Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo/Trojan.TDSS/FakeAlert/Zlob/VirusRemover2008


  • This topic is locked This topic is locked
2 replies to this topic

#1 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:12:01 AM

Posted 20 December 2008 - 11:10 PM

Hi friends, ironic I get infected? since I'm learning to avoid such things. I don't know how this happened, had a lot of popups from VirusRemover2008 earlier, tried to run mbam several times, wouldn't run. Tried in safe mode, would not run. Renamed it and it suddenly ran :thumbsup:

Ran it once in safe mode but had to abort pc really slowed down too much, it deleted some Vundo's on reboot, in normal mode things looked ok.. for a while. The popups soon returned and mbam ran but could not update, even though the internet worked fine, but it scanned and found a fair few infections (second log posted)

RSIT will not scan, get the following error message when I try:

Line -1:

Error: Error parsing function call.


I think I have a rootkit infection (TDSS I think is rootkit related)

Sorry I can't post any diagnostic info (HJT will run but is clean :) ) all I can post is the mbam logs:

Malwarebytes' Anti-Malware 1.31
Database version: 1520
Windows 5.1.2600 Service Pack 3

21/12/2008 03:15:39
mbam-log-2008-12-21 (03-15-36).txt

Scan type: Quick Scan
Objects scanned: 15662
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:WINDOWSsystem32ljJAQGyW.dll (Trojan.Vundo.H) -> No action taken.
C:WINDOWSsystem32tyshb36rfjdf.dll (Trojan.Fakealert) -> No action taken.
C:WINDOWSsystem32ssqNFYrS.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d5b256c8-9feb-4746-8dac-2d95195852a5} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOTCLSID{d5b256c8-9feb-4746-8dac-2d95195852a5} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOTCLSID{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Fakealert) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Fakealert) -> No action taken.
HKEY_CLASSES_ROOTCLSID{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyssqnfyrs (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWARE{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_LOCAL_MACHINESOFTWARE{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32ljjaqgyw -> No action taken.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo.H) -> Data: c:windowssystem32ljjaqgyw -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:WINDOWSsystem32ljJAQGyW.dll (Trojan.Vundo.H) -> No action taken.
C:WINDOWSsystem32WyGQAJjl.ini (Trojan.Vundo.H) -> No action taken.
C:WINDOWSsystem32WyGQAJjl.ini2 (Trojan.Vundo.H) -> No action taken.
C:WINDOWSsystem32vqiomsky.dll (Trojan.Vundo.H) -> No action taken.
C:WINDOWSsystem32yksmoiqv.ini (Trojan.Vundo.H) -> No action taken.
C:WINDOWSsystem32tyshb36rfjdf.dll (Trojan.Zlob.H) -> No action taken.
C:WINDOWSsystem32ssqNFYrS.dll (Trojan.Vundo) -> No action taken.

Second one

Malwarebytes' Anti-Malware 1.31
Database version: 1520
Windows 5.1.2600 Service Pack 3

21/12/2008 03:41:13
mbam-log-2008-12-21 (03-41-10).txt

Scan type: Quick Scan
Objects scanned: 48790
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOTCLSID{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWAREvirusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREvirusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersiontdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREtdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINESOFTWARExpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USERSOFTWAREMicrosoftinstkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsvchost.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:Documents and SettingsJatApplication Datagadcom (Trojan.Agent) -> No action taken.

Files Infected:
C:WINDOWSsystem32TDSSedrm.dll (Trojan.TDSS) -> No action taken.
C:WINDOWSsystem32TDSSfcof.dll (Trojan.TDSS) -> No action taken.
C:WINDOWSsystem32TDSSjriv.dll (Trojan.TDSS) -> No action taken.
C:WINDOWSsystem32TDSSxnaq.dll (Trojan.TDSS) -> No action taken.
C:WINDOWSsystem32driversTDSSmfdc.sys (Trojan.TDSS) -> No action taken.
C:Documents and SettingsJatLocal SettingsTempTDSS8624.tmp (Trojan.Agent) -> No action taken.
C:Documents and SettingsJatLocal SettingsTempwinloggn.exe (Trojan.Clicker) -> No action taken.
C:Documents and SettingsJatLocal SettingsTemp3941324568.exe (Trojan.Clicker) -> No action taken.
C:Documents and SettingsJatLocal SettingsTempcsrssc.exe (Trojan.Clicker) -> No action taken.
C:Documents and SettingsJatApplication Datagadcomgadcom.exe (Trojan.Agent) -> No action taken.
C:WINDOWSsystem32prunnet.exe (Trojan.Agent) -> No action taken.
C:WINDOWSsystem32efcAQJbA.dll (Trojan.Vundo) -> No action taken.
C:WINDOWSsystem32TDSSqyaa.log (Trojan.TDSS) -> No action taken.
C:WINDOWSsystem32TDSSxbad.dll (Rootkit.Agent) -> No action taken.

Thank you in advance for your help.

Forgot to mention one thing. I ran HJT in safe mode before doing anything else, and tried to fix the problem myself. I learned MBAM deals with Vundo which is what i saw in the log, so thats what I ran. Initially I couldn't even reach BC, I was redirected to VirusRemover2008. I also ran SmitfraudFix - Scan it said something about corrupted hosts files, I ran HostsXpert but it gave me an error. Here is the HJT log initially (if I rescan it is clean) As you can see its fairly infected, I managed to manually delete the system32 files and got rid of the Vundo file, but still I don't feel my pc is secure.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:04:23, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:windowsSystem32smss.exe
C:windowssystem32winlogon.exe
C:windowssystem32services.exe
C:windowssystem32lsass.exe
C:windowssystem32svchost.exe
C:windowssystem32svchost.exe
C:windowsExplorer.EXE
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:Program FilesTrend MicroHijackThisScanner.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:windowssystem32ssqNFYrS.dll
O2 - BHO: (no name) - {D5B256C8-9FEB-4746-8DAC-2D95195852A5} - C:windowssystem32ljJAQGyW.dll
O2 - BHO: C:windowssystem32tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:windowssystem32tyshb36rfjdf.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [prunnet] "C:windowssystem32prunnet.exe"
O4 - HKLM..Run: [c4ecf8e6] rundll32.exe "C:windowssystem32vqiomsky.dll",b
O4 - HKLM..Run: [jsf8j34rgfght] C:DOCUME~1JatLOCALS~1Tempwinloggn.exe
O4 - HKCU..Run: [ctfmon.exe] C:windowssystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 - HKCU..Run: [prunnet] "C:windowssystem32prunnet.exe"
O4 - HKCU..Run: [gadcom] "C:Documents and SettingsJatApplication Datagadcomgadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU..Run: [jsf8j34rgfght] C:DOCUME~1JatLOCALS~1Tempwinloggn.exe
O4 - HKCU..Run: [Jnskdfmf9eldfd] C:DOCUME~1JatLOCALS~1Tempcsrssc.exe
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:PROGRA~1NUCLEA~1VideoGetPluginsVIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:PROGRA~1NUCLEA~1VideoGetPluginsVIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsJatStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:windowsNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:windowsNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - AppInit_DLLs: enatrl.dll
O20 - Winlogon Notify: ssqNFYrS - C:windowsSYSTEM32ssqNFYrS.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:windowssystem32tyshb36rfjdf.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:windowssystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe

--
End of file - 5632 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 21 December 2008 - 12:56 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

BC AdBot (Login to Remove)

 


#2 Jat90

Jat90
  • Topic Starter

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:12:01 AM

Posted 21 December 2008 - 08:30 AM

~Sorry for Bump~ (I don't mind being pushed back, but you should know this)

I got further detections of TDSS (I thought it may have dissapeared because no symptoms were shown) so I ran SDFix in safe mode and it found the rootkit and removed it, RSIT now runs. I think my computer is ok now. Here are the logs:


SDFix: Version 1.240
Run by Jat on 21/12/2008 at 13:12

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
TDSSserv.sys

Path :
\systemroot\system32\drivers\TDSSmfdc.sys

TDSSserv.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\windows\system32\drivers\TDSSmfdc.sys - Deleted
C:\windows\system32\TDSSnirj.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSNIRJ.dat - Deleted

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jat at 2008-12-21 13:34:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 894 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:55, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\cmd.exe
C:\Documents and Settings\Jat\Desktop\SmitfraudFix\IEDFix.exe
C:\Documents and Settings\Jat\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jat\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4577 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\bppxnggu.job
C:\windows\tasks\Critical Battery Alarm Program.job
C:\windows\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2005-06-29 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\windows\system32\ljJAQGyW

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:7\UT2004\System\UT2004.exe"="C:7\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"E:\UT2004\System\UT2004.exe"="E:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:0\UT2004\System\UT2004.exe"="C:0\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:1\UT2004\System\UT2004.exe"="C:1\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:2\UT2004\System\UT2004.exe"="C:2\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:3\UT2004\System\UT2004.exe"="C:3\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:4\UT2004\System\UT2004.exe"="C:4\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:5\UT2004\System\UT2004.exe"="C:5\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:6\UT2004\System\UT2004.exe"="C:6\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:9\UT2004\System\UT2004.exe"="C:9\UT2004\System\UT2004.exe:*:Enabled:UT2004"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\laucher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{099cd417-a0d1-11dd-994f-00c09ff40ed7}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e6e79c7-a2b3-11dd-995c-00c09ff40ed7}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-21 13:10:22 ----D---- C:\windows\ERUNT
2008-12-21 13:06:13 ----D---- C:\SDFix
2008-12-21 04:04:16 ----D---- C:\rsit
2008-12-21 03:51:47 ----A---- C:\windows\system32\Agent.OMZ.Fix.exe
2008-12-21 03:30:39 ----A---- C:\windows\system32\svch?st.exe
2008-12-21 03:30:38 ----A---- C:\Program Files\Common Files\7atc7y53.exe
2008-12-21 03:17:48 ----D---- C:\Avenger
2008-12-21 03:17:48 ----A---- C:\avenger.txt
2008-12-21 02:57:12 ----A---- C:\windows\ntbtlog.txt
2008-12-20 23:44:19 ----A---- C:\windows\system32\fccdbbab.dll
2008-12-20 23:38:01 ----A---- C:\windows\system32\pmnlmLFX.dll
2008-12-20 23:36:04 ----A---- C:\windows\system32\enatrl.dll
2008-12-20 23:36:03 ----A---- C:\windows\system32\ccmvpxah.dll
2008-12-20 23:35:35 ----A---- C:\windows\system32\cfcf3c98-.txt
2008-12-20 19:45:11 ----D---- C:\Program Files\Nuclear Coffee
2008-12-16 09:14:33 ----HDC---- C:\windows\$NtUninstallKB955839$
2008-12-16 00:18:14 ----HDC---- C:\windows\$NtUninstallKB952069_WM9$
2008-12-16 00:17:18 ----HDC---- C:\windows\$NtUninstallKB954600$
2008-12-16 00:17:08 ----HDC---- C:\windows\$NtUninstallKB956802$
2008-12-16 00:14:51 ----A---- C:\windows\SchedLgU.Txt
2008-12-14 00:11:51 ----D---- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-12-14 00:11:25 ----D---- C:\Program Files\SRS Labs
2008-12-09 19:29:41 ----D---- C:\Program Files\Channel4
2008-12-09 19:29:41 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-12-09 19:28:40 ----D---- C:\Documents and Settings\All Users\Application Data\Channel4
2008-12-08 08:22:40 ----A---- C:\windows\system32\javaws.exe
2008-12-08 08:22:40 ----A---- C:\windows\system32\javaw.exe
2008-12-08 08:22:40 ----A---- C:\windows\system32\java.exe
2008-12-06 22:13:26 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-12-06 22:10:19 ----A---- C:\Documents and Settings\Jat\Application Data\inst.exe
2008-12-06 22:10:18 ----D---- C:\Documents and Settings\Jat\Application Data\Vso
2008-12-06 22:10:12 ----A---- C:\windows\system32\Pncrt.dll
2008-12-06 22:10:12 ----A---- C:\windows\system32\drv43260.dll
2008-12-06 22:10:11 ----A---- C:\windows\system32\wvc1dmod.dll
2008-12-06 22:10:11 ----A---- C:\windows\system32\vp7vfw.dll
2008-12-06 22:10:11 ----A---- C:\windows\system32\drv33260.dll
2008-12-06 22:10:11 ----A---- C:\windows\system32\drv23260.dll
2008-12-06 22:10:11 ----A---- C:\windows\system32\cook3260.dll
2008-12-06 22:10:11 ----A---- C:\windows\gdiplus.dll
2008-12-06 22:10:09 ----D---- C:\Program Files\VSO
2008-11-29 12:51:25 ----D---- C:\Documents and Settings\Jat\Application Data\Publish Providers
2008-11-29 12:45:17 ----A---- C:\windows\system32\dbmsqlgc.dll
2008-11-29 12:45:17 ----A---- C:\windows\system32\dbmsgnet.dll
2008-11-29 12:44:48 ----D---- C:\Program Files\Microsoft SQL Server
2008-11-29 12:44:22 ----D---- C:\Documents and Settings\Jat\Application Data\Sony
2008-11-29 12:42:59 ----D---- C:\Program Files\Vstplugins
2008-11-29 12:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-11-29 12:42:33 ----D---- C:\Program Files\Sony
2008-11-29 12:41:41 ----D---- C:\Program Files\Sony Setup
2008-11-24 18:52:27 ----A---- C:\windows\system32\tmp.txt
2008-11-24 18:51:04 ----A---- C:\rapport.txt
2008-11-24 18:49:07 ----A---- C:\windows\system32\WS2Fix.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\VCCLSID.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\VACFix.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\swxcacls.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\swsc.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\swreg.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\SrchSTS.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\Process.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\o4Patch.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\IEDFix.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\IEDFix.C.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\dumphive.exe
2008-11-24 18:49:07 ----A---- C:\windows\system32\404Fix.exe
2008-11-22 17:38:39 ----A---- C:\windows\system32\aswBoot.exe
2008-11-22 17:38:37 ----D---- C:\Program Files\Alwil Software
2008-11-22 17:19:02 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-11-22 16:59:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 16:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-22 13:54:21 ----D---- C:\Program Files\MSN Messenger

======List of files/folders modified in the last 1 months======

2008-12-21 13:34:17 ----D---- C:\windows\Prefetch
2008-12-21 13:34:09 ----D---- C:\windows\system32
2008-12-21 13:32:59 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 13:23:29 ----D---- C:\windows\Temp
2008-12-21 13:11:50 ----RSHDC---- C:\windows\system32\dllcache
2008-12-21 13:10:22 ----D---- C:\WINDOWS
2008-12-21 13:08:42 ----D---- C:\windows\system32\CatRoot2
2008-12-21 03:45:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 03:42:39 ----RD---- C:\Program Files
2008-12-21 03:42:39 ----D---- C:\windows\system32\drivers
2008-12-21 03:30:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-21 03:30:38 ----D---- C:\Program Files\Common Files
2008-12-21 03:21:02 ----HD---- C:\windows\inf
2008-12-21 03:20:52 ----HD---- C:\windows\$hf_mig$
2008-12-21 00:49:11 ----D---- C:\windows\Debug
2008-12-21 00:48:28 ----D---- C:\Documents and Settings\Jat\Application Data\U3
2008-12-20 23:29:27 ----SD---- C:\windows\Tasks
2008-12-17 14:23:47 ----D---- C:\Documents and Settings\Jat\Application Data\IMVU
2008-12-16 09:32:42 ----D---- C:\windows\system32\dla
2008-12-16 09:14:28 ----SHD---- C:\windows\Installer
2008-12-16 09:14:08 ----A---- C:\windows\win.ini
2008-12-16 09:12:17 ----D---- C:\Program Files\Internet Explorer
2008-12-16 09:12:02 ----D---- C:\windows\ie7updates
2008-12-13 06:40:02 ----A---- C:\windows\system32\mshtml.dll
2008-12-09 23:24:37 ----A---- C:\windows\system32\MRT.exe
2008-12-08 08:22:34 ----D---- C:\Program Files\Java
2008-12-02 19:50:30 ----SD---- C:\Documents and Settings\Jat\Application Data\Microsoft
2008-11-29 12:45:26 ----A---- C:\windows\system32\PerfStringBackup.INI
2008-11-29 12:45:16 ----HD---- C:\Program Files\Uninstall Information
2008-11-29 12:44:18 ----RSD---- C:\windows\assembly
2008-11-29 12:37:25 ----RSD---- C:\windows\Fonts
2008-11-29 12:36:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-27 08:10:10 ----D---- C:\windows\system32\config
2008-11-25 20:17:58 ----D---- C:\Program Files\Windows Live
2008-11-22 13:54:30 ----DC---- C:\windows\system32\DRVSTORE
2008-11-22 13:54:25 ----D---- C:\windows\WinSxS
2008-11-22 09:31:21 ----D---- C:\windows\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\windows\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 sscdbhk5;sscdbhk5; C:\windows\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\windows\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\windows\system32\DRIVERS\AegisP.sys [2008-10-23 17801]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 drvnddm;drvnddm; C:\windows\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\windows\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\windows\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\windows\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\windows\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\windows\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\windows\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\windows\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\windows\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\windows\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\windows\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\windows\system32\DRIVERS\ar5211.sys [2005-05-25 465952]
R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\windows\system32\drivers\BoiHwSetup.sys [2005-06-11 5504]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\windows\system32\drivers\camc6aud.sys [2005-06-17 38144]
R3 CAMCHALA;CAMCHALA; C:\windows\system32\drivers\camc6hal.sys [2005-06-17 352000]
R3 catchme;catchme; \??\C:\DOCUME~1\Jat\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\windows\system32\DRIVERS\HSF_DPV.sys [2005-03-31 1034240]
R3 HSFHWATI;HSFHWATI; C:\windows\system32\DRIVERS\HSFHWATI.sys [2005-04-01 211200]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2008-12-06 47360]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\windows\system32\drivers\qkbfiltr.sys [2005-05-09 31360]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\windows\system32\drivers\qmofiltr.sys [2005-05-05 7936]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\windows\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\windows\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2004-10-08 185824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\windows\system32\DRIVERS\HSF_CNXT.sys [2005-03-31 714880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-07-07 36864]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\windows\system32\regedt32.exe [2004-08-04 3584]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

-----------------EOF-----------------

Edited by Jat90, 21 December 2008 - 08:37 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:01 PM

Posted 22 December 2008 - 01:37 PM

Closed per member request. Issue resolved.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users