10-06 8048] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472] R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328] S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753] R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 lxdf_device;lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [2007-05-29 598960] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832] R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704] R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745] R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960] R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128] R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736] R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136] S2 0017481253713625mcinstcleanup;McAfee Application Installer Cleanup (0017481253713625); C:\WINDOWS\TEMP\001748~1.EXE [2009-08-18 316312] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248] S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168] S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe [2006-10-06 62200] S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2006-10-06 1622768] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- runscanner.zip