slow laptop [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

slow laptop [RESOLVED]

Options

psychokilla View Member Profile	Sep 24 2008, 11:26 AM Post #1
Member Posts: 36 OS: xp home sp2	Hi there geeks just wondering would you please help, my laptop running very slow i ran adaware, spybot. The programs removed found 79 infections and only removed 72 it wont remove the last five maybe they keep laptop running slow i dont. It takes 10 mins for the laptop to start up approx 3-4 mins for programs to open and close. Just wondering if you can fix cheers psychokilla

Matt T View Member Profile	Sep 27 2008, 01:37 AM Post #2
GeekU Senior Posts: 620 From: New Zealand OS: Microsoft Windows XP Home Edition	Hi psychokilla, Welcome to the site! My name's Matt T and I'll be helping clean up your computer. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. Some instructions may need to be printed off or saved for reference during the fix as some of the steps required will be done in Safe Mode, and you'll be unable to access this thread at those times. To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here. To come back to this topic easily, please bookmark it. Please don't use any of the tools you download or try to fix your computer yourself without specific instruction. Some of them are dangerous and could damage your computer if used incorrectly. Please work through the fix in the order it's posted, if you can't complete a step, skip it and tell me in your next post. If there's anything you don't understand, you have a question, or you're unsure of the instructions please don't be afraid to ask and post here for clarification before proceeding with the fix. When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format \| Uncheck Word Wrap) Make sure you reply to this thread using the Add Reply button: Please read and follow all the instructions in this topic. When you're finished post back with the logs. Regards Matt

psychokilla View Member Profile	Sep 27 2008, 11:03 AM Post #3
Member Posts: 36 OS: xp home sp2	Hi mattT my boys called matt aswell anyway hope you have a gr8 time helping at geeksto go well this is my log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:58, on 27/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\keyhook.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\hphmon03.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FC5DFA6-AFDB-4986-A261-02714993F165} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: (no name) - {378B7B52-A065-4E98-BD8F-B3A5A181D898} - C:\WINDOWS\system32\mljjg.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\khfcabb.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\amie\LOCALS~1\Temp\winvsnet.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba250.exe O20 - Winlogon Notify: khfcabb - khfcabb.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe -- End of file - 9428 bytes

Matt T View Member Profile	Sep 28 2008, 04:32 PM Post #4
GeekU Senior Posts: 620 From: New Zealand OS: Microsoft Windows XP Home Edition	Hi psychokilla Do you have the log from Malware Bytes? If not please run Malware Bytes (instructions are in the topic I linked you to in my last post) and post the log. In Your Next Post: The log from Malware Bytes Regards, Matt

psychokilla View Member Profile	Sep 29 2008, 03:22 PM Post #5
Member Posts: 36 OS: xp home sp2	Malwarebytes' Anti-Malware 1.28 Database version: 1222 Windows 5.1.2600 Service Pack 3 29/09/2008 21:30:20 mbam-log-2008-09-29 (21-30-20).txt Scan type: Quick Scan Objects scanned: 49241 Time elapsed: 9 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 22 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 10 Files Infected: 33 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98663e21-9cce-4cf6-863c-911a9523a66f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfcabb (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98663e21-9cce-4cf6-863c-911a9523a66f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\pae_bho.pedev_ielistener (Adware.Popups) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\pae_bho.pedev_ielistener.1 (Adware.Popups) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e1412445-4ff8-410e-8d24-f2cf86b171a4} (Adware.Popups) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{39d37d53-eab9-4e04-9ac2-1d72f051590c} (Adware.Popups) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AVSystemCare (Rogue.AVSystemcare) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Delete on reboot. C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully. C:\Program Files\PeDevice (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\tmp (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\stat_archive (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\RABCO (Adware.RABCO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\amie\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\amie\Application Data\AVSystemCare (Rogue.AVSystemcare) -> Quarantined and deleted successfully. C:\Documents and Settings\amie\Application Data\AVSystemCare\Logs (Rogue.AVSystemcare) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\khfcabb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yyfvuewr.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nbjzjatu.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iplrfwmw.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxlhbytt.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yzqknucd.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tbbssqco.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nicmysrn.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully. C:\Program Files\Registry Defender\backup\07_10_2006.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\pedevPS.dll (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\Preparation.dll (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\communication.xml (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\Domain.Watchlist.txt (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\pae-options.xml (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\search.watchlist.txt (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\pae_url.xml (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\watchlist.xml (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\statistic.xml (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\tmp\tmp.html (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\PeDevice\tmp\last_popup_content.html (Adware.Popups) -> Quarantined and deleted successfully. C:\Program Files\RABCO\Setup.log (Adware.RABCO) -> Quarantined and deleted successfully. C:\Program Files\RABCO\un_RABCOSetup_16230.txt (Adware.RABCO) -> Quarantined and deleted successfully. C:\Program Files\RABCO\RABCOse.original (Adware.RABCO) -> Quarantined and deleted successfully. C:\Program Files\RABCO\X_RABCOse.log (Adware.RABCO) -> Quarantined and deleted successfully. C:\Program Files\RABCO\RABCOse.info (Adware.RABCO) -> Quarantined and deleted successfully. C:\Documents and Settings\amie\Application Data\AVSystemCare\Logs\threats.log (Rogue.AVSystemcare) -> Quarantined and deleted successfully. C:\Documents and Settings\amie\Application Data\AVSystemCare\Logs\update.log (Rogue.AVSystemcare) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully. hi matt thanks log above hope this is all at the mo

Matt T View Member Profile	Oct 1 2008, 02:59 AM Post #6
GeekU Senior Posts: 620 From: New Zealand OS: Microsoft Windows XP Home Edition	Hi psychokilla, 1) VundoFix Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click Yes Once you click Yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. 2) HijackThis Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {1FC5DFA6-AFDB-4986-A261-02714993F165} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: (no name) - {378B7B52-A065-4E98-BD8F-B3A5A181D898} - C:\WINDOWS\system32\mljjg.dll (file missing) O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\khfcabb.dll (file missing) O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\amie\LOCALS~1\Temp\winvsnet.exe" O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba250.exe O20 - Winlogon Notify: khfcabb - khfcabb.dll (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. 3) RSIT Download Random's System Information Tool (RSIT) by Random/Random to your Desktop Double click on RSIT.exe to run RSIT Click Continue at the Disclaimer Screen Once it has completed, two logs will open. Please post the contents of both log.txt (which will be maximized/open) and info.txt (which will be minimized/closed) You might have to spread the logs over a couple of replies to get them both posted In Your Next Post: The log from Vundofix The log from RSIT Regards, Matt This post has been edited by Matt T: Oct 1 2008, 03:02 AM

psychokilla View Member Profile	Oct 1 2008, 01:11 PM Post #7
Member Posts: 36 OS: xp home sp2	hi matt no log from vundo fix to send did not generate one, guess clear here is the other log only one log i think, hope this is enough Logfile of random's system information tool 1.04 (written by random/random) Run by amie at 2008-10-01 19:59:59 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 1 GB (8%) free of 17 GB Total RAM: 189 MB (12% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:00:13, on 01/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\hphmon03.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\amie\Local Settings\Temporary Internet Files\Content.IE5\QKGKZPL5\RSIT[1].exe C:\Program Files\Trend Micro\HijackThis\amie.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9847 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-21 734704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-09-28 262144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-09-28 262144] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=Alaunch [] "SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-02-25 49152] "SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-03-28 315392] "eRecoveryService"=C:\Windows\System32\Check.exe [2005-03-23 245760] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2003-01-30 196608] "HPHmon03"=C:\WINDOWS\system32\hphmon03.exe [2003-01-30 311296] "LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-12-04 79224] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-02-23 77824] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "AS00_Gear511"=C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe [2004-12-03 475136] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-15 68856] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{98663E21-9CCE-4CF6-863C-911A9523A66F}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\mljjg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\StubInstaller.exe"="C:\StubInstaller.exe::Enabled:LimeWire swarmed installer" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\MSN Messenger\msrr.exe"="C:\Program Files\MSN Messenger\msrr.exe::Enabled:MSN Messenger" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\MsnMsgr.Exe"="C:\Program Files\MSN Messenger\MsnMsgr.Exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe::Enabled:Azureus" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe::Enabled:Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\MsnMsgr.Exe"="C:\Program Files\MSN Messenger\MsnMsgr.Exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2008-10-01 19:57:52 ----D---- C:\rsit 2008-10-01 19:20:00 ----D---- C:\VundoFix Backups 2008-10-01 19:20:00 ----A---- C:\VundoFix.txt 2008-09-29 21:34:09 ----D---- C:\Avenger 2008-09-29 21:06:27 ----D---- C:\Documents and Settings\amie\Application Data\Malwarebytes 2008-09-29 21:06:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-29 21:06:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-29 21:05:36 ----D---- C:\Program Files\Common Files\Download Manager 2008-09-28 15:42:25 ----D---- C:\Documents and Settings\amie\Application Data\WinRAR 2008-09-28 15:38:55 ----D---- C:\Program Files\WinRAR 2008-09-28 15:02:37 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus 2008-09-28 15:01:52 ----D---- C:\Documents and Settings\amie\Application Data\Azureus 2008-09-28 15:00:36 ----D---- C:\Program Files\AskSBar 2008-09-28 14:58:25 ----D---- C:\Program Files\Vuze 2008-09-27 20:23:11 ----HD---- C:\WINDOWS\$NtUninstallWdf01005$ 2008-09-27 20:15:44 ----D---- C:\Documents and Settings\amie\Application Data\PC Suite 2008-09-27 20:15:40 ----D---- C:\Documents and Settings\amie\Application Data\Nokia 2008-09-27 20:15:32 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-09-27 20:08:28 ----D---- C:\Program Files\Common Files\PCSuite 2008-09-27 20:07:19 ----D---- C:\Program Files\Common Files\Nokia 2008-09-27 20:01:33 ----D---- C:\Program Files\DIFX 2008-09-27 20:00:36 ----D---- C:\Program Files\PC Connectivity Solution 2008-09-27 20:00:14 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-09-27 20:00:14 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll 2008-09-27 20:00:03 ----A---- C:\WINDOWS\system32\nmwcdcls.dll 2008-09-27 20:00:00 ----D---- C:\Program Files\Nokia 2008-09-27 19:53:30 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2008-09-27 17:57:07 ----D---- C:\Program Files\Trend Micro 2008-09-27 07:08:04 ----A---- C:\WINDOWS\system32\javaws.exe 2008-09-27 07:08:04 ----A---- C:\WINDOWS\system32\javaw.exe 2008-09-27 07:08:03 ----A---- C:\WINDOWS\system32\java.exe 2008-09-26 06:57:18 ----HD---- C:\WINDOWS\$NtUninstallKB951978$ 2008-09-24 22:32:40 ----D---- C:\WINDOWS\Prefetch 2008-09-24 22:18:39 ----HD---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-24 22:17:14 ----HD---- C:\WINDOWS\$NtUninstallKB946648$ 2008-09-24 22:15:27 ----HD---- C:\WINDOWS\$NtUninstallKB952287$ 2008-09-24 22:12:16 ----HD---- C:\WINDOWS\$NtUninstallKB951066$ 2008-09-24 22:10:51 ----HD---- C:\WINDOWS\$NtUninstallKB952954$ 2008-09-24 22:09:25 ----HD---- C:\WINDOWS\$NtUninstallKB950974$ 2008-09-24 22:07:55 ----HD---- C:\WINDOWS\$NtUninstallKB951748$ 2008-09-24 22:06:30 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-09-24 22:05:07 ----HD---- C:\WINDOWS\$NtUninstallKB950762$ 2008-09-24 22:03:34 ----HD---- C:\WINDOWS\$NtUninstallKB951376$ 2008-09-24 22:01:53 ----HD---- C:\WINDOWS\$NtUninstallKB951698$ 2008-09-24 21:49:58 ----D---- C:\WINDOWS\system32\scripting 2008-09-24 21:49:54 ----D---- C:\WINDOWS\l2schemas 2008-09-24 21:49:52 ----D---- C:\WINDOWS\system32\en 2008-09-24 21:49:51 ----D---- C:\WINDOWS\system32\bits 2008-09-24 21:45:37 ----D---- C:\WINDOWS\ServicePackFiles 2008-09-24 21:30:35 ----HD---- C:\WINDOWS\$NtServicePackUninstall$ 2008-09-24 21:30:00 ----D---- C:\WINDOWS\EHome 2008-09-22 22:39:47 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-09-22 22:39:45 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-09-22 22:39:37 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-22 22:39:37 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-09-22 22:39:33 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-09-22 22:39:33 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-09-22 22:39:31 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-09-22 22:39:29 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-09-22 22:39:23 ----N---- C:\WINDOWS\system32\azroles.dll 2008-09-22 22:39:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-09-22 22:39:19 ----N---- C:\WINDOWS\system32\napstat.exe 2008-09-22 22:39:19 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-09-22 22:39:18 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-09-22 22:39:15 ----N---- C:\WINDOWS\system32\mssha.dll 2008-09-22 22:39:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-09-22 22:39:12 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-09-22 22:39:11 ----N---- C:\WINDOWS\system32\qagent.dll 2008-09-22 22:39:11 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-09-22 22:39:11 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-09-22 22:39:08 ----N---- C:\WINDOWS\system32\onex.dll 2008-09-22 22:39:08 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-09-22 22:38:46 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-09-22 22:38:37 ----N---- C:\WINDOWS\system32\qutil.dll 2008-09-22 22:38:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-09-22 22:38:33 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-09-22 22:38:25 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-09-22 22:38:25 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-09-22 22:38:21 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-09-22 22:38:18 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-09-22 22:38:15 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-09-22 22:38:13 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-09-22 22:38:11 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-09-22 22:38:04 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-09-22 22:38:03 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-09-22 22:37:58 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-09-22 22:37:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-09-22 22:37:57 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-09-22 22:37:54 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-09-22 22:37:50 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-09-22 22:37:49 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-09-22 22:37:47 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-09-22 22:37:47 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-09-22 22:37:45 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-09-22 22:37:44 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-09-22 22:37:39 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-09-22 22:37:38 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-09-22 22:37:37 ----N---- C:\WINDOWS\system32\setupn.exe 2008-09-22 22:37:22 ----N---- C:\WINDOWS\system32\credssp.dll 2008-09-22 22:37:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-09-22 22:37:12 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2008-09-22 22:37:08 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-09-22 22:37:00 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-09-22 22:37:00 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-09-22 22:36:59 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-09-22 22:36:58 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-09-22 22:36:56 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-09-22 22:36:28 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-09-22 22:36:23 ----N---- C:\WINDOWS\system32\mplay32.exe 2008-09-22 22:36:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2008-09-22 22:35:01 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-09-22 22:34:48 ----N---- C:\WINDOWS\system32\slgen.dll 2008-09-22 22:34:36 ----N---- C:\WINDOWS\system32\faxpatch.exe 2008-09-22 22:34:34 ----N---- C:\WINDOWS\system32\slserv.exe 2008-09-22 22:34:33 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-09-22 22:34:30 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-09-22 22:34:28 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-09-22 22:34:24 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-09-22 22:34:24 ----N---- C:\WINDOWS\slrundll.exe 2008-09-22 22:34:23 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-09-22 22:34:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-09-22 22:34:19 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-09-22 22:34:18 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-09-22 22:34:17 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-09-22 22:34:06 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-09-22 22:34:06 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-09-22 22:33:40 ----A---- C:\WINDOWS\002844_.tmp 2008-09-22 21:28:43 ----D---- C:\Program Files\Lavasoft 2008-09-22 21:28:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-22 21:26:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-21 16:09:52 ----SHD---- C:\FOUND.130 2008-09-12 07:49:22 ----SHD---- C:\FOUND.129 2008-09-12 07:14:13 ----HD---- C:\WINDOWS\$NtUninstallKB938464_0$ 2008-09-11 20:37:10 ----SHD---- C:\FOUND.128 2008-09-02 19:30:58 ----SHD---- C:\FOUND.127 ======List of files/folders modified in the last 1 months====== 2008-09-30 19:58:18 ----A---- C:\WINDOWS\system32\eRLog.ini 2008-09-29 23:02:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-09-26 06:57:38 ----A---- C:\WINDOWS\imsins.BAK 2008-09-24 22:41:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-09-24 22:35:52 ----A---- C:\WINDOWS\OEWABLog.txt 2008-09-24 22:31:46 ----A---- C:\WINDOWS\setuplog.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-12-04 26624] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-12-04 42912] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-12-04 94544] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-12-26 15781] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-12-04 23152] R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS [] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208] R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 200576] R3 int15.sys;int15.sys; \??\C:\Program Files\acer\eRecovery\int15.sys [] R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\wg511nd5.sys [2004-08-13 395840] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-12-26 6144] R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2003-01-30 50800] S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2003-01-30 16112] S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2003-01-30 50211] S3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2003-01-30 18864] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-22 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-12-04 17272] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-12-04 140664] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-12-04 247160] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-12-04 345464] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-05 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HPHipm09.exe [2003-01-30 77824] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF-----------------

Matt T View Member Profile	Oct 2 2008, 12:08 AM Post #8
GeekU Senior Posts: 620 From: New Zealand OS: Microsoft Windows XP Home Edition	Hi psychokilla, The log from Vundofix should be located here: C:\vundofix.txt. Can you please see if it is there, if it is post it, if not tell me. Regards, Matt

psychokilla